It’s time to break down the regulation barriers to cloud adoption

(c)iStock.com/timy1973

There is no doubt that cloud computing has now achieved mainstream deployment in the UK. Recent research from the Cloud Industry Forum (CIF) found that some 78% of UK organisations have adopting at least one cloud based service, an increase of 15% over previous figures. More telling is that turning to the cloud is now not just the reserve of large blue-chip organisations, with 75% of SMEs also embracing cloud technology.

With cloud technology continually evolving, it has now become a mainstream solution for businesses and an integral part of an organisation’s overall IT strategy. According to Gartner, cloud computing has been highlighted as one of the top strategic technology trends in 2015 that organisations cannot afford to avoid.

Across the wider business landscape, web hosting, email, CRM, data back-up and disaster recovery continue to be the most pervasive cloud services used.  However, organisations within heavily regulated industries such as the financial services, healthcare or legal have thus far shied away from cloud technology, unsure of the right strategy and afraid of the potential security risks. The Cloud Security Alliance recently found that although the take up is increasing within financial services, with private cloud the most popular for those testing the waters, security is still their main concern.

Times are changing. A report undertaken by Ovum this month revealed that 54% of IT decision makers globally say they now store sensitive data in the cloud. The cloud has a distinct benefit for smaller institutions in heavily regulated industries. They can take advantage of the skills and better security – that cloud providers such as Cube52 offer – rather than having to invest in their own staff, software and hardware. The money saved can then be used for better education of staff and to ensure that security is regularly tested and fit for purpose.

One of the main regulatory requirements that has historically dissuaded heavily regulated industries to move away from their legacy on-premise solutions is the need for sensitive data (whether it be customer or financial information) to not cross geographical boundaries. The issue of location – data sovereignty – is currently top of mind for many due to the EU Data Protection Directive adopted in 1995 being set to be replaced with new legislation known as The EU General Data Protection Regulation later this year.

What is important to remember, is that whilst the cloud exists in the ether, that ether will ultimately always be located in a physical location so can be managed accordingly. Organisations should choose a vendor that can guarantee the location of its data centre, with proximity being a key factor in this decision. But, whilst cloud location should no longer be a barrier, consideration should be given to whether a public, private or hybrid setup is the right one.

Public clouds are based on shared physical hardware which is owned and operated by third-party providers. The primary benefits of the public cloud are the speed with which you can deploy IT resources, and the fact it is often the cheapest option as costs are spread across a number of users. However, the security of data held within a multi-tenanted public cloud environment is often a cause for concern in heavily regulated industries.

Private cloud is a bespoke infrastructure dedicated purely to your business. The private cloud delivers all the agility, scalability and efficiency benefits of the public cloud, but with greater levels of control and security. This makes it preferable for industries with strict data, regulation and governance obligations. Another key benefit of private cloud is the ability to fully customise the infrastructure components to best suit your specific IT requirements, something that cannot be achieved so easily in the public cloud environment.

The hybrid cloud is a more recent addition and allows the business to combine public cloud with private cloud or dedicated hosting. This way, a business can benefit from the advantages of each within a bespoke solution. For example, a business could use the public cloud for non-sensitive operations, the private cloud for business critical operations and incorporate any existing dedicated resources to achieve a highly flexible, highly agile and highly cost effective solution.

Overall, the rationale for moving to cloud is no different for businesses in heavily regulated industries than those that aren’t. Flexible infrastructure, faster provision and time to market, low capital expenditure and staff skills shortages in their own IT department. Security must remain an important consideration, but with flexible, resilient and secure solutions available there is no reason why all industries can’t embrace an aspect of cloud technology today and reap the benefits.