Threat Stack Blog and Cloud Security News

Continuous security monitoring for your cloud.

Meeting Compliance in the Cloud ≠ A Choice

by Michal Ferguson Apr 20, 2017 10:46:41 AM

Meeting Compliance in the Cloud Blog Banner.png

In the past, we’ve talked about various ways that compliance can add value to your business. But what happens when you don’t attain or maintain compliance. (Note: In the following, we focus on PCI, but equally unpleasant consequences can result, of course, if you fail to meet other standards such as HIPAA, SOC 2, etc.).

Meeting Compliance ≠ A Choice

Did you know that:

  • 80% of businesses fail their interim PCI compliance assessments? (Source: Verizon’s 2015 Data Breach Incident Report)

  • Organizations that suffer data breaches also tend to have lower than normal compliance with PCI DSS standards (Source: According to Verizon’s 2015 Data Breach Incident Report). In other words, if your compliance posture isn’t up to PCI snuff, there’s a better chance you’ll get hit with a business-impacting breach.

  • 69% of consumers don’t want to do business with an organization that has been breached.

  • PCI breaches tend to be worse in scale than other types of information breaches (like PHI or PII), according to the 2016 Verizon DBIR.

  • Though PCI breaches account for just 27% of incidents, the median number of records lost is 53,100 (compare that with 1,000 for PHI and 761 for PII).

It’s pretty clear that it has never been more important for organizations to get compliance right.

(For a discussion of what can happen if you’re not HIPAA compliant, take a look at Can You Afford to NOT be HIPAA Compliant.)

So What’s the Remedy?

Navigating compliance can be tricky. But in the experience of many of our customers, it all starts with a PRIMER:

  • Planning
  • Risk Assessment
  • Control Maturity Assessment
  • Expert Relationships

There’s More! Compliance Webinar: Ask the Auditor & Customer

Is compliance a priority for you?

Join our upcoming webinar, hosted by Chris Gervais, Threat Stack’s VP of Engineering, and featuring Kevin Eberman, MineralTree’s Director of Ops along with Ryan Buckner, Principal and Auditor with Schellman.

Topics will include:

  • The technical requirements unique to achieving compliance in the cloud
  • Recommended steps to ensure a successful, low-pain process
  • Common pitfalls that organizations like MineralTree and yours may encounter during the compliance process

And, of course, the discussion will be open so our listeners can ask their own specific questions.

If you’re looking to gain more clarity, this webinar will give you a 360 degree view of this vital and complex topic.

Please join us at 12:00 Noon ET on Tuesday, April 25. You can find full webinar details here.

Register Now

Topics: HIPAA, SOC 2, Compliance in the Cloud, PCI Compliance

Michal Ferguson

Written by Michal Ferguson

As Director of Demand Generation at Threat Stack and a tech & security lover, Michal spends her days finding valuable ways to match Threat Stack’s cloud-based security solution with its ideal customers. Prior to Threat Stack, Michal held marketing management positions at CloudLock (acquired by Cisco), VKernel (acquired by Quest Software, then Dell), and Onaro (acquired by NetApp).

Subscribe via email:

Posts by Topic

see all