For compliance to be effective you need the ability to: (1) demonstrate that you have met your obligations in the past, (2) meet your obligations today, and (3) meet your obligations tomorrow (and every day thereafter).
This requires an architecture that is both resilient and adaptive to change over time.
Current cloud based architectures are in many cases evolutionary. While this makes change easier, they also suffer in the same way as evolution does in nature (i.e. it is always changing). Each day we read about new platforms that in some cases replace, but in many cases discard what was already there. You might call this survival of the fittest.
Companies looking to put their compliance data and processes into the cloud need something more enduring. This is what good architecture provides and something that has been lacking as technology marches on towards something new and shiny.
Before you decide to lift and shift your compliance to the cloud, you may want to consider the following:
Does the technology platform meet all your compliance standards?
Does the platform allow you to tailor processes to meet your higher standards?
Do you maintain ownership of your compliance data or is it being monetized by the provider?
Is your compliance data adequately protected and secure?
What are the risks to you and your stakeholders should your compliance data be breached?
Can you transfer your data to another platform and resume operations without loss of compliance?
