Review: Understanding Cloud Governance (Applied)

FERPA governs student education records like grades and attendance. HIPAA covers health data, and COPPA targets online services for children under 13.

Before storing protected health information, confirm the provider holds a recognized compliance attestation for health data. Pricing and branding do not reduce regulatory exposure.

Data residency addresses the legal jurisdiction where data is physically stored. Replication and tiering describe how copies are placed for performance or cost, not legal location.

ISO 27001 is the international standard for information security management systems. Payment card standards target card data, and service management libraries cover IT operations, not security management.

When training data is undisclosed, the model may carry hidden bias that produces unfair outcomes for certain groups. Latency and cost are operational concerns, not ethical ones.

Transparency requires that AI decisions be explainable to affected parties. Redundancy, portability, and elasticity are technical cloud properties, not ethical principles.

When built-in roles are too broad, a custom role scoped to the single resource enforces least privilege. Owner and Global Admin grant far more than needed.

Combining a password with a phone-generated code uses two distinct factors, which defines multifactor authentication. Single sign-on simplifies login but does not require multiple verification factors.

Accounts for departed employees must be disabled or removed to eliminate the attack surface. Resetting passwords or reducing permissions still leaves usable identities in the system.

Encryption at rest protects data stored on physical media. Encryption in transit protects data moving across a network, such as during an upload or download.