Complete Compliance Book

Complete Cloud Compliance

How regulated companies de-risk the cloud and kickstart transformation

By Travis Good, MD & Kris Gösser

Notify Me

Regulated companies have a hard problem to solve.

They run the risk of becoming obsolete due to an inability to adopt new technology fast enough. Incumbent business models will be out-flanked by shifting customer expectations brought on by improved digital experiences. Market conditions are out of their control. Even healthcare, the most regulated industry with the heartiest entrenchment and uniquely perverse economic incentives, is remarkably close to complete upheaval due to a litany of world-changing ideas, like mobile devices, Internet of Things, big data, and artificial intelligence. It all stems from the mother of all recent innovations, the cloud. The root challenge is the adoption of cloud computing in order to remain relevant. If achieved, compliant cloud computing becomes an organizational differentiator.

Compliance contributes to this existential threat because it prompts the cloud to be viewed as a liable cost center by most regulated companies. But that’s wrong. It’s actually a leverageable asset that is at the foundation of modern business transformation.

Complete Cloud Compliance is a program developed after years of managing high-stakes compliance requirements across mission critical healthcare workloads. It is a chance to control destiny. The program is written for healthcare organizations, but all while under the principle that best practices are best practices, meaning the insights shared can be applied across global regimes and any industry.

The 9 Big Ideas

  1. When controlled, compliance is actually a competitive edge.
  2. The cloud is no longer other people's computers. It is managed services.
  3. As cloud services get more abstract to improve developer experience (a good thing), more control is being taken away from the user making compliance attestation harder (a bad thing).
  4. Compliance is only as strong as the weakest link in the abstraction chain.
  5. Frameworks are the best way to manage regulations. The best frameworks are built for a dynamic future, not a dated past.
  6. Complete cloud compliance is hard because technologists struggle to understand compliance while compliance officers struggle to understand the cloud.
  7. The cloud is global, so compliance is now global.
  8. Cloud compliance comes down to data management. The three verbs of data are store, compute, and transmit.
  9. Data sources are splintering instead of unifying, making compliance more complex.

Visual storytelling

Complete Cloud Compliance focuses on distilling complex topics into easy-to-understand stories. The book makes heavy use of illustrations, charts, and graphs wherever possible.

Global compliance map
Audit workflow
HITRUST History
shared responsibility
security concerns
Cloud Architecture
Managing Managed Services

Chapters

  1. The Business Case for Compliance

    The most regulated industries are often the most important to society, but they are also the farthest behind on absorbing new technology. The cloud is a critical requirement for regulated companies to avoid disruption. Compliance blocks cloud adoption, but it doesn't have to be that way. If organizations change their approach to compliance, they can unlock the cloud and turn what used to be a liability into a true differentiating asset.

  2. What Really is Compliance?

    Most technologists have little experience with compliance. This chapter goes deep on compliance in a way developers can understand. Read chapter 2 for free.

  3. What Really is the Cloud?

    Most compliance officers have a hard time keeping up with the fast-paced, dynamic nature of the cloud. The shifting landscape of abstraction only makes it harder. This chapter goes deep on the cloud in a way that business-minded compliance owners can understand.

  4. Why Data Interoperability Matters

    Cloud compliance is about managing security and privacy of data. Fundamental to modern business models is integration of disparate datasets, which subsequently increases compliance complexity for regulated companies.

  5. Complete Cloud Compliance

    The meat of the book is a 3C program designed for any regulated company looking to control compliance on the cloud with an eye on the future. The program explains the overlay of compliance and cloud abstraction, then gives a rubric for creating your own program.

  6. Best Practices for Complete Cloud Compliance

    A successful 3C program employs modern best practices. This chapter gives 16 expert tips learned from years worth of managing compliance for high-stakes workloads on the cloud.

  7. The Achievable Mandate

    Adopting the cloud isn't something you should do—it's something you must do. Compliance isn't something you ought to do, but the right thing to do. Combining them is a mandate, but the good news is it's entirely possible to achieve.

Notify Me

About the Authors

Travis Good, MD

With a passion for healthcare and an eye towards market changing transformation, Travis blends his varied experience across medicine, cloud, and cybersecurity to develop impactful strategic initiatives. He has written extensively on healthcare technology and digital innovation and spoken at events like HIMSS, SXSW, AMIA, AHIMA, MedX, Health 2.0, and HITRUST Summit. As the co-Founder and CEO of Datica, he created the strategy and go-to-market vision for products now helping enable innovation on the cloud at hundreds of healthcare organizations. Travis grew up in Florida before bouncing around for college and graduate school, eventually settling in Colorado with his family.

Kris Gösser

Kris likes to sit at the intersection of design, business, and technology to craft empathetic products for markets in need. He has been a Lean Startup practitioner across his twelve-year career as an entrepreneur spanning leadership roles in engineering, design, product, marketing, sales, and management. As the CMO of Datica, he interfaces with the healthcare industry to understand the challenges faced while guiding Datica's revenue machine towards growth targets. He helped write this book because he viewed a deeper understanding around the topic of cloud compliance as an essential ingredient to an improved society—the most regulated industries are often the most important to communities. A Wisconsin native, Kris and his family live in Seattle where they now call home.