This blog post is the last in a series of blog posts in which we focus on multiple facets of migrating PeopleSoft to the Cloud. We take a look from various angles like technology, compliancy, approach and the value for your business. Today we take a look on satisfying compliance and regulations while running PeopleSoft from the Cloud.
The Cloud is ready for PeopleSoft. Learn if you are ready for the Cloud.
Satisfying compliance
No one truly likes the topic of this blog, but when thinking of moving PeopleSoft to the cloud it is nevertheless an important one. While in my previous blog posts we focused on the possibilities of moving PeopleSoft to the Cloud, in this chapter we focus on the compliance and regulatory side of such a venture.
The Cloud three unity
As we learned from the preceding blog posts, there are only three viable options when talking about running PeopleSoft from the Cloud. We can either run PeopleSoft on Oracle Cloud Infrastructure (OCI); Microsoft Azure or Amazon Web Services (AWS). Other options will quickly lead to situations that are either unsupported, not certified, not compliant with license restrictions or any combination of them. So, for the remainder of this blog post we will focus only on those three hyperscalers that provide a viable option for running PeopleSoft from the Cloud.
Governance and compliance
All, for PeopleSoft applicable, hyperscalers offer, at least some, compliance certifications and tools to help organizations meet regulatory requirements. Depending on the industry you’re in these can be highly crucial for your decision whether or not to move to the Cloud.
Different industries and regions have specific regulations governing data storage, privacy, and security. It’s crucial to ensure that your Cloud venture is in compliance with the regulations that are applicable to you. Examples include the General Data Protection Regulation (GDPR) in Europe; the Health Insurance Portability and Accountability Act (HIPAA) in US healthcare; the Payment Card Industry Data Security Standard (PCI DSS) in the payments industry and System and Organization Controls (SOC) 2 for service organizations.
Shared Responsibility Model
It is important to understand that governance and compliancy are more complicated in the Cloud than in the classic on-premise world. All public Cloud providers work with a shared responsibility model. Under this model the Cloud provider takes responsibility for some compliancy related aspects, however the responsibility for the majority of the compliance aspects lies with you, the customer or end-user. All Cloud providers expect you to make sure that your data is protected in accordance with the governance and compliance frameworks that are applicable to your business.
Sovereign Clouds
Laws and regulations differ between countries and regions. This may impact your ability to move PeopleSoft to the Cloud while you still need to be in compliance with the rules and regulations that affect your business. To counter this issue all, for PeopleSoft, relevant hyperscalers introduced specific Cloud offerings that deliver some form of sovereignty.
A sovereign Cloud denotes a Cloud computing infrastructure that is specifically tailored to store the data of your business within the borders of a specific country or region. Here, data, along with its metadata, resides on servers situated within the confines of your country or region, ensuring adherence to domestic regulations and safeguarding against foreign intrusion.
Oracle EU Sovereign Cloud
To accommodate EU data protection and sovereignty requirements Oracle introduced, with the start of summer 2023, its Oracle EU Sovereign Cloud as a dedicated version of Oracle Cloud Infrastructure (OCI) for all EU countries.
The Oracle EU Sovereign Cloud is designed to adhere EU laws and regulations by implementing provisions as:
- Complete segregation from other OCI-regions
- All organisational entities are located in the EU
- Support and operations from the EU
- Al staff located within the EU and restricted to EU residents
- Additional data protection measures for access from outside the EU
- Dedicated data centres in Frankfurt, Germany and Madrid, Spain.
Oracle EU Sovereign Cloud offers about 100 of the same services, costs and Service Level Agreement (SLA) as with the public Oracle Cloud Infrastructure (OCI) offering.
Microsoft Cloud for Sovereignity
In its attempt to accommodate sovereignty in Azure, Microsoft introduced its Cloud for Sovereignty solution mid-2022. Unlike the approach taken by Oracle, the solution from Microsoft is entirely policy based. There are no really segregated Azure-regions nor dedicated data centres.
With the start of 2023, Microsoft also introduced the EU Data Boundary Initiative which allows to define a geographically defined boundary within Microsoft has committed to store and process customer data.
Some examples of out-of-the-box policies, that help you to enforce compliance and are offered by Microsoft under its Cloud for Sovereignty solution, are the following:
- General: Sovereignty Baseline
- European Union: EU GDPR
- Netherlands: Baseline Informatiebeveiliging Overheid (BIO)
- Germany: IT-Grundschutz
- United Kingdom: Government Cloud (G-Cloud).
AWS European Sovereign
Amazon announced in October 2023 that it will launch a EU Sovereign version of Amazon Web Services (AWS). The approach chosen by Amazon is more like Oracle’s. Amazon designs the AWS European Sovereign Cloud to be separate and independent from their existing regions with a first dedicated data centre in Frankfurt, Germany. Also all staff will be based on EU residents and located within the EU. Currently there is no general availability (GA) date set for AWS European Sovereign.
Outsourcing regulations
Besides the more data and privacy protection related regulations that may impact your possibilities to go to the Cloud with PeopleSoft, also moving PeopleSoft to the Cloud means that you are outsourcing (some of) your activities. And this outsourcing itself may be bound to its own set of rules and regulations. Thus, it’s even so crucial to ensure that your Cloud venture is in compliance with regulations governing outsourcing activities. For example the EU Directive 2009/138/EC (Solvency II) in Europe enforces specific restrictions on outsourcing. Other legislative and governing bodies may also impose their own guidelines and restrictions that may be applicable to your business.
Can we help you?
Moving PeopleSoft to the Cloud is a major decision for your organisation. It comprises risks but it can also bring a wealth of benefits to your business. At Blis Digital we can help you to make your Cloud transition as smooth as possible.
The Cloud is here to stay. Make the switch with Blis Digital.