Organizations that must meet strict regulatory demands are typically reticent to move their assets to public cloud storage. However, as GigaOM's Barb Darrow recently illustrated, that doesn't mean they aren't moving to the cloud at all. Darrow highlighted financial firm State Street as an example. The organization prohibits the use of offerings such as Amazon Web Services due to data security and availability concerns.
It makes sense, given the type of information floating around in the financial sector. Between trade secrets and customers' financial records, a single breach in application or data security could result in monumental costs. To combat these risks while still leveraging new technology, State Street and other firms have turned to building their own cloud solutions.
"One goal of State Street’s cloud is to come up with new analytics that will let customers combine the data they keep themselves with data State Street keeps in their behalf and analyze it to get new insights," Darrow wrote. "For that, State street needs to provide complete transparency so the clients can always see exactly what’s happening in their portfolio."
Despite these advantages, companies may be missing out on the level of scalability that could be achieved through the public cloud. In an interview with GigaOM, State Street CIO Chris Perretta admitted to this shortcoming. Before public clouds become a viable option, however, cloud storage providers will likely need to implement safeguards that can satisfy compliance requirements and put the minds of internal auditing teams at rest.
Some providers have already taken steps to address the security issue. Amazon's Virtual Private Cloud solution, for example, allows customers to partition some infrastructure for themselves. Darrow predicted that successful companies in the future will effectively merge public cloud-level scalability with private cloud security and availability. In addition, it will be critical for cloud solution providers to promote transparency and bold service-level agreements if they hope to satisfy the demands of the financial services and other highly regulated industries.
Public cloud adoption rises
Companies have not let the supposed risks keep them entirely out of the public cloud, and interest spans across industries. As a December CloudPassage survey of 200 IT professionals found, 41 percent of respondents already use a public cloud service to host external applications. Thirty-six percent also said they used the technology for internal programs such as human resources, customer relationship management and enterprise resource planning software.
These numbers indicate growing maturity and confidence in public cloud offerings as a significant amount of customer and business data is already housed by providers. Survey respondents cited compliance as a top concern for these migrations, which CloudPassage attributed to a lack of guidance. This suggests a need for clearer policies on the part of the cloud provider and may even present opportunity. For example, those that can show their architectures meet regulatory requirements are best positioned to be successful in a market that still has some trepidation.
The good news is that customers are beginning to take some of the security burden themselves. CloudPassage found that approximately 75 percent of those polled believe cloud security is their responsibility rather than the provider's. Regardless of who is ultimately responsible for safeguarding cloud-stored assets, this suggests businesses are likely to take a more cautious approach to selecting technology partners. As a result, cloud storage companies could face greater SLA demands in regard to transparency and security.