Businesses and other organizations are increasingly moving to the cloud. Gartner reports that the total market for public cloud services is expected to grow to $210 billion by 2016 and that SaaS, PaaS, and IaaS will achieve compound annual growth rates (CAGR) of 19.5, 27.7, and 41.3 percent respectively, through 2016.
As the cloud has become mainstream, the debate about cloud adoption has shifted from “if ” to “how.” Moving business infrastructure to the cloud goes beyond financial and resource implications. Common questions and points to consider include:
* Regulations around information privacy and security are being adopted globally with increased penalties, and disclosure requirements for breaches.
* Law enforcement in many countries can increasingly compel disclosure of cloud-based information from service providers, often without consent or notification of the data owner.
* The cloud doesn’t recognize national boundaries, and best practices often call for distributing information across data centers, regions, and countries for redundancy and accessibility. As data crosses borders complying with privacy and data residency laws in multiple countries becomes extremely complex.
* Most cloud providers take reasonable steps to secure their infrastructure and applications, but do not take legal responsibility for the security of your information. At the same time, regulations are becoming increasingly explicit that the organization is legally responsible for protecting their sensitive data, regardless of where it resides in the cloud. This convergence of opportunities and challenges requires a new approach to cloud information protection. Organizations must assure their sensitive data is protected before it goes to the cloud, and cannot be accessed or leaked by third-parties.