Cloud adoption in the EU - and analyst's perspective (revised)

1
Cloud adoption in Europe
- an analyst's perspective
Mike Davis
Principal Analyst
June 2013
© All images acknowledged
© msmd advisors Ltd 2013
responsive, credible, flexible

2
Running order
The issues around Cloud are not new
The thirst for cloud solutions (to problems)
9 questions and myths that need to be burst
The things businesses haven't thought of
How does legislation impact
Cloud adoption?
EU examples and initiatives
Which legislation?

4
The thirst for and benefits from cloud
adoption
• Rapid adoption – learnt the lessons from web apps
• Rapid updates – without the pain of downtime
• Flex and scale – without “Yee cannot break the laws of
physics Captain”
• Addressed more needs than originally envisaged
• Scales exponentially (within contract and budget)
• Allowed IT to focus on solutions rather than 'plumbing'
• Better uptime than in house

5
These are all Cloud companies by design

6
9 questions/myths about Cloud for
EU CIOs
1. “I won't have control of my data”
2. “What if my provider get hacked?”
3. “How can I trust people I don't know to look after my data?”
4. “How can I be sure of my provider's privacy controls?”
5. “Can you guarantee it will be cheaper?”
6. “We can't use a generic platform, our business is unique, we need
significant customisation of our software to address our business
needs.”
7. “Why shouldn't I keep doing all our processing internally?” (It boosts my
staff numbers, my salary and my profile)
8. “My regulator says I can't have personal data stored outside the country”
9. “All the Cloud service providers are American, thus they are subject to
the Patriot Act and the US Government can size the data.”

7
Control

8
1. “I won't have control of my data”
– Yes you will, and as a corporate entity you still
have responsibility for your data too, no matter
where it is and who is processing/storing on
your behalf. If you are concerned about the
controls, look closer at the contracts and do
better due diligence. Banks and retailers do not
have qualms about security companies
transporting their cash.

9
How secure is cloud?

10
2. “What if my provider gets hacked?”
– There was a recent exercise on social engineering
hacking undertaken by so-called 'ethical hackers'.
Of the 25 well known corporations they targeted, the
majority were ‘captured’ within 15 minutes. The only
successful defendant was Google. Unless you are the
US government, you can't afford to invest in as much
training and infrastructure as a provider.
The real questions to ask are: 'How big is my security
team?' 'How quickly can they respond to a threat?'
More relevantly from a business perspective, 'How
sensitive is the vast majority of information in my
businesses systems?' I refer again to the canteen
menu.

11
3. “How can I trust people I don't
know to look after my data?”
– The question is 'Do you put the database management
and backup responsibility in the hands of people who
work for an organisation, whose only purpose is to
deliver a trusted service? Or to your intern, who is at
best paid the minimum wage (probably nothing at all),
and when his/her partner says “can you come to the
cinema now?” will choose the popcorn over the
mandated procedure'.

12
4. “How can I be sure of my
provider's privacy controls?”
– Because unless you are the intelligence service, they
are better at it than you are. It's their focus and
credibility. Like you they are subject to privacy laws,
and should have the ISO 27001 and equivalent
certification(s) (as should you).

13
What do you NEED to keep private?
Menus for the canteen
Contracts?
Payroll?
Operating manuals?
Sales figures?
Research findings?
Canteen menus?

14
Cloud is cheap!

15
5. “Can you guarantee it will be
cheaper?”
– NO. It should be - because the providers have
economies of scale in terms of hardware, networks,
and expertise. The real business question is 'Can it
give me a better service within my current budget
envelope?'. It should do - because in most instances it
is likely to be more efficient, robust, accessible, and
secure than an on-premise service.
However, just as with the IT Facilities Management
contracts of the 1980/90s beware of the costs of
changes to service/processes/volumes that the
provider will charge. In addition moving to cloud
services is not a 'fire and forget' issue. You need to
have robust and regular monitoring of all areas of the
service provided.

16
6. “We can't use a generic platform,
our business is unique”
– If you move to a cloud service you can take all your
idiosyncrasies with you, but don't expect the service to
be cheaper, because your provider will have to
incorporate and train their staff on all those 'tweaks'.
60% + of the western world uses Google as their
internet search engine, less than 1% of those
customise the interface because the 'vanilla' product
gives them the majority of what they need. The pareto
principle (80-20) applies in information management/IT
just as much as it does in the rest of life.

17
7. “Why shouldn't I keep doing all our
processing internally?”
– Look at the previous 6 answers. Your job security and
progression really depends on addressing the
business needs of your organisation. If you cannot
provide the service the organisation requires, it will find
someone who can.

18
The EU perspective – personal data

19
Data Protection Act 1998 - 8th
principle
“Personal data shall not be transferred to a country or
territory outside the European Economic Area unless
that country or territory ensures an adequate level of
protection for the rights and freedoms of data subjects
in relation to the processing of personal data”.”

20
'No go' zones for cloud adoption?
X
X
X

21
8. “My regulator says I can’t have
personal data stored outside the country”
– So? That becomes an explicit contractual requirement,
a focus of due diligence and then on-going monitoring.
No different technically than stating the cleaning
contractor should wash the toilet floors twice a day.
Chose a provider that can address that requirement,
and remember the geographic restriction only applies
to personal data or that specified by national security.
You can store your canteen menus anywhere in the
world.

22
EU examples and initiatives

23
Whose legislation is going to hold back
cloud adoption?

24
Whose legislation is going to hold back
cloud adoption?

26
9. “All the cloud service providers are
subject the Patriot Act and the US
government can seize the data”
– There are a lot of scare stories around the Act. Yes if
your data is on US soil there is a risk it could be
seized, if it poses a threat to US national security. But
how many businesses will that apply to? More
importantly there are many other providers of managed
services or cloud provision in different geographies
who are not subject to the Act. Look at the real issues
of service delivery and expected outcomes, and as
with all business decisions make pragmatic trade-offs
of the risks and benefits.

27
Issues around cloud adoption
We use procurement models for kit. not services (talk to the
facilities manager)
Bring your own (BYOx) can cause issues (though it shouldn't)
Solution vendors don't like cloud (unless its their own – vertical
integration = margins)
Organisations need to keep/develop in house support (cloud is
VANILLA)
3rd
party add-ons not always available for cloud
Granular Security can present challenges
- apps designed for companies have a specific security mode
Federated security for hybrid not yet addressed

28
Thank you
miked@msmd-advisors.com
www.msmd-advisors.com
@mikemasseydavis
responsive, credible, flexible

Cloud adoption in the EU - and analyst's perspective (revised)

More Related Content

What's hot

Viewers also liked

Similar to Cloud adoption in the EU - and analyst's perspective (revised)

Recently uploaded

Cloud adoption in the EU - and analyst's perspective (revised)