Updating data compliance for the cloud era
By Ron Miller, principal consultant at SunGard Availability Services (UK) Limited.
It might have been a buzzword within the IT industry for some years now but more recently we’ve seen the mainstream appetite for, and adoption of, cloud computing rise significantly. Whether it’s public, private or hybrid services, the promise of greater flexibility, scalability and cost-effective pricing models has been too enticing for many businesses to ignore.
The flipside, however, is that as a result of the cloud, we’re also seeing a number of companies coming under scrutiny for their data protection and compliance policies. It’s the CIOs that are leading the charge here, as they become increasingly concerned over the security of their mission critical data. There is the perception that many ‘cloud’ vendors (and that’s including those companies that have simply rebranded an existing solution to jump on the bandwagon) are failing to provide a comprehensive view on where data is being stored and the information security management framework that’s in place.
Information, both data and intellectual property, is a greater source of competitive advantage for businesses now than it ever has been. In many sectors, this is driven by consumer expectations, where there is an assumption that systems will be able to perform at optimum levels 24/7. The rise of the ‘I want it now’ culture and increased customer promiscuity (when it comes to where they take their custom), is forcing companies to ensure that every aspect of their organization and those of key partners perform with near perfect levels of availability.
In support of this, we’ve seen a definite shift over the last 25 years, where businesses across the board have progressed from IT-centric (and reactive) disaster recovery, through the processes of business continuity management and high availability (which encouraged a mind-shift towards proactive and interactive processes) to today’s age of the ‘always-on’ society where continual information availability is not simply an option, but a requirement. The word, ‘recovery’ is thus being rapidly stripped from the corporate IT vocabulary because a company’s key people and critical information must remain connected and available at all times.
Part of the challenge that remains lies in the disconnect that exists between current technology practices and outdated regulations. The public sector has addressed these problems through the introduction of the G-Cloud tender system but a number of other heavily regulated sectors such as finance or healthcare, have found it more difficult to take advantage of the latest technology trends. Although cloud technology has played an increasingly important role in these sectors the path towards its deployment has not been an easy one: organizations have found themselves forced to jump through numerous hoops in order to satisfy stringent (and often outmoded and inappropriate) regulatory regimes.
Demonstrating a legitimate reputation for having security, resilience and availability baked into solutions is vital to imbuing CIOs with the confidence to ensure that their strategies for optimising technology spend while ensuring their organizations can take advantage of the competitive advantages that information gives them are carried out systematically and effectively. But, there is a cautionary note for CIOs to heed as well: ultimate responsibility for security lies with the owner of the data, so whilst you may legitimately outsource to take advantage of the world of ‘as a Service’ for greater agility, efficiency and flexibility, NEVER relinquish your control or accountability. Strangely enough, this is where regulation can help firms both have their data cake and eat it!
•Date: 10th September 2013 • UK/World •Type: Article • Topic: Cloud computing