Cloud adoption rises amid pandemic but held back by compliance fears
Businesses over the last few years have adopted cloud technologies to drive efficiency. These solutions manage cost, improve productivity and provide flexible, and cheaper storage while adapting to a flexible workforce. Companies’ decision for cloud adoption is based on their appetite for maximizing their usage and value from the legacy platforms, risk assessment and willingness to increase spend on adopting new technologies.
The Covid-19 pandemic led to a nationwide lockdown in late March, forcing companies to shift to remote work. Businesses had to change their culture and become more adaptable and agile. Companies realized the role of digital transformation and cloud adoption to access the shared resource on the network, reduce cost, and manage remote working.
According to IDC, 64% of Indian firms are expected to adopt cloud computing amid the pandemic to cater to the increased need for remote working capabilities.
Given the significant squeeze on capital expenditure and ongoing reduction in operational expenses, the need for variabilization of information technology (IT) is at an inflection point. Companies are looking at options of rapid deployment of cloud solutions depending on their organizational maturity. The benefits of cloud can range from scalability, elasticity, universal access, flexible billing through low entry costs based on workloads deployed on the cloud. However, before the pandemic, the business and peer comparison pressure of the market-led companies to adopt cloud in varying degrees. At a basic level cloud was adopted through the use of collaboration tools, office tools, a CRM (customer relationship management) system. More complex uses started with moving non-core application portfolios and data to the cloud.
Compliance fears for cloud adoption
While the desire and benefits for organisations to move to the cloud are visible, compliance can be challenging and is more industry/segment led. Cloud environments face security vulnerabilities on several counts, from the failure to maintain proper security hygiene to system vulnerabilities at the end-user level. Enterprises used to rely on encryption for data security on clouds. Encryption at every step of the data lifecycle during runtime, at rest, or in-transit. While the risk of in-transit data is minimized using a VPN (a virtual private network) but the data during runtime is highly vulnerable.
Protecting runtime data is of great concern among enterprises operating in healthcare, banking, finance and insurance. There are specific regulations that govern the use of sensitive business data specifically in financial services and healthcare. The main intent being to protect consumer privacy and provide adequate protection against key attributes governing integrity, confidentiality, availability, and more importantly end-accountability.
The regulatory needs vary between countries. The nature of cloud computing calls for shared responsibility between service providers and organisations. The organisations are fully accountable for compliance and the associated penalties with non-compliance.
Operational alignment and shared responsibility of security
Ensuring compliance is a challenge for organisations during these difficult times as IT is preparing for operational alignment. It is critical to understand compliance requirements and responsibilities around data before cloud adoption as it isn’t suggested for all organizations, or for that matter, all types of data. For example, the public cloud is not suggested for financial data. Cloud adoption and digital transformation have also raised concerns about data security among enterprises.
According to Barracuda Networks survey, 66% of Indian organizations have had at least one data breach or cybersecurity incident since shifting to a remote working model during the pandemic.
While enterprises move to cloud storage, they should always consider the security of data as a shared responsibility with the cloud partner. Cloud governance policies should let organizations build their security measures and lastly defended by the cloud partner. Both the teams should collaborate to develop enterprise cloud wise security strategy, as the cloud partners can help stay abreast of the recent threats looming over data and help in securing the same.
Organisations need to understand that cloud adoption is no longer about servers and storage, it is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources.
Roop Singh
Roop Singh is the chief business officer of Birlasoft. The views expressed in this article are his own.