(c)iStock.com/timy1973

There is no doubt that cloud computing has now achieved mainstream deployment in the UK. Recent research from the Cloud Industry Forum (CIF) found that some 78% of UK organisations have adopting at least one cloud based service, an increase of 15% over previous figures. More telling is that turning to the cloud is now not just the reserve of large blue-chip organisations, with 75% of SMEs also embracing cloud technology.

With cloud technology continually evolving, it has now become a mainstream solution for businesses and an integral part of an organisation’s overall IT strategy. According to Gartner, cloud computing has been highlighted as one of the top strategic technology trends in 2015 that organisations cannot afford to avoid.

Across the wider business landscape, web hosting, email, CRM, data back-up and disaster recovery continue to be the most pervasive cloud services used.  However, organisations within heavily regulated industries such as the financial services, healthcare or legal have thus far shied away from cloud technology, unsure of the right strategy and afraid of the potential security risks. The Cloud Security Alliance recently found that although the take up is increasing within financial services, with private cloud the most popular for those testing the waters, security is still their main concern.

Times are changing. A report undertaken by Ovum this month revealed that 54% of IT decision makers globally say they now store sensitive data in the cloud. The cloud has a distinct benefit for smaller institutions in heavily regulated industries. They can take advantage of the skills and better security – that cloud providers such as Cube52 offer – rather than having to invest in their own staff, software and hardware. The money saved can then be used for better education of staff and to ensure that security is regularly tested and fit for purpose.

One of the main regulatory requirements that has historically dissuaded heavily regulated industries to move away from their legacy on-premise solutions is the need for sensitive data (whether it be customer or financial information) to not cross geographical boundaries. The issue of location – data sovereignty – is currently top of mind for many due to the EU Data Protection Directive adopted in 1995 being set to be replaced with new legislation known as The EU General Data Protection Regulation later this year.

What is important to remember, is that whilst the cloud exists in the ether, that ether will ultimately always be located in a physical location so can be managed accordingly. Organisations should choose a vendor that can guarantee the location of its data centre, with proximity being a key factor in this decision. But, whilst cloud location should no longer be a barrier, consideration should be given to whether a public, private or hybrid setup is the right one.

Public clouds are based on shared physical hardware which is owned and operated by third-party providers. The primary benefits of the public cloud are the speed with which you can deploy IT resources, and the fact it is often the cheapest option as costs are spread across a number of users. However, the security of data held within a multi-tenanted public cloud environment is often a cause for concern in heavily regulated industries.

Private cloud is a bespoke infrastructure dedicated purely to your business. The private cloud delivers all the agility, scalability and efficiency benefits of the public cloud, but with greater levels of control and security. This makes it preferable for industries with strict data, regulation and governance obligations. Another key benefit of private cloud is the ability to fully customise the infrastructure components to best suit your specific IT requirements, something that cannot be achieved so easily in the public cloud environment.

The hybrid cloud is a more recent addition and allows the business to combine public cloud with private cloud or dedicated hosting. This way, a business can benefit from the advantages of each within a bespoke solution. For example, a business could use the public cloud for non-sensitive operations, the private cloud for business critical operations and incorporate any existing dedicated resources to achieve a highly flexible, highly agile and highly cost effective solution.

Overall, the rationale for moving to cloud is no different for businesses in heavily regulated industries than those that aren’t. Flexible infrastructure, faster provision and time to market, low capital expenditure and staff skills shortages in their own IT department. Security must remain an important consideration, but with flexible, resilient and secure solutions available there is no reason why all industries can’t embrace an aspect of cloud technology today and reap the benefits.

(c)iStock.com/Tuomas Kujansuu

Today, many UK-based organisations face a significant set of data sovereignty challenges when they are considering moving their data to the cloud. Data residency and privacy rules and regulations differ from country to country, so users of cloud services need to think about the rules that cover each of the jurisdictions they operate in, as well as the rules that govern the treatment of data at the places where cloud service providers store their data. There are various merits of storing data within a UK data centre as opposed to an international location.

Data sovereignty laws

After France, Germany and several other EU governments proposed new data sovereignty laws which require all data to be stored locally, many enterprises have become increasingly concerned that these foreign governments will now request access to data stored in the cloud within their international border.

However, if enterprises choose a cloud within their domestic border, they are able to ensure data sovereignty. Research from Vanson Bourne discovered that 86 per cent of UK enterprise customers believe it’s important for business-critical data to be stored within a UK-based cloud provider.

Data stored in a UK-based multinational company can still be backed up elsewhere

By choosing a cloud provider that only stores its data in a UK location, customers have the ability to physically go and visit their data, as well as seeing where the backups and archives are kept, which remains perhaps a surprisingly common request for CIOs.

If data stored in the cloud is provided by a foreign multinational company, it can still be subject to the influence of foreign governments, and global cloud providers need to have safeguards in place to ensure data is never transferred cross-border around their data centres worldwide. Even if primary data may be stored in the UK, if the cloud provider back-ups or archives information in another country, data sovereignty is eroded.

Environmental risks

Knowing where the cloud provider is registered and headquartered as a business will greatly determine which laws your information will be subject to. Yet, environmental risks such as earthquakes and floods remain a key consideration for businesses that are cloud shopping. Although it’s considerably cheaper to store data in a location where these are likely to occur, the risks are rarely worth taking. Therefore, knowing where the data centre is physically located is an important factor to consider.

UK data centres can address both data sovereignty concerns whilst ensuring high availability, compliance and security. The reality is that no global cloud provider can provide the same peace of mind that a UK data centre offers UK businesses looking to keep important data secure.