On February 8, 2023, the U.S. Department of the Treasury released a report citing its “findings on the current state of cloud adoption in the sector, including potential benefits and challenges associated with increased adoption.” Treasury acknowledged that cloud adoption is an “important component” of a financial institution’s overall technology and business strategy, but also warned the industry about the harm a technical breakdown or cyberattack could have on the public given financial institutions’ reliance on a few large cloud service providers. The Treasury also noted that “[t]his report does not impose any new requirements or standards applicable to regulated financial institutions and is not intended to endorse or discourage the use of any specific provider or cloud services more generally.”
Modern cloud computing only came into existence about 20 years ago, but now virtually all enterprises (99%) are using cloud services. Cloud adoption accelerated further in the last two years because of the COVID pandemic as a result of an increase in remote work, the evolution of online business strategies (e.g., e-commerce), and the focus on business resilience. In addition, given budget uncertainties, moving technology tools, data and storage to the cloud usually results in significant cost savings to an organization, which is the top priority for organizations using cloud services six years in a row.
The last decade saw explosive growth in enterprise migration to the cloud, a trend driven by the promise of lower overhead costs and greater scalability. Given this, many have made the leap and moved both non-mission-critical workloads and mission-critical functionality into the cloud.
This is where “data gravity,” a phrase coined by Dave McCrory comes into play. Data gravity is the “effect that attracts large sets of data or highly active applications/services to other large sets of data or highly active applications/services, the same way gravity attracts planets or stars.” So, in the simplest terms, data gravity is the idea that increasing volumes of data can cause data to function like an anchor, making it increasingly difficult to move as the data in question continues to increase.
Oracle recently published a policy document entitled “Licensing Oracle Software in the Cloud Computing Environment” which sets out specific requirements on customers when licensing various Oracle programs and using them in the following cloud computing environments:
- Amazon Web Services
- Amazon Elastic Compute Cloud (EC2)
The European Banking Authority (EBA) has opened a consultation on its draft recommendations for financial institutions outsourcing to cloud service providers across all cloud-related domains including infrastructure as a service, platform as a service and software as a service. The recommendations are intended “to clarify the EU-wide supervisory expectations if institutions intend to adopt cloud computing, so as to allow them to leverage the benefits of using cloud services, while ensuring that any related risks are adequately identified and managed.” A public hearing will take place at the EBA’s Canary Wharf, London premises on 20 June 2017 and the consultation will close on 18 August 2017.
July 7, 2016, saw the UK’s Financial Conduct Authority (FCA) publish fresh guidance in order to clarify the requirements which apply to the financial services firms it regulates when outsourcing to the cloud. When the FCA talks about the cloud, it is referring to the full range of cloud solutions which have evolved (such as private, public and hybrid cloud) as well as the various “X as a Service” solutions such as IaaS (infrastructure), PaaS (platform) and SaaS (software).
We all know that “cloud computing” is one of the most tired and overused phrases in the technology industry, and it has been for years. Everyone has gone “to the cloud” now, right? Not so fast. When it comes to cloud-based enterprise email, the market has lagged somewhat behind.
A Gartner report published on February 1, 2016, found that “[t]he cloud email market is still in the early stages of adoption with 13 percent of identified publicly listed companies globally using one of the two main cloud email vendors.” Those two leading cloud email vendors are: (a) Microsoft, which offers Microsoft Office 365 and has an 8.5% adoption rate among global companies; and (b) Google, which offers Google Apps for Work and has a 4.7% adoption rate among global companies. There are other providers in this space, including Amazon Web Services and Rackspace, which also provide cloud email solutions.
There is no doubt cloud computing has delivered multiple benefits to the IT organization. However, without proper management and controls, these benefits could become a non-trivial expense to the organization. In a Wall Street Journal article earlier this year The Hidden Waste and Expense of Cloud Computing, Clint Boulton outlines the pitfalls of buying too much and not tightly controlling what is bought. ISG just released a Cloud Comparison Index which is described in Stanton Jones’ blog posting and makes many of the same points.
As Boulton rightly points out, after the cloud purchase is made, another big cost management opportunity remains: managing demand and shutting down compute resources when they’re not being used. Paying for unused resources can turn a good financial decision into a bad one.
On June 3, 2015 the State Department’s Directorate of Defense Trade Controls (DDTC) and the Commerce Department’s Bureau of Industry and Security (BIS) published proposed regulations which would change the definition of the term “export” in each agency’s regulations to allow cloud storage of information in servers located in foreign countries if the information is appropriately encrypted. These changes, if ultimately adopted, would substantially alleviate concerns that companies seeking to take advantage of the efficiencies of cloud computing could run afoul of export controls. However, it would still be important for cloud users and cloud storage providers to ensure that appropriate encryption is being used.
For more information, please see our Client Alert, Proposed Change to Export Controls Would Allow Use of the Cloud for Encrypted Data.
The rise of cloud computing services and the privacy/security issues involved have been much discussed (see, for example, our prior blog posts here). But when customers procure cloud-based services, a critical “behind the scenes” issue is often overlooked: is the cloud provider itself relying on third party subcontractors to perform critical functions? When these subcontractors are added to the mix, things become a bit more complicated.
Cloud computing offers a wide variety of services:
- IaaS: infrastructure as a service to replace a customer’s data center or testing environment;