If your organization deals with regulated data such as credit card or health data, then you know how difficult of an undertaking compliance is. Not only did you face huge upfront costs to assess and meet governing compliance standards such as HIPAA or PCI DSS, but also ongoing costs in order to maintain compliance with these stringent standards, which often require annual third party certifications.
And while the upfront compliance costs are usually anticipated and budgeted, many organizations underestimate the significant cost of maintaining compliance, which can reach hundreds of thousands or even millions of dollars as enterprises struggle to keep up with ever-changing regulations that require ongoing investments in new technologies and expertise. As one small example, last year’s 3.1 release of the Payment Card Industry Data Security Standard (PCI DSS) has merchants and other organizations that handle payment card data under the gun to migrate from SSL and early cryptographic protocols to newer, more secure protocols such as TLS 1.2.
Further keeping your Chief Security Officer and/or Chief Compliance Officer up at night are the massive consequences of non-compliance. Breaches as a result of non-compliance can result in fines, lawsuits, lost revenue, and a severely damaged reputation. Just ask Target whose 2014 fourth-quarter profits dropped $440 million as a result of a large-scale credit card breach. Or health insurer giant, Anthem, who is facing more than 50 class-action lawsuits as a result of a 2015 customer data breach.
So considering the huge cost of compliance (and non-compliance), it’s clearly in your organization’s best interests to align as many data initiatives as possible in support of compliance—starting with your data integration operations. Data integration operations are a natural complement to your compliance objectives as they are responsible for all the heavy lifting when it comes to storing and moving data across the enterprise.
If your data integration operations are managed in-house, as they likely are, then all the compliance costs, burdens, and liabilities mentioned above also fall squarely on your organization’s shoulders. Every new application, trading partner, or change in data configuration must be accounted for in your compliance strategy—no easy feat when both the amount of data and number of applications organizations must deal with are growing exponentially.
But what if your data integration operations weren’t managed on-premises? What if they were managed instead in the cloud by a third-party integration provider—what would that look like from a compliance perspective? Well, imagine that your organization needs to integrate data between two cloud applications. Under a managed services cloud integration approach, such as that offered by Liaison’s Data Platform as a Service (dPaaS) solution, your integration provider will import the cloud application data onto its platform, perform the necessary transformations, and then export it back to the cloud applications in a secure and compliant manner. The data never touches your network, reducing your burden and scope of compliance. Multiply this by any number of other applications, data streams, and other activities that make up the bulk of your data integration operations and, all of a sudden, you’ve handed off a significant portion of your compliance burden to your trusted integration partner. Not a bad deal.
Obviously, you still need to ensure that your integration provider is committed to protecting your data assets and has the necessary compliance certifications to prove it. But barring that, there’s no reason not to take advantage of the universal benefits of cloud service delivery—scalability, ease of use, lower cost, faster innovation, built-in expertise, and up-to-date technology—to both improve your data integration operations and reduce your compliance scope, all in one fell swoop.