What is Cloud Compliance? Best Practices & Challenges

<!DOCTYPE html> <html class="no-js" lang="en" dir="ltr"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" charset="utf-8" /> <meta http-equiv="x-ua-compatible" content="ie=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <link rel="preload" href="//opt.rapid7.com/edge-client/v1/13222550/21485331595" referrerpolicy="no-referrer-when-downgrade" as="script"> <link rel="preconnect" href="//logx.optimizely.com"> <title>What is Cloud Compliance? Best Practices & Challenges | Rapid7</title> <meta property="og:url" content="https://www.rapid7.com/fundamentals/cloud-compliance/" /> <link rel="canonical" href="https://www.rapid7.com/fundamentals/cloud-compliance/" /> <link rel="alternate" href="https://www.rapid7.com/de/cybersecurity-grundlagen/cloud-compliance/" hreflang="de" /> <link rel="alternate" href="https://www.rapid7.com/fundamentals/cloud-compliance/" hreflang="en" /> <link rel="alternate" href="https://www.rapid7.com/ja/fundamentals/cloud-compliance/" hreflang="ja" /> <meta name="robots" content="index, follow" /> <meta name="title" content="What is Cloud Compliance? Best Practices & Challenges | Rapid7" /> <meta name="description" content="Achieve cloud compliance with ease! Explore best practices to tackle cloud compliance challenges while adhering to common cloud regulations & standards." /> <meta property="og:title" content="What is Cloud Compliance? Best Practices & Challenges | Rapid7" /> <meta property="og:image" content="https://www.rapid7.com/globalassets/rapid7-og.jpg" /> <meta name="twitter:image" content="https://www.rapid7.com/globalassets/rapid7-og.jpg" /> <meta name="twitter:title" content="What is Cloud Compliance? Best Practices & Challenges | Rapid7"> <meta name="twitter:card" content="summary_large_image"> <meta property="og:site_name" content="Rapid7" /> <meta property="og:description" content="Achieve cloud compliance with ease! Explore best practices to tackle cloud compliance challenges while adhering to common cloud regulations & standards." /> <link rel="stylesheet" href="/includes/css/all.min.css?cb=1738175921178"> <link rel="stylesheet" href="/includes/css/bundles/shared/cards.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/pages/page.fundamentals-detail.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/partials/sidebar-menu.min.css?cb=1738175921178" /> <link rel="stylesheet" href="/includes/css/bundles/blocks/block.multi-feature-card-block.min.css?cb=1738175921178" /> <meta name="facetcat" content="r7" /> <script> var gIp = {"countryIsoCode":null,"subdivisionIsoCode":null,"continentIsoCode":null}; window.dataLayer = window.dataLayer || []; window.dataLayer.push({ 'conversionType': 'secondary', }); window.dataLayer.push({ 'auth': false }); window.dataLayer.push({ 'ip': '' }); window.dataLayer.push({ 'isTrialUser': false, 'isCustomer': false }); </script> <script src="https://opt.rapid7.com/edge-client/v1/13222550/21485331595" referrerpolicy="no-referrer-when-downgrade"></script> <script> (function (w, d, s, l, i) { w[l] = w[l] || []; w[l].push({ 'gtm.start': new Date().getTime(), event: 'gtm.js' }); var f = d.getElementsByTagName(s)[0], j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src = 'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f); })(window, document, 'script', 'dataLayer', 'GTM-WBTPTVC');</script> <link rel="icon" type="image/x-icon" href="/includes/img/favicon.ico"> <link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=Mulish:wght@800;900&family=Roboto:wght@300;400;700"> <link rel="preload" href="/includes/fonts/FFGoodProCompressedBlack/FFGoodProCompressedBlack.woff2" as="font" type="font/woff2" crossorigin="anonymous" /> <link rel="preload" href="/includes/fonts/FFGoodProCompressedBlack/FFGoodProCompressedBlack.woff" as="font" type="font/woff" crossorigin="anonymous" /> <script src="https://code.jquery.com/jquery-3.6.4.min.js" integrity="sha256-oP6HI9z1XaZNBrJURtCoUT5SUnxFr8s3BzRl+cbzUq8=" crossorigin="anonymous"></script> <script src="/includes/js/populateCountryState.js"></script> </head> <body id="fundamentals-detail" class="pg-id-46622 cerberus bg-diffdots-and-spiral-pattern" data-page="46622">  <noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-WBTPTVC" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript>  <div id="__"></div>  <div class="off-canvas-wrapper"> <div class="off-canvas-wrapper-inner" data-off-canvas-wrapper> <div id="r7-global-nav"> <header class="r7-nav mobile show-main--init "><section class="search-bar search-bar--mobile hide animate-out"><form action="/search"><div class="container flex flex-jc-c flex-ai-c"><div class="search-content flex flex-jc-fs flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><a id="btnSearchCloseMobile" class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></div></div></form></section><div class="search-overlay search-overlay--mobile overlay "></div><nav class="main-nav "><div class="container flex flex-jc-sb flex-ai-c"><div class="flex flex-jc-c flex-ai-c"><a class="main-nav__toggle"><i class="r7-icon text-white"></i></a></div><a class="main-nav__logo flex flex-jc-c flex-ai-c text-center" href="https://www.rapid7.com/" target=""><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a><a class="search flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify text-white"></i></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="f2676a51-ab6b-4a68-ad21-27238033917b">Platform</a><div id="f2676a51-ab6b-4a68-ad21-27238033917b" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="/platform/" class="button" aria-role="button">Explore</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="/info/ai-hub-page/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/products/" aria-role="button" aria-haspopup="dialog" aria-controls="6fffe8af-7e38-4c7b-a167-17fb37770115">Products</a><div id="6fffe8af-7e38-4c7b-a167-17fb37770115" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Exposure Command</div><div class="dropdown-footer-subtitle">Take Command of Your Attack Surface</div></div><div class="dropdown-button column-pad"><a href="/products/command/request-demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/services/" aria-role="button" aria-haspopup="dialog" aria-controls="1ba6191d-8722-4966-9031-e7d4efb81248">Services</a><div id="1ba6191d-8722-4966-9031-e7d4efb81248" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/services/managed-services/vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="/services/managed-services/managed-appsec/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="/services/security-consulting/penetration-testing-services/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="2bab6e2d-3b67-46bf-b7c8-bcfa9c031288">Resources</a><div id="2bab6e2d-3b67-46bf-b7c8-bcfa9c031288" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&utm_medium=website&utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="/about/events-webcasts/"><div class="dropdown-text">Events & Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="08a421c6-b59b-4cb3-aa21-fee7bc0e6079">Company</a><div id="08a421c6-b59b-4cb3-aa21-fee7bc0e6079" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM & BOARD</div></div></a></li><li class="dropdown-item"><a href="/about/news/"><div class="dropdown-text">News & Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY & CULTURE</li><li class="dropdown-item"><a href="/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT & APPROACH</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity & Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT & ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="/partners/" aria-role="button" aria-haspopup="" aria-controls="ffa5b26c-d283-4e20-970f-e6f21aeb9e02">Partners</a></li><li class="dropdown main-nav__link main-nav__link--sep"><a href="#" class="dropdown-trigger has-toggle ">en</a><div class="dropdown-content right-align"><ul class="dropdown-menu"><li class="dropdown-item selected"><a href="#">English</a></li><li class="dropdown-item "><a href="/de/cybersecurity-grundlagen/cloud-compliance/">Deutsch</a></li><li class="dropdown-item "><a href="/ja/fundamentals/cloud-compliance/">日本語</a></li></ul></div></li><li class="main-nav__link"><a href="https://insight.rapid7.com/saml/SSO" class="has-icon"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/> Sign In</a></li></ul></div></nav><nav class="sub-nav container flex flex-ai-c"><div class="sub-nav__title"><a href="#__" title=""></a></div><a class="button button--primary" href="/products/insightcloudsec/#form">Request Demo</a></nav></header><div class="dropdown-overlay overlay false"></div><header class="r7-nav stuck show-main--init "><nav class="main-nav"><div class="container flex flex-jc-sb flex-ai-c"><div class="main-nav__logo"><a class="flex" href="https://www.rapid7.com/" target=""><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo.svg" alt="Rapid7 Home"/></a></div><div class="main-nav__links flex flex-jc-c"><ul><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="f2676a51-ab6b-4a68-ad21-27238033917b">Platform</a><div id="f2676a51-ab6b-4a68-ad21-27238033917b" class="dropdown-content two-col" role="dialog" aria-labelledby="Platform"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">TECHNOLOGY</div><div class="dropdown-footer-title">The Rapid7 Command Platform</div><div class="dropdown-footer-subtitle">AI-Powered Cybersecurity Platform</div></div><div class="dropdown-button column-pad"><a href="/platform/" class="button" aria-role="button">Explore</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">PLATFORM</li><li class="dropdown-item"><a href="/platform/"><div class="dropdown-text">Platform<div class="dropdown-category">ELITE TECHNOLOGY</div></div></a></li><li class="dropdown-item"><a href="/info/ai-hub-page/"><div class="dropdown-text">AI-Engine<div class="dropdown-category">INTELLIGENT TOOLS</div></div></a></li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">Rapid7 Labs<div class="dropdown-category">TRUSTED INTELLIGENCE</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">SOLUTIONS</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed Threat Complete<div class="dropdown-category">MANAGED XDR</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Surface Command<div class="dropdown-category">ATTACK SURFACE MANAGEMENT</div></div></a></li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Command<div class="dropdown-category">EXPOSURE MANAGEMENT</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/products/" aria-role="button" aria-haspopup="dialog" aria-controls="6fffe8af-7e38-4c7b-a167-17fb37770115">Products</a><div id="6fffe8af-7e38-4c7b-a167-17fb37770115" class="dropdown-content two-col" role="dialog" aria-labelledby="Products"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW!</div><div class="dropdown-footer-title">Exposure Command</div><div class="dropdown-footer-subtitle">Take Command of Your Attack Surface</div></div><div class="dropdown-button column-pad"><a href="/products/command/request-demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/products/insightidr/"><div class="dropdown-text">Next-Gen SIEM<div class="dropdown-category">INSIGHTIDR</div></div></a></li><li class="dropdown-item"><a href="/products/threat-command/"><div class="dropdown-text">Threat Intelligence<div class="dropdown-category">THREAT COMMAND</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/products/command/exposure-management/"><div class="dropdown-text">Exposure Management<div class="dropdown-category">EXPOSURE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/command/attack-surface-management-asm/"><div class="dropdown-text">Attack Surface Management<div class="dropdown-category">SURFACE COMMAND</div></div></a></li><li class="dropdown-item"><a href="/products/insightvm/"><div class="dropdown-text">Vulnerability Management<div class="dropdown-category">INSIGHTVM</div></div></a></li><li class="dropdown-item"><a href="/products/insightcloudsec/"><div class="dropdown-text">Cloud-Native Application Protection<div class="dropdown-category">INSIGHTCLOUDSEC</div></div></a></li><li class="dropdown-item"><a href="/products/insightappsec/"><div class="dropdown-text">Application Security Testing<div class="dropdown-category">INSIGHTAPPSEC</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/services/" aria-role="button" aria-haspopup="dialog" aria-controls="1ba6191d-8722-4966-9031-e7d4efb81248">Services</a><div id="1ba6191d-8722-4966-9031-e7d4efb81248" class="dropdown-content two-col" role="dialog" aria-labelledby="Services"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">MXDR</div><div class="dropdown-footer-title">Managed Threat Complete</div><div class="dropdown-footer-subtitle">24x7 MXDR to secure your extended ecosystem</div></div><div class="dropdown-button column-pad"><a href="/services/managed-detection-and-response-mdr/demo/" class="button" aria-role="button">Request Demo</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">DETECTION & RESPONSE</li><li class="dropdown-item"><a href="/services/managed-detection-and-response-mdr/"><div class="dropdown-text">Managed XDR<div class="dropdown-category">MANAGED THREAT COMPLETE</div></div></a></li><li class="dropdown-item"><a href="/services/incident-response-customer-escalation/"><div class="dropdown-text">Incident Response Services<div class="dropdown-category">EXPERIENCING A BREACH?</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">EXPOSURE MANAGEMENT</li><li class="dropdown-item"><a href="/services/managed-services/vulnerability-management/"><div class="dropdown-text">Managed Vulnerability Management<div class="dropdown-category">OPTIMIZED RISK ASSESSMENT</div></div></a></li><li class="dropdown-item"><a href="/services/managed-services/managed-appsec/"><div class="dropdown-text">Managed Application Security<div class="dropdown-category">MANAGED DAST</div></div></a></li><li class="dropdown-item"><a href="/services/continuous-red-team-service/"><div class="dropdown-text">Continuous Red Teaming<div class="dropdown-category">VECTOR COMMAND</div></div></a></li><li class="dropdown-item"><a href="/services/security-consulting/penetration-testing-services/"><div class="dropdown-text">Penetration Testing Services<div class="dropdown-category">TEST YOUR DEFENSES</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="" aria-role="button" aria-haspopup="dialog" aria-controls="2bab6e2d-3b67-46bf-b7c8-bcfa9c031288">Resources</a><div id="2bab6e2d-3b67-46bf-b7c8-bcfa9c031288" class="dropdown-content two-col" role="dialog" aria-labelledby="Resources"><div class="dropdown-view-all"><ul class="dropdown-footer"><li class="dropdown-item"><div class="dropdown-text column-pad"><div class="dropdown-footer-pretitle">NEW</div><div class="dropdown-footer-title">The Take Command Summit is back!</div><div class="dropdown-footer-subtitle">Our largest virtual event returns Apr. 9</div></div><div class="dropdown-button column-pad"><a href="https://rapid7.brighttalk.com/?utm_source=referral&utm_medium=website&utm_campaign=global-pla-take-command-summit-prospect-eng" class="button" aria-role="button">Register</a></div></li></ul></div><ul class="dropdown-menu"><li class="dropdown-title">STAY CURRENT</li><li class="dropdown-item"><a href="/research/"><div class="dropdown-text">About Rapid7 Labs<div class="dropdown-category">MEET THE RESEARCH TEAM</div></div></a></li><li class="dropdown-item"><a href="/about/events-webcasts/"><div class="dropdown-text">Events & Webinars<div class="dropdown-category">CATCH US LIVE</div></div></a></li><li class="dropdown-item"><a href="/resources/"><div class="dropdown-text">Resources Library<div class="dropdown-category">DIVE INTO THE DETAILS</div></div></a></li><li class="dropdown-item"><a href="/blog/"><div class="dropdown-text">The Rapid7 Blog<div class="dropdown-category">STAY UP-TO-DATE</div></div></a></li><li class="dropdown-item"><a href="/db/"><div class="dropdown-text">Exploit Database<div class="dropdown-category">SEARCH THOUSANDS OF CVES</div></div></a></li><li class="dropdown-item"><a href="/fundamentals/"><div class="dropdown-text">Cybersecurity Fundamentals<div class="dropdown-category">LEARN THE BASICS</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">PRODUCT SUPPORT</li><li class="dropdown-item"><a href="/contact/"><div class="dropdown-text">Contact Sales<div class="dropdown-category">TALK TO AN EXPERT</div></div></a></li><li class="dropdown-item"><a href="/for-customers/"><div class="dropdown-text">Customer Support Portal<div class="dropdown-category">CONTACT SUPPORT</div></div></a></li><li class="dropdown-item"><a href="https://extensions.rapid7.com/"><div class="dropdown-text">Product Integrations<div class="dropdown-category">CONNECT EVERYTHING</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/"><div class="dropdown-text">Product Documentation<div class="dropdown-category">PRODUCT AND SERVICES GUIDES</div></div></a></li><li class="dropdown-item"><a href="https://docs.rapid7.com/release-notes/"><div class="dropdown-text">Product Release Notes<div class="dropdown-category">LATEST FEATURES</div></div></a></li><li class="dropdown-item"><a href="/product-tours/"><div class="dropdown-text">Interactive Product Tours<div class="dropdown-category">TAKE TOUR</div></div></a></li></ul></div></li><li class="main-nav__link dropdown "><a class="dropdown-trigger has-toggle" href="/about/company/" aria-role="button" aria-haspopup="dialog" aria-controls="08a421c6-b59b-4cb3-aa21-fee7bc0e6079">Company</a><div id="08a421c6-b59b-4cb3-aa21-fee7bc0e6079" class="dropdown-content two-col" role="dialog" aria-labelledby="Company"><ul class="dropdown-menu"><li class="dropdown-title">OVERVIEW</li><li class="dropdown-item"><a href="/about/company/"><div class="dropdown-text">About Us<div class="dropdown-category">OUR STORY</div></div></a></li><li class="dropdown-item"><a href="/about/leadership/"><div class="dropdown-text">Leadership<div class="dropdown-category">EXECUTIVE TEAM & BOARD</div></div></a></li><li class="dropdown-item"><a href="/about/news/"><div class="dropdown-text">News & Press Releases<div class="dropdown-category">THE LATEST FROM OUR NEWSROOM</div></div></a></li><li class="dropdown-item"><a href="https://careers.rapid7.com/"><div class="dropdown-text">Careers<div class="dropdown-category">JOIN RAPID7</div></div></a></li><li class="dropdown-item"><a href="/customers/"><div class="dropdown-text">Our Customers<div class="dropdown-category">Their Success Stories</div></div></a></li><li class="dropdown-item"><a href="/partners/"><div class="dropdown-text">Partners<div class="dropdown-category">Rapid7 Partner Ecosystem</div></div></a></li><li class="dropdown-item"><a href="https://investors.rapid7.com/"><div class="dropdown-text">Investors<div class="dropdown-category">Investor Relations</div></div></a></li></ul><ul class="dropdown-menu"><li class="dropdown-title">COMMUNITY & CULTURE</li><li class="dropdown-item"><a href="/about/social-good/"><div class="dropdown-text">Social Good<div class="dropdown-category">OUR COMMITMENT & APPROACH</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-foundation/"><div class="dropdown-text">Rapid7 Cybersecurity Foundation<div class="dropdown-category">BUILDING THE FUTURE</div></div></a></li><li class="dropdown-item"><a href="/about/diversity-equity-and-inclusion/"><div class="dropdown-text">Diversity, Equity & Inclusion<div class="dropdown-category">EMPOWERING PEOPLE</div></div></a></li><li class="dropdown-item"><a href="/open-source/"><div class="dropdown-text">Open Source<div class="dropdown-category">STRENGTHENING CYBERSECURITY</div></div></a></li><li class="dropdown-item"><a href="/about/public-policy/"><div class="dropdown-text">Public Policy<div class="dropdown-category">ENGAGEMENT & ADVOCACY</div></div></a></li><li class="dropdown-item"><a href="/about/rapid7-cybersecurity-partner-boston-bruins/"><div class="dropdown-text">Boston Bruins<div class="dropdown-category">Our Partnership</div></div></a></li></ul></div></li><li class="main-nav__link "><a class="" href="/partners/" aria-role="button" aria-haspopup="" aria-controls="ffa5b26c-d283-4e20-970f-e6f21aeb9e02">Partners</a></li></ul></div><div class="main-nav__utility"><ul><li class="dropdown language"><a href="#" class="dropdown-trigger has-toggle ">en</a><div class="dropdown-content right-align"><ul class="dropdown-menu"><li class="dropdown-item selected"><a href="#">English</a></li><li class="dropdown-item "><a href="/de/cybersecurity-grundlagen/cloud-compliance/">Deutsch</a></li><li class="dropdown-item "><a href="/ja/fundamentals/cloud-compliance/">日本語</a></li></ul></div></li><li class="signin"><a href="https://insight.rapid7.com/saml/SSO"><img src="/Areas/Docs/includes/img/r7-nav/icon-lock.svg" alt=""/>Sign In</a></li></ul></div></div></nav><section class="search-bar hide"><div class="container flex flex-jc-c flex-ai-c"><form action="/search" class="search-content flex flex-jc-c flex-ai-c"><i class="r7-icon r7-icon-search-magnify"></i><input type="search" class="search-input" name="q" autoComplete="off" placeholder="Search"/><input type="submit" class="search-submit button blue" value="Search"/><a class="search-close"><i class="r7-icon r7-icon-delete-x"></i></a></form></div></section><div class="search-overlay overlay "></div><nav class="sub-nav sub-nav--no-items"><div class="container flex flex-jc-sb"><a class="logo circle-button" href="https://www.rapid7.com/"><img src="/Areas/Docs/includes/img/r7-nav/Rapid7_logo-short.svg" alt="Rapid7 logo"/></a><div class="sub-nav__links flex"><ul class="flex flex-ai-c"><li class="sub-nav__title"><a href="#__" title=""></a></li></ul></div><div class="sub-nav__utility"><a class="search" role="button" tabindex="0"><i class="r7-icon r7-icon-search-magnify"></i></a><a class="button button--primary" href="/products/insightcloudsec/#form">Request Demo</a><a class="to-top circle-button" tabindex="0"><i class="r7-icon r7-icon-arrow-chevron-up-solid"></i></a></div></div></nav></header> </div> <div class="off-canvas-content" data-off-canvas-content> <div id="menuOverlay" class="reveal-overlay"></div> <section class="longHero"> <div class="breadcrumbs__wrapper "> <div class="breadcrumbs__content"> <ul class="breadcrumbs"> <li><a href="/">Home</a></li> <li><a href="/fundamentals/">Fundamentals</a></li> <li><strong>Cloud Compliance</strong></li> </ul> </div> </div> <div class="fundamentals-hero"> <div class="grid-container"> <div class="grid-x grid-padding-x grid-padding-y align-middle"> <div class="fundamentals-hero__content text-left small-12 medium-10 medium-offset-1 large-5 cell"> <div> <h1 style="background-image:url(https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg)">Cloud Compliance</h1> <p>Learn how to maintain the speed of cloud operations in the face of regulatory complexities. </p> <a href="/products/insightcloudsec/" class="button btn-primary mdBtn"> Explore InsightCloudSec </a> </div> </div> <div class="text-left small-12 medium-10 medium-offset-1 large-5 large-offset-0 cell"> <div class="fundamentals-hero__overview"> <p class="small header">Topic Overview</p> <ul> <li> <a class="font-size-p-small" href="#whatiscloudcompliance">What is Cloud Compliance?</a> </li> <li> <a class="font-size-p-small" href="#commoncloudregulationsandstandards">Common Cloud Regulations and Standards</a> </li> <li> <a class="font-size-p-small" href="#challengesofcloudcompliance">Challenges of Cloud Compliance</a> </li> <li> <a class="font-size-p-small" href="#cloudcompliancebestpractices">Cloud Compliance Best Practices</a> </li> </ul> </div> </div> </div> <div class="grid-x grid-padding-x"> <div class="text-left small-12 medium-10 medium-offset-1 cell fundamentals-hero__divider"><hr /></div> </div> </div> </div> </section> <div class="pageContent"> <div class="grid-container"> <div class="fundamentals-content grid-x grid-padding-x grid-padding-y"> <div class="text-left small-12 medium-10 medium-offset-1 large-3 cell"> <aside class="sidebar-menu"> <span class="sidebar-menu__toc--toggle r7-expansion-toggle collapse">Related Topics</span> <div class="sidebar-menu__toc--content r7-expansion-content collapse"> <span class="heading">Governance, Risk, and Compliance</span> <ul> <li> <a href="/fundamentals/compliance-regulatory-frameworks/">Compliance and Regulatory Frameworks</a> </li> <li> <a href="/fundamentals/cloud-compliance/">Cloud Compliance</a> </li> <li> <a href="/fundamentals/nist-frameworks/">NIST Cybersecurity Frameworks</a> </li> <li> <a href="/fundamentals/gdpr/">General Data Protection Regulation (GDPR)</a> </li> <li> <a href="/fundamentals/cis-critical-security-controls/">CIS Critical Security Controls</a> </li> <li> <a href="/fundamentals/nydfs-cybersecurity-regulation/">NYDFS Cybersecurity Regulation</a> </li> <li> <a href="/fundamentals/soc-report/">SOC Reports</a> </li> <li> <a href="/fundamentals/zero-trust-security/">Zero Trust Security</a> </li> <li> <a href="/fundamentals/shared-responsibility-model/">Shared Responsibility Model</a> </li> <li> <a href="/fundamentals/cloud-risk-management/">Cloud Risk Management</a> </li> <li> <a href="/fundamentals/information-security-risk-management/">Information Security Risk Management (ISRM)</a> </li> <li> <a href="/fundamentals/what-is-cybersecurity-risk-management/">Cybersecurity Risk Management</a> </li> <li> <a href="/fundamentals/third-party-risk-management-tprm/">Third Party Risk Management (TPRM)</a> </li> </ul> </div> </aside> <div class="fundamentals-content__sidebar show-for-large"> <hr /> <div id="sideDarkCtaBlock" class="ctaBlock primary bgBlueGreenLinearGradient"> <div class="ctaBlock__title"> <h5> The 2024 Gartner® Market Guide for CNAPP </h5> </div> <div class="ctaBlock__content"> <p class="small">For security leaders looking to strengthen cloud security strategies.</p> <a class="btn-primary button smBtn" href="/info/gartner-market-guide-for-cnapp/" id="darkSideCtaPrimaryBtn"> Read Now </a> </div> </div> </div> </div> <div class="text-left small-12 medium-offset-1 medium-10 large-offset-0 large-7 cell"> <div class="fundamentals-content__intro"> <h2 id="whatiscloudcompliance">What is Cloud Compliance?</h2> <p>Cloud compliance – or cloud security compliance – is the process of ensuring cloud environments, and the operations that occur within them, adhere to specific <a href="/solutions/compliance/">regulatory standards</a> affecting the industry in which a business is operating. There are typically a number of cloud compliance standards to which a business must align, and it is incumbent upon security compliance personnel to configure and use cloud services in a way that complies with the applicable directives contained within the <a href="/solutions/compliance/csa-ccm/">Cloud Security Alliance Cloud Controls Matrix (CSA CCM)</a>.</p> <p>According to the Cloud Security Alliance, “the CCM can be used as a tool for the systematic assessment of a cloud implementation, and provides guidance on which security controls should be implemented by which actor within the cloud supply chain.” Therefore, depending on the industry a company is engaged in, there are powerful pre-existing frameworks teams can follow to ensure they stay compliant as the majority of their operations move into the cloud.</p> <p><a href="/blog/post/2022/12/14/cloud-audit-compliance-automation/">Automating cloud compliance</a> wherever possible is necessary in today’s environments, especially in heavily regulated sectors like healthcare, financial services, and energy. Worthwhile cloud compliance tools should be able to detect compliance drift from the specified organizational standards and quickly reset environments to an overall “state of good.” This not only saves time and money, but can lower the chances of getting run afoul of regulatory bodies.</p> </div> <div class="fundamentals-content__contentRegion1"> <h2 id="commoncloudregulationsandstandards">Common Cloud Regulations and Standards</h2> <p>From state/territory-specific to nationally recognized compliance standards affecting multiple industries, there are many legally required – and some heavily suggested – regulatory frameworks out there. Let’s take a look at some of the more commonly known standards to which a wide swath of overall global commerce must adhere:</p> <h3>Center for Information Security (CIS) Benchmarks</h3> <p>These benchmarks are created by the Center for Internet Security (CIS), a not-for-profit organization that helps organizations improve their security and compliance programs. The CIS aims to create community-developed security configuration baselines, or <a href="/solutions/compliance/cis-benchmarks/">CIS Benchmarks</a>, for IT and Security products. The benchmarks span applications, cloud-computing platforms, operating systems, and much more.</p> <h3>General Data Protection Regulation (GDPR)</h3> <p>The EU <a href="/fundamentals/gdpr/">General Data Protection Regulation (GDPR)</a> requires the protection of personal data of EU citizens, regardless of the geographic location of the organization or the data. This includes technical and organizational measures that are regularly updated to ensure the amount of security is appropriate to the current level of risk.</p> <h3>Federal Risk and Authorization Management Program (FedRAMP)</h3> <p>The Federal Risk and Authorization Management Program (FedRAMP) is a US federal government initiative that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud services. FedRAMP’s aim is for companies to leverage modern cloud solutions and technologies safely and securely – particularly where federal information is involved.</p> <h3>Service and Organization Controls (SOC) 2 Reporting</h3> <p>This particular standard comes from the <a href="https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report">American Institute of CPAs (AICPA)</a>, and defines reporting guidelines for how businesses should manage customer data. These reports can help organizations manage vendor supply chains, implement risk management processes, and more. They are aimed at a wide swath of stakeholders and should contain digestible, standardized language.</p> <h3>Health Insurance Portability and Accountability Act (HIPAA)</h3> <p>The <a href="/solutions/compliance/hipaa/">Health Insurance Portability and Accountability Act (HIPAA)</a> requires businesses that handle patient medical records and other protected health information (PHI) to effectively safeguard that information against security breaches. The HIPAA Security Rule details administrative, technical, and physical controls for electronic PHI (ePHI). Due to the sensitive nature of the data the standard covers, the US government required compliance with the security rule in 2005. Of particular note, HIPAA Part 2 was issued in 2022 and essentially protects “records of the identity, diagnosis, prognosis, or treatment of any patient which are maintained in connection with the performance of any program or activity relating to substance abuse education prevention, training, treatment, rehabilitation, or research, which is conducted, regulated, or directly or indirectly assisted by any department or agency of the United States.”</p> <h3>ISO/IEC 27001</h3> <p>ISO/IEC 27001 is a cloud security compliance management standard jointly published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). <a href="https://www.iso.org/standard/27001">ISO/IEC 27001</a> specifies security management best practices and comprehensive security controls for information security management systems. It is an optional standard that some organizations choose to implement, both to benefit from the best practices it contains and to reassure customers that a comprehensive risk management solution is in place.</p> <p>To take that last point a bit further, it’s often a good idea for an organization to take a compliance program a step beyond what’s required, instituting additional measures specific to their business needs and unique environment. Building these types of custom guidelines to overlay onto existing compliance programs is a proactive measure that will yield benefits beyond simply remaining compliant to the required regulations.</p> <h2 id="challengesofcloudcompliance">Challenges of Cloud Compliance</h2> <p>Things have changed from the days of old when cloud operations were novel and no one understood the complexity of tuning those operations to their specific organization or remaining in compliance with regulatory standards of the day. However, there are complexities to be aware of that come with the many benefits of a move to cloud operations.</p> <h3>Poor data visibility</h3> <p>As an organization undergoes a “great transformation” into cloud operations, a key challenge is a lack of unified visibility across its environments. This issue can and does also extend to human users, as far as keeping track of who has access to data, where they can access it, and how frequently they’re doing so.</p> <h3>Greater chance of breaches</h3> <p>Cloud breaches are most commonly caused by misconfigurations. Gartner has even noted that 95% of cybersecurity breaches are caused by cloud configuration errors. Some are caused by humans, others happen because there is an assumption that defaults in the platform will catch issues, and still others come from the desire to make resources easier to access. Organizations must implement controls to prevent or detect and remediate these errors to avoid a data breach.</p> <h3>Certifications and attestations</h3> <p>Oftentimes, third-party auditors must attest to the controls an organization has put in place that help it align with certain regulatory standards. Upon request, organizations must provide letters of attestation from those third parties that validate secure cloud operations practices, as well as certifications that they meet certain sector-specific regulatory standards. Certifications are typically good for several years, while attestations speak more to the continuous and ongoing nature of compliance.</p> <h3>Cloud complexity</h3> <p>Accelerating into the cloud without caution often brings complexities that can cause more harm than good. Cloud environments are extremely ephemeral, while legacy/on-prem systems are much less so. When an organization accelerates into the cloud, they often don’t know exactly what to do with those legacy systems, but they still have to be managed. This is where things can get tricky for a DevOps team. Making things even more complex are exemptions – a resource or workload that is exempt from a given standard. The lack of a mechanism to exempt a resource can lead to many false positives that could cause unwanted and costly disruptions.</p> <h2 id="cloudcompliancebestpractices">Cloud Compliance Best Practices</h2> <p>Let’s now take a look at some best practices and overall good hygiene that can counteract some of the bigger challenges in aligning to regulatory standards and maintaining compliance in the cloud.</p> <h3>Encryption</h3> <p><a href="/fundamentals/data-encryption/">Data encryption</a> transforms the original format of the data into something that is unreadable. Services like <a href="/fundamentals/what-is-google-cloud-platform-gcp-security/">Google Cloud Platform (GCP)</a> always automatically encrypt customer data after it is received, but before it is written to disk and actually stored. Another example is that of credential encryption by cloud security providers; there are often several layers of decryption that must occur before those credentials can be used.</p> <h3>Principle of least privilege</h3> <p>Speaking of credentials, the principle of <a href="/fundamentals/what-is-least-privilege-access-lpa/">least privileged access (LPA)</a> ensures that access is granted to only the humans or programs that absolutely need to work on a specific task in the cloud. Solutions leveraging LPA will typically employ automation to tighten or loosen permissions based on the user's role.</p> <h3>Zero trust</h3> <p>Implementing the concept of <a href="/fundamentals/zero-trust-security/">zero trust</a> is a handy way to help keep a cloud environment ultra secure. Every human, endpoint, mobile device, server, network component, network connection, application workload, business process, and flow of data is inherently untrusted. They each must be continuously authenticated and authorized as each transaction is performed, and all actions must be auditable in real time and after the fact.</p> <h3>Well-architected frameworks</h3> <p>The principle of a well-architected framework in cloud operations essentially contends that there should be an agreed-upon approach for stakeholders to implement and evaluate a cloud architecture that best suits their business needs and priorities. The <a href="https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=desc&wa-guidance-whitepapers.sort-by=item.additionalFields.sortDate&wa-guidance-whitepapers.sort-order=desc">AWS Well-Architected Framework</a> is perhaps the most well-known example of this principle, and enables customers to identify high-risk issues.</p> <h3>Read More About Cloud Security & Compliance</h3> <p><a href="/info/cloud-misconfigurations-research-report/">2022 Cloud Misconfigurations Report: Latest Cloud Security Breaches and Attack Trends</a></p> <p><a href="/blog/tag/compliance/">Compliance: Latest News from the Blog</a></p> </div> </div> </div> </div> <section class="multi-feature-card-block__carousel" data-block-name="Multi-Feature Card Block"> <div class="grid-container"> <div class="grid-x grid-padding-x grid-padding-y text-center"> <div class="small-12 medium-10 medium-offset-1 cell"> <h2>Related Topics</h2> </div> </div> <div class="grid-x grid-padding-x"> <div class="small-12 medium-10 medium-offset-1 cell"> <div class="multi-feature-card-block__carousel-slider"> <a href="/fundamentals/information-security-risk-management/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Information Security Risk Management</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/soc-report/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Service Organization Controls (SOC) Reports</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/what-is-cybersecurity-risk-management/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Cybersecurity Risk Management</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/zero-trust-security/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Zero Trust Security</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/nydfs-cybersecurity-regulation/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>NYDFS Cybersecurity Regulation</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/cis-critical-security-controls/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>CIS Critical Security Controls</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/shared-responsibility-model/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Shared Responsibility Model</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/cloud-risk-management/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Cloud Risk Management</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/nist-frameworks/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>NIST Cybersecurity Frameworks</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/compliance-regulatory-frameworks/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Compliance and Regulatory Frameworks</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/third-party-risk-management-tprm/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>Third Party Risk Management (TPRM)</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> <a href="/fundamentals/gdpr/" class="card__standard w-icon " data-card-height="" style="background-image: url('https://www.rapid7.com/globalassets/_icons/fundamentals/governance-risk-and-compliance.svg');"> <div class="inner-content"> <div class="inner-content__txt"> <h4>General Data Protection Regulation (GDPR)</h4> <span class="card-separator"></span> <div class="subtext">Governance, Risk, and Compliance</div> </div> <span class="btn-tertiary button smBtn">Read Topic</span> </div> </a> </div> </div> </div> <div class="grid-x grid-padding-x grid-padding-y text-center block-cta"> <div class="cell small-12"> <a href="/fundamentals/" class="button mdBtn btn-primary hide-for-large">View More Topics</a> <a href="/fundamentals/" class="button lgBtn btn-primary show-for-large">View More Topics</a> </div> </div> </div> </section> </div> <footer > <section class="search-scroll"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="medium-5 medium-offset-1 cell footer__search"> <form action="/search/"> <label for="search" class="sr-only">Search</label> <input class="sb-search-input" placeholder="Search all the things" type="search" value="" name="q" id="search"> <input class="sb-search-submit" type="submit" value="Submit Search" alt="Search all the things"> </form> </div> <div class="medium-5 cell footer__scroll"> <a href="#__" class="smooth"> <span>BACK TO TOP</span> <picture><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/up-arrow-lightgray.png?format=webp&width=1200&quality=90 1200w, /includes/img/up-arrow-lightgray.png?format=webp&width=1024&quality=90 1024w, /includes/img/up-arrow-lightgray.png?format=webp&width=640&quality=90 640w, /includes/img/up-arrow-lightgray.png?format=webp&width=480&quality=90 480w" type="image/webp" /><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/up-arrow-lightgray.png?width=1200 1200w, /includes/img/up-arrow-lightgray.png?width=1024 1024w, /includes/img/up-arrow-lightgray.png?width=640 640w, /includes/img/up-arrow-lightgray.png?width=480 480w" /><img alt="" decoding="async" loading="lazy" src="/includes/img/up-arrow-lightgray.png?width=1200" /></picture> </a> </div> </div> </div> </section> <div class="grid-container"> <section class="footer__links grid-x grid-padding-x"> <div class="medium-10 medium-offset-1 cell footer__links-wrapper"> <div class="footer__links-col"> <div class="footer__links-section footer__contact"> <a href="/"> <picture><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/Rapid7_logo.svg?format=webp&width=1200&quality=90 1200w, /includes/img/Rapid7_logo.svg?format=webp&width=1024&quality=90 1024w, /includes/img/Rapid7_logo.svg?format=webp&width=640&quality=90 640w, /includes/img/Rapid7_logo.svg?format=webp&width=480&quality=90 480w" type="image/webp" /><source sizes="(max-width: 480px) 100vw, (max-width: 640px) 95vw, (max-width: 1024px) 95vw, 90vw" srcset="/includes/img/Rapid7_logo.svg?width=1200&quality=90 1200w, /includes/img/Rapid7_logo.svg?width=1024&quality=90 1024w, /includes/img/Rapid7_logo.svg?width=640&quality=90 640w, /includes/img/Rapid7_logo.svg?width=480&quality=90 480w" /><img alt="Rapid7 logo" class="logo" decoding="async" loading="lazy" src="/includes/img/Rapid7_logo.svg?width=1200&quality=90" /></picture> </a> <div class="footer__links-title">CUSTOMER SUPPORT</div> <a class="link" href="tel:1-866-390-8113">+1-866-390-8113 (Toll Free)</a> <div class="footer__links-title">SALES SUPPORT</div> <a class="link" href="tel:866-772-7437">+1-866-772-7437 (Toll Free)</a> <div class="footer__breach"> <div class="footer__breach-title">Need to report an Escalation or a Breach?</div> <div class="footer__breach-contact"> <a aria-role="button" href="/services/incident-response-customer-escalation/" class="button mdBtn btn-primary r7-icon-lightning-bolt">Get Help</a> </div> </div> </div> <div class="footer__links-section footer__solutions"> <div class="footer__links-title">SOLUTIONS</div> <a class="link" href="/platform/">The Command Platform</a> <a class="link" href="/products/command/exposure-management/">Exposure Command</a> <a class="link" href="/services/managed-detection-and-response-mdr/">Managed Threat Complete</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__support"> <div class="footer__links-title">SUPPORT & RESOURCES</div> <a class="link" href="https://www.rapid7.com/for-customers/">Product Support</a> <a class="link" href="https://www.rapid7.com/resources/">Resource Library</a> <a class="link" href="https://www.rapid7.com/customers/">Our Customers</a> <a class="link" href="https://www.rapid7.com/about/events-webcasts/">Events & Webcasts</a> <a class="link" href="https://www.rapid7.com/services/training-certification/">Training & Certification</a> <a class="link" href="https://www.rapid7.com/fundamentals/">Cybersecurity Fundamentals</a> <a class="link" href="https://www.rapid7.com/db/">Vulnerability & Exploit Database</a> </div> <div class="footer__links-section footer__about"> <div class="footer__links-title">ABOUT US</div> <a class="link" href="https://www.rapid7.com/about/company/">Company</a> <a class="link" href="https://www.rapid7.com/about/diversity-equity-and-inclusion/">Diversity, Equity, and Inclusion</a> <a class="link" href="https://www.rapid7.com/about/leadership/">Leadership</a> <a class="link" href="https://www.rapid7.com/about/news/">News & Press Releases</a> <a class="link" href="https://www.rapid7.com/about/public-policy/">Public Policy</a> <a class="link" href="https://www.rapid7.com/open-source/">Open Source</a> <a class="link" href="https://investors.rapid7.com/overview/default.aspx">Investors</a> </div> </div> <div class="footer__links-col"> <div class="footer__links-section footer__connect"> <div class="footer__links-title">CONNECT WITH US</div> <a class="link" href="https://www.rapid7.com/contact/">Contact</a> <a class="link" href="https://www.rapid7.com/blog/">Blog</a> <a class="link" href="https://insight.rapid7.com/login">Support Login</a> <a class="link" href="https://careers.rapid7.com/careers-home">Careers</a> <div class="footer__links-social"> <a class="linkedin no-new-open" aria-label="LinkedIn" href="https://www.linkedin.com/company/39624" target="_blank"></a> <a class="twitter-x no-new-open" aria-label="Twitter" href="https://twitter.com/Rapid7" target="_blank"></a> <a class="facebook no-new-open" aria-label="Facebook" href="https://www.facebook.com/rapid7" target="_blank"></a> <a class="instagram no-new-open" aria-label="Instagram" href="https://www.instagram.com/rapid7/" target="_blank"></a> </div> </div> </div> </div> </section> </div> <section class="footer__legal"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="medium-10 medium-offset-1 cell"> <div class="footer__legal-copyright">© Rapid7</div> <div class="footer__legal-link"><a href="/legal/">Legal Terms</a></div>   |   <div class="footer__legal-link"><a href="/privacy-policy/">Privacy Policy</a></div>   |   <div class="footer__legal-link"><a href="/export-notice/">Export Notice</a></div>   |   <div class="footer__legal-link"><a href="/trust/">Trust</a></div>   |   <div class="footer__legal-link"><a href=""><a href="#" onclick="OneTrust.ToggleInfoDisplay(); return false;"> Do Not Sell or Share My Personal Information</a></a></div>   |   <div class="footer__legal-link"><a href=""><a href="#" onclick="OneTrust.ToggleInfoDisplay(); return false;">Cookie Preferences</a></a></div> </div> </div> </div> </section> <section class="contact-sticky"> <div class="grid-container"> <div class="grid-x grid-padding-x expanded"> <div id="stickyButtons" class="cell driftInit"> <div class="contactBtn"> <a id="sticky_contact_btn" role="button" tabindex="0" class="gray button"> Contact Us </a> </div> </div> </div> </div> </section> <div class="reveal light hasSidebar" id="stickyContact" data-reveal> <section class="contactForm"> <div class="grid-container"> <div class="grid-x grid-padding-x"> <div class="large-9 cell"> <div> <h2>Submit your information and we will get in touch with you.</h2> </div> <script src="//information.rapid7.com/js/forms2/js/forms2.min.js"></script> <div id="thankyouText2" style="display:none;" class="messageBox green" userlang="en"> <div class="inner-wrapper"> <div class="img-wrapper"> <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" viewBox="0 0 32 32" fill="none"> <circle cx="16" cy="16" r="16" fill="white"></circle> <path d="M22.4 12L13.6 20.8L9.59998 16.8" stroke="#3B454A" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"></path> </svg> </div> <h4 class="title">Thank you for contacting us.</h4> <h5 class="sub-title">We will be in touch shortly.</h5> </div> </div> <form id="mktoForm_8347"></form> <script> MktoForms2.loadForm("//information.rapid7.com", "411-NAK-970", 8347, function (form) { form.onSuccess(function (values, followUpUrl) { $('#thankyouText2').show(); form.getFormElem().hide(); return false; }); }); </script> <script src="//www.google.com/recaptcha/api.js?hl=en&render=6Lc2JFwaAAAAAI4X5Ix2Jxu7lyXDUVm1U3sATX7a"></script> </div> <div class="large-3 cell sidebar"> <p><img class="logo" src="/includes/img/logo-black.png" alt="Rapid7 logo" data-src="/includes/img/logo-black.png"></p> <h3>General:</h3> <p><a href="mailto:info@rapid7.com">info@rapid7.com</a></p> <h3>Sales:</h3> <p><a href="tel:1-866-772-7437">+1-866-772-7437</a><br><a href="mailto:sales@rapid7.com">sales@rapid7.com</a></p> <h3>Support:</h3> <p><a href="tel:1-866-390-8113">+1–866–390–8113 (toll free)</a><br><a href="mailto:support@rapid7.com">support@rapid7.com</a></p> <h3>Incident Response:</h3> <p><a href="tel:1-844-787-4937">1-844-727-4347</a></p> <p><a class="view_more" href="/contact/">More Contact Info</a></p> </div> </div> </div> </section> <button class="close-button" data-close="" aria-label="Close reveal" type="button"></button> </div> </footer> </div> </div> </div>  <script src="/includes/js/all.min.js?cb=1738175921178"></script> <script></script> <script src="/includes/js/bundles/shared/shared.cards.min.js?cb=1738175921178" ></script> <script src="//cdn.jsdelivr.net/npm/slick-carousel@1.8.1/slick/slick.min.js" ></script> <script src="/includes/js/bundles/partials/sidebar-menu.min.js?cb=1738175921178" ></script> <script src="/includes/js/bundles/blocks/block.multi-feature-card-block.min.js?cb=1738175921178" ></script> </body> </html>

CINXE.COM

What is Cloud Compliance? Best Practices & Challenges | Rapid7