Baking Compliance into Cloud: Art or Science?

Speaker:  Ashish Kundu – San Jose, CA, United States
Topic(s):  Information Systems, Search, Information Retrieval, Database Systems, Data Mining, Data Science


With the (obvious) evolution of cloud from being a compute-centric infrastructure to a data-and-compute-centric infrastructure, more and more enterprises are bringing their data to cloud in search of a balance between analytics, cost, performance, security, and compliance. The enterprises are bringing (or ready to bring) in terabytes of healthcare, finance, and education data to the data-and-compute-centric cloud platforms, with the hope that cloud shall act as a panacea. Such enterprise data include highly sensitive and private data that are governed under several IT regulatory compliance regimes: HIPAA, FERPA, PCI/DSS, FedRAMP, and so on. A bitter truth to be told is: security and compliance (yes, in that order) for cloud suffer from "tragedy of the commons". We all know what a single breach of such data can do, or do we?
As enterprises host regulatory data and applications on the cloud, it is essential for both the cloud vendors and the enterprises to manage both compliance, security and privacy in a holistic manner -- especially after a staggering 187 cases of healthcare breaches, and breaches of 112 Million healthcare records in the IT/Healthcare industry during just six months in a year.  This talk focuses on regulatory compliance for healthcare (HIPAA, GxP) as well as FERPA for education workload and explores how such a holistic strategy can be implemented. 
With that we would get to the hard question -- is baking regulatory compliance requirements into the cloud such as HIPAA for a health cloud an art or science?  

About this Lecture

Number of Slides:  30
Duration:  60 minutes
Languages Available:  English
Last Updated: 

Request this Lecture

To request this particular lecture, please complete this online form.

Request a Tour

To request a tour with this speaker, please complete this online form.

All requests will be sent to ACM headquarters for review.