Cloud adoption in the EU - and analyst's perspective (revised)


Published on

Revised and expanded version of the presentation given to AIIM ELC in London June 2013

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Cloud adoption in the EU - and analyst's perspective (revised)

  1. 1. 1 Cloud adoption in Europe - an analyst's perspective Mike Davis Principal Analyst June 2013 © All images acknowledged © msmd advisors Ltd 2013 responsive, credible, flexible
  2. 2. 2 © msmd advisors Ltd 2013 Running order The issues around Cloud are not new The thirst for cloud solutions (to problems) 9 questions and myths that need to be burst The things businesses haven't thought of How does legislation impact Cloud adoption? EU examples and initiatives Which legislation?
  3. 3. 4 © msmd advisors Ltd 2013 The thirst for and benefits from cloud adoption • Rapid adoption – learnt the lessons from web apps • Rapid updates – without the pain of downtime • Flex and scale – without “Yee cannot break the laws of physics Captain” • Addressed more needs than originally envisaged • Scales exponentially (within contract and budget) • Allowed IT to focus on solutions rather than 'plumbing' • Better uptime than in house
  4. 4. 5 These are all Cloud companies by design © msmd advisors Ltd 2013
  5. 5. 6 © msmd advisors Ltd 2013 9 questions/myths about Cloud for EU CIOs 1. “I won't have control of my data” 2. “What if my provider get hacked?” 3. “How can I trust people I don't know to look after my data?” 4. “How can I be sure of my provider's privacy controls?” 5. “Can you guarantee it will be cheaper?” 6. “We can't use a generic platform, our business is unique, we need significant customisation of our software to address our business needs.” 7. “Why shouldn't I keep doing all our processing internally?” (It boosts my staff numbers, my salary and my profile) 8. “My regulator says I can't have personal data stored outside the country” 9. “All the Cloud service providers are American, thus they are subject to the Patriot Act and the US Government can size the data.”
  6. 6. 7 © msmd advisors Ltd 2013 Control
  7. 7. 8 © msmd advisors Ltd 2013 1. “I won't have control of my data” – Yes you will, and as a corporate entity you still have responsibility for your data too, no matter where it is and who is processing/storing on your behalf. If you are concerned about the controls, look closer at the contracts and do better due diligence. Banks and retailers do not have qualms about security companies transporting their cash.
  8. 8. 9 © msmd advisors Ltd 2013 How secure is cloud?
  9. 9. 10 © msmd advisors Ltd 2013 2. “What if my provider gets hacked?” – There was a recent exercise on social engineering hacking undertaken by so-called 'ethical hackers'. Of the 25 well known corporations they targeted, the majority were ‘captured’ within 15 minutes. The only successful defendant was Google. Unless you are the US government, you can't afford to invest in as much training and infrastructure as a provider. The real questions to ask are: 'How big is my security team?' 'How quickly can they respond to a threat?' More relevantly from a business perspective, 'How sensitive is the vast majority of information in my businesses systems?' I refer again to the canteen menu.
  10. 10. 11 © msmd advisors Ltd 2013 3. “How can I trust people I don't know to look after my data?” – The question is 'Do you put the database management and backup responsibility in the hands of people who work for an organisation, whose only purpose is to deliver a trusted service? Or to your intern, who is at best paid the minimum wage (probably nothing at all), and when his/her partner says “can you come to the cinema now?” will choose the popcorn over the mandated procedure'.
  11. 11. 12 © msmd advisors Ltd 2013 4. “How can I be sure of my provider's privacy controls?” – Because unless you are the intelligence service, they are better at it than you are. It's their focus and credibility. Like you they are subject to privacy laws, and should have the ISO 27001 and equivalent certification(s) (as should you).
  12. 12. 13 © msmd advisors Ltd 2013 What do you NEED to keep private? Menus for the canteen Contracts? Payroll? Operating manuals? Sales figures? Research findings? Canteen menus?
  13. 13. 14 © msmd advisors Ltd 2013 Cloud is cheap!
  14. 14. 15 © msmd advisors Ltd 2013 5. “Can you guarantee it will be cheaper?” – NO. It should be - because the providers have economies of scale in terms of hardware, networks, and expertise. The real business question is 'Can it give me a better service within my current budget envelope?'. It should do - because in most instances it is likely to be more efficient, robust, accessible, and secure than an on-premise service. However, just as with the IT Facilities Management contracts of the 1980/90s beware of the costs of changes to service/processes/volumes that the provider will charge. In addition moving to cloud services is not a 'fire and forget' issue. You need to have robust and regular monitoring of all areas of the service provided.
  15. 15. 16 © msmd advisors Ltd 2013 6. “We can't use a generic platform, our business is unique” – If you move to a cloud service you can take all your idiosyncrasies with you, but don't expect the service to be cheaper, because your provider will have to incorporate and train their staff on all those 'tweaks'. 60% + of the western world uses Google as their internet search engine, less than 1% of those customise the interface because the 'vanilla' product gives them the majority of what they need. The pareto principle (80-20) applies in information management/IT just as much as it does in the rest of life.
  16. 16. 17 © msmd advisors Ltd 2013 7. “Why shouldn't I keep doing all our processing internally?” – Look at the previous 6 answers. Your job security and progression really depends on addressing the business needs of your organisation. If you cannot provide the service the organisation requires, it will find someone who can.
  17. 17. 18 © msmd advisors Ltd 2013 The EU perspective – personal data
  18. 18. 19 © msmd advisors Ltd 2013 Data Protection Act 1998 - 8th principle “Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data”.”
  19. 19. 20 © msmd advisors Ltd 2013 'No go' zones for cloud adoption? X X X
  20. 20. 21 © msmd advisors Ltd 2013 8. “My regulator says I can’t have personal data stored outside the country” – So? That becomes an explicit contractual requirement, a focus of due diligence and then on-going monitoring. No different technically than stating the cleaning contractor should wash the toilet floors twice a day. Chose a provider that can address that requirement, and remember the geographic restriction only applies to personal data or that specified by national security. You can store your canteen menus anywhere in the world.
  21. 21. 22 © msmd advisors Ltd 2013 EU examples and initiatives
  22. 22. 23 © msmd advisors Ltd 2013 Whose legislation is going to hold back cloud adoption?
  23. 23. 24 © msmd advisors Ltd 2013 Whose legislation is going to hold back cloud adoption?
  24. 24. 26 © msmd advisors Ltd 2013 9. “All the cloud service providers are subject the Patriot Act and the US government can seize the data” – There are a lot of scare stories around the Act. Yes if your data is on US soil there is a risk it could be seized, if it poses a threat to US national security. But how many businesses will that apply to? More importantly there are many other providers of managed services or cloud provision in different geographies who are not subject to the Act. Look at the real issues of service delivery and expected outcomes, and as with all business decisions make pragmatic trade-offs of the risks and benefits.
  25. 25. 27 © msmd advisors Ltd 2013 Issues around cloud adoption We use procurement models for kit. not services (talk to the facilities manager) Bring your own (BYOx) can cause issues (though it shouldn't) Solution vendors don't like cloud (unless its their own – vertical integration = margins) Organisations need to keep/develop in house support (cloud is VANILLA) 3rd party add-ons not always available for cloud Granular Security can present challenges - apps designed for companies have a specific security mode Federated security for hybrid not yet addressed
  26. 26. 28 Thank you @mikemasseydavis responsive, credible, flexible © msmd advisors Ltd 2013