[MUSIC] When you decide to partner with a cloud provider, if you're in a regulated market such as banking or health care, your regulator will want to know that you're still compliant with their requirements. Even if you're not in a regulated market, you might still need to be compliant with certain regulations. For example, the GDPR. You need to know what level of security is required of you. And you need to check if this aligns with the level of security that your cloud provider offers. Suppose you're the head of HR in your organization. You probably manage or process sensitive employee data daily. For example, when you're interviewing candidates for a new role, feedback about each candidate and/or the interview, would need to be kept secure. Obviously, you wouldn't want unauthorized employees to access this data, or even worse, public access. But unauthorized access to data may also affect your compliance with regulations like the GDPR, leading to potentially large fines. Once you've established which data is sensitive and what your requirements are for keeping it safe, you should carry out a compliance assessment. These assessments can validate how a cloud provider protects your data and complies with what's demanded by the regulator. There are several issues to consider. Number one, what are the cloud security capabilities? Compare the cloud's capabilities to your current capabilities and market regulations. In many circumstances, storing data in the cloud will be more secure then storing it on-premise. But you need to check. Number two, who owns the data? Meaning the intellectual property that's hosted on the cloud. Do you remain the owner? Google Cloud takes the positions that any data you create or upload belongs to you. Number three, how is the cloud provider using your data, this is especially important for regulated markets or businesses working in Europe. Number four, what if there's a data incident? Many laws around the world require businesses to notify users who might be affected by a data incident. But will your cloud provider notify you? And at what point do they notify you and how would they do it? Number five, what about data deletion? How quickly will your data be deleted from the server after you've deleted it? Number six, will your data be portable? If you want to leave your cloud provider, will they give you your data in a format that's easily accessible? Number seven, what type of data will you be storing in the cloud? This is a key topic for regulated markets, because there will be restrictions on the types of data that can be stored in the cloud. You need to understand the regulations in your market and make sure the data you intend to store on the cloud meets those requirements. Number eight, where is the data stored? Where are the data centers of the cloud provider? Does the position of the data center have any risks in terms of things like political stability? Number nine, does the cloud provider allow third party security audits to check their security? Which third parties does it allow? Even if you've discussed all these questions with the cloud provider, your regulator will still expect you to verify the provider's answers. You will not be allowed to simply take the cloud provider's word for it. You need proof that they do what they say they do. Google Cloud gets audited by third parties and achieves certifications against multiple standards. These audits and certifications will help with transparency and verify that Google does what it claims in regards to data security, privacy, controls and procedures. You can visit us at cloud.google.com/compliance and review any of the relevant reports based on your industry or region. Ultimately, whichever cloud provider you use, you need to work with them to make sure all necessary security controls are in place and that you have proof of this.