When it comes to the adoption of public cloud computing, concerns often remain focused on privacy and data security. In a heavily regulated environment like financial services, this is often magnified and perceived issues often become an inhibitor for business acceptance, says Patrick Ashton, Managing Executive of Cirrus Managed Services, a subsidiary of SilverBridge Holdings.
“Even though the public cloud promises much, cynics often argue that sensitive corporate data is safer in the on-premise server room than it would be in a foreign data centre. Realistically though, few companies can invest as much on security (both cyber and physical) as the multinational hyper-scale cloud vendors. After all, the reputation of these vendors and their business survival depends on their ability to keep client data safe,” he says.
“Security, like any other aspect of business, becomes a continuously changing environment that puts the onus on the C-suite to make sure all elements of the organisation comply with requirements. When it comes to the cloud, it is this lack of control that concerns many. When you rely on a private cloud or on-premise solution, you have complete control over your security. Come a public or hybrid cloud approach, then elements of that are taken care of by the service provider.”
Regulatory concerns
Other concerns around public cloud include business fears that they will lose control of their data; that the security, accessibility and storage of data is not transparent enough, and that the compliance standards will not be met. The regulatory environment and stringent compliance measures that financial services organisations need to adhere to often prove the stumbling block when businesses must evaluate cloud versus on-premise solutions.
Best effort security and data protection in this regard is not good enough. Cloud providers are continually working to alleviate these concerns and to satisfy local regulators that best practice standards are being adhered to. ISO certifications, along with other global standards such as the EU Model clauses and the SOC reporting framework, have become mandatory features of hyper-scale cloud vendors in efforts to secure in-country regulatory approvals.
Compliance is a veritable minefield for any company to navigate, especially given the pressure to embrace cloud computing and other virtualised solutions. Many technology solutions have no historic compliance standards to measure against. Therefore, as the technology evolves, so must compliance to meet the ever-changing landscape. The role of cloud vendors in working with regulatory compliance bodies across the world becomes key to accelerated public cloud acceptance.
Irrespective of which cloud vendor is used, businesses need to ensure that tight service level agreements are in place around availability of data, security and business continuity. It is imperative to examine the practices and strategies of service providers around things such as data protection and access management, incident response service levels, and the ability to migrate data to other platforms, should this be required.
Changes afoot
Looking ahead, many compliance concerns around public cloud solutions will change and possibly even disappear as these solutions become the norm over on-premise installations. With a large multinational vendor opening two data centres in South Africa during 2018, many more companies are expected to start making the transition to the public cloud. Concerns around where customer data is hosted will no longer be an issue and the focus can instead shift to how best utilise these local resources, in conjunction with existing private cloud solutions.
Hyper-scale cloud infrastructure providers will continue to invest heavily in data protection, security, and compliance adherence as their business models focus on driving cloud consumption. This investment cannot be matched by individual businesses. Over time, the adoption of cloud will reach a tipping point as on-premise infrastructure deficiencies become exposed. The constantly evolving cloud features which are attractive to the business will begin to outweigh any regulatory compliance concerns and will drive businesses towards more efficient use of technology platforms.