How heavily regulated industries can embrace cloud

There is no doubt that cloud computing has now achieved mainstream deployment in the UK. Recent research from the Cloud Industry Forum (CIF) found that some 78% of UK organisations have adopting at least one cloud-based service, an increase of 15% over previous figures.

More telling is that turning to the cloud is now not just the reserve of large blue-chip organisations, with 75% of SMEs also embracing cloud technology.

With cloud technology continually evolving, it has now become a mainstream solution for businesses and an integral part of an organisation’s overall IT strategy. 

According to Gartner, cloud computing has been highlighted as one of the top strategic technology trends that organisations cannot afford to avoid.

>See also: 4 megatrends that will dominate cloud computing for the next decade

Across the wider business landscape, web hosting, email, CRM, data back-up and disaster recovery continue to be the most pervasive cloud services used.  

However, organisations within heavily regulated industries such as the financial services, healthcare or legal have thus far shied away from cloud technology, unsure of the right strategy and afraid of the potential security risks.

The Cloud Security Alliance recently found that although the take up is increasing within financial services, with private cloud the most popular for those testing the waters, security is still their main concern.

Times are changing. A report undertaken by Ovum this month revealed that 54% of IT decision makers globally say they now store sensitive data in the cloud.

The cloud has a distinct benefit for smaller institutions in heavily regulated industries. They can take advantage of the skills and better security that cloud providers offer, rather than having to invest in their own staff, software and hardware.

The money saved can then be used for better education of staff and to ensure that security is regularly tested and fit for purpose.

One of the main regulatory requirements that has historically dissuaded heavily regulated industries to move away from their legacy on-premise solutions is the need for sensitive data to not cross geographical boundaries.

The issue of location – data sovereignty – is currently top of mind for many due to the EU Data Protection Directive adopted in 1995 being set to be replaced with new legislation known as The EU General Data Protection Regulation some time this year.

What is important to remember is that whilst the cloud exists in the ether, that ether will ultimately always be located in a physical location so can be managed accordingly.

Organisations should choose a vendor that can guarantee the location of its data centre, with proximity being a key factor in this decision. But, whilst cloud location should no longer be a barrier, consideration should be given to whether a public, private or hybrid setup is the right one.

Public clouds are based on shared physical hardware that is owned and operated by third-party providers. The primary benefits of the public cloud are the speed with which you can deploy IT resources, and the fact it is often the cheapest option as costs are spread across a number of users.

However, the security of data held within a multi-tenanted public cloud environment is often a cause for concern in heavily regulated industries.

Private cloud is a bespoke infrastructure dedicated purely to a business. It delivers all the agility, scalability and efficiency benefits of the public cloud, but with greater levels of control and security.

This makes it preferable for industries with strict data, regulation and governance obligations. Another key benefit of private cloud is the ability to fully customise the infrastructure components to best suit specific IT requirements, something that cannot be achieved so easily in the public cloud environment.

>See also: Cloud does NOT equal data centre: Gartner dispels the top 10 myths of cloud computing

The hybrid cloud is a more recent addition and allows the business to combine public cloud with private cloud or dedicated hosting. This way, a business can benefit from the advantages of each within a bespoke solution.

For example, a business could use the public cloud for non-sensitive operations, the private cloud for business critical operations and incorporate any existing dedicated resources to achieve a highly flexible, agile and cost-effective solution.

Overall, the rationale for moving to cloud is no different for businesses in heavily regulated industries than those that aren’t: flexible infrastructure, faster provision and time to market, low capital expenditure and skills shortages.

Security must remain an important consideration, but with flexible, resilient and secure solutions available there is no reason why all industries can’t embrace an aspect of cloud technology today and reap the benefits.


Sourced from Matthew Munson, CTO, Cube52

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Cloud Technology