Are organisations placing too much faith in on-demand cloud providers?

The virtues of cloud storage shouldn’t be underestimated. Hosting data off-premise could be a solution for many organisations as it gives them more flexibility to access files and data from anywhere in the world, the scalability of hosting corporate information and could also offer the opportunity to bypass the risk of purchasing hardware, to say the least.

However, with many organisations weighing up the move to the cloud, are their heads in the clouds too?

Cloud growth

According to Gartner, the worldwide public cloud services market is projected to grow by 21.4 per cent this year, a total of $186.4 billion, up from $153.5 billion last year. Within this, cloud system infrastructure services (infrastructure as a service or ‘IaaS’) is the fastest growing segment of them all with a forecast of 35.9% growth, estimated to reach $40.8 billion.

Such strong growth is an undeniable trend – organisations are looking to the cloud for their computing infrastructure needs. However, even with such strong numbers, is the cloud right for everyone, and should organisations heed some caution?

Head in the Cloud?

As an organisation grows it must weigh up its wants and needs and how its systems and storage can grow with it. Making that choice between cloud, on-premise or hybrid is one that can have great huge ramifications for the future, especially when this decision has to factor in 2018’s biggest buzzword, GDPR.

GDPR or its longer title General Data Protection Regulation was enforced on the 25th May and was drawn up to strengthen the data rights of European Union (EU) residents, increasing data protection throughout the union.

This means all organisations doing business within or with the EU that handle personal data must now work within the new regulations otherwise they face heavy fines (€20 million or 4% of annual global turnover, whichever is highest) which can have irrevocable damage, financially and reputationally. And worse still, even if an organisation has their own house in order, if their partners don’t but handle this data, the fines can be levied across both businesses.

Therefore, this must become one of the most important considerations for any organisation. If they handle personal customer data and are looking at moving to the cloud, they must also put in the leg work to decide whether the cloud partner can also work within the new regulations. If it can’t it will bring with it all the front page headlines, heavy litigation and fines.

A second concern for organisations must hinge around cost. Working with a cloud provider can often be a strong option, but at what cost? If an organisation places all or a majority of their data in the cloud, it could be at the mercy of potentially escalating runtime costs. After all, leasing, whether it be with white goods, a car, or data, can often be seen as cost effective – but in the long run can cost more than paying upfront or in the case of data, setting up on-premise infrastructure. Prices could also be put up by the provider and organisations will have to foot the bill as it could cost more to break away and change processes.

A third consideration should focus around down time and the worst-case scenario of complete data loss. If organisations choose to work with third party cloud providers they must understand that they will be placing their data in the hands of someone else and will lose control of keeping it safe according to their own specialised principles. In most cases this wouldn’t be an issue, but what if the cloud provider’s systems were to go down or a catastrophic data loss incident were to happen. It’s happened before…

In 2012 an Amazon owned data centre went down affecting Instagram, Netflix and Pinterest for over six hours. And even though service resumed, think about the poor customers of Google Compute Engine who in 2015 lost all their data. While Google claimed the loss was miniscule, how minuscule is miniscule to the business relying on the service?

All that glitters is not gold

Nevertheless, moving to the cloud is a viable option for many organisations. Whether they’re looking for flexibility, scalability or they need to move away from their own hardware, the cloud could be the answer.

However, all that glitters is not gold.

Placing too much faith in cloud providers could lead to compromises having to be made around security, rising uptime costs and downtime and data loss, both in the short and long term – this isn’t how organisations should treat their most valuable asset. Organisations must decide how important their data is to them and whether it is best for them to look after it themselves or leave it in the hands of someone else.

The simple moral of the story is to ask providers to prove their credentials and not take anything at face value. The world runs on data centres, and if it’s not under the control of the business, the provider needs to be trusted.

 

 

By Mark Gaydos, Chief Marketing Officer, Nlyte Software


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/