Once hailed as a secure perimeter for regulatory compliance, the cloud is now being re-examined through a more skeptical lens. As digital infrastructures evolve, so do the risks—raising questions about whether the cloud still shields firms or simply reshapes their exposure. The answer may lie in how firms reframe their approach to governance in the era of everything-as-a-service.
We’re living in an age of increasing risks, and with such risks, businesses are being required to consistently reassess how the technologies these technologies operate within their ecosystem. Do they remain a net positive, or are they becoming a bigger challenge to the organisation?
In the view of Stacey English, director of regulatory intelligence at Theta Lake, the cloud is ‘absolutely central’ to modern compliance, particularly as firms are increasingly relying on cloud-based communications platforms such as Slack, Teams and Zoom to engage and work with customers.
She said, “These platforms not only operate in the cloud but also require cloud-based compliance solutions—for communications capture, archiving, search, and risk detection—to meet regulatory obligations effectively. Leveraging the cloud for these capabilities delivers significant advantages, including scalability, global consistency, and the ability to enforce security and compliance controls uniformly across complex, distributed environments.”
Despite this, English admits that the benefits of cloud-based platforms must be matched with rigorous oversight and validation of controls.
She detailed, “At Theta Lake, independently audited frameworks like SOC 2 Type II, ISO 27001, HIPAA, PCI DSS, and TruSight are essential for providing customers with comprehensive assurance. These annual audits test controls around role-based access, encryption in transit and at rest, business continuity and disaster recovery, incident response, and more.”
English remarked that transparency – a key tenet in any organisation – plays a critical role, with the firm’s trust center giving customers access to valuable documentation, including penetration test results, architectural diagrams, API security standards and legal and regulatory disclosures.
“Capabilities like Bring Your Own Key (BYOK) and Bring Your Own Storage (BYOS) further enhance the security and compliance posture by reinforcing customer control over data ownership and portability within the cloud,” she concluded.
Read the full article here
