Cloud computing raises compliance and security questions for any company -- public, private, large, small, or anywhere in between. These questions include "Where does my data reside for purposes of determining which laws and regulations apply?" "Does my cloud provider have the necessary tools and processes in place to protect my data?" and "Who is responsible for preserving/retrieving data for purposes of litigation?"
For the most part, if the questions raised are explicitly addressed in tthe company's service-level agreement with the cloud provider so that both parties know which is responsible for what, there should not be many compliance problems. However, as Internet Evolution writer and Transworld Data CEO Mary Shacklett points out, if the IT departments within those companies step up and take ownership of the decision to move certain processes to the cloud, as well as which vendor to use, the risk decreases even more.
To that end, Shacklett sets out additional things IT should be willing to consider when it comes to cloud computing:
But the most important thing, she says, is to get IT involved before contracts are signed with the service provider. That way you can make sure all the bases are covered before you get started rather than trying to backtrack and reactively "Band-Aid" the problem areas.