Who is Responsible for Cloud Security Compliance?

There are numerous benefits to cloud computing. Backing up important data makes it easily accessible to everyone in your company and frees up space on your servers. If you store sensitive data online, you should have concerns about cloud security and who is responsible for protecting your client data and adhering to HIPAA, PCI or Sarbanes-Oxley regulations.

Determining if cloud storage solutions adhere to compliance requirements is difficult, as many don't state their privacy policies. Here is a guide to help navigate these difficult waters.


Improper handling of client information can harm reputations and lead to a loss of business. Companies with mandates for handling client data in a regulated way must learn how secure a cloud service is and what regulations the provider complies with. If a company has not specifically said they comply with certain regulations, it’s safe to assume they do not.

Who is responsible?

Cloud security is vital when handling sensitive data, but whose responsibility is it? Many services fail to provide detailed information in their privacy policy, possibly to lower their liability. The safe choice is not to use thos services. Hopefully with time, cloud storage and sharing will become better self-regulated and corporations will elect to disclose their individual practices to the businesses they serve. Ultimately, as there is no current law that states that companies must divulge how tight their security is, the responsibility is in your hands. You must weigh the advantages and disadvantages of cloud storage to decide if it’s right for your business.

Terminal's expert staff can help you determine if a cloud service meets your compliance requirements, and can help you find an accetible option. Contact us for more information.