2017 begins the countdown to an unprecedented number of challenges that enterprises across the spectrum will need to face up to including Brexit implications, GDPR and Rule 41. This all applies in the closely regulated Public and Finance sectors.
Financial institutions and public sector organisations hold some of our most highly treasured information – and as our demand for more flexible services grows, so too does the risk for those responsible for protecting our information.
But it goes beyond just protecting customer data across their mobile and online products – it’s about protecting the organisations’ own internal data and IT systems from would-be hackers and even from other countries accessing data. In 2015, British finance institutions were investigated 585 times by the Information Commissioner’s Office, an increase of 183% from the previous year (1). This could be evidence that institutions’ compliance checks and procedures are working more effectively than ever, or an indication that financial organisations don’t have the necessary systems and processes in place to balance cloud service consumption with high levels of security.
Lets talk ‘data issues’
Historically, for larger enterprises, all data would have been located within an on-premise datacentre – they would know where it was, how secure it was and who was accessing it. With a myriad of different cloud services at play in even just one department today, banks now have to look at how they protect data whilst retaining the flexibility and business opportunities that come with deploying interconnected cloud services.
We are starting to see more financial institutions dipping their toes into cloud services for some of their central resource requirements; with many running test environments using dummy data on cloud services to reduce time and cost when developing new customer products.
Of course it depends on the profile of your own organisation and your customers – from SLAs regarding uptime and security through to being aware of any regulations that govern your business activity. However cloud doesn’t have to be risky when it comes to data protection.
Data across borders
Despite Brexit and the implications for data governance across borders, Microsoft Azure and Amazon Web Services have committed to a future in the UK with their much lauded UK data centre launches – taking away the argument for controlling where data is located for many organisations. Yet banks still need to ask critical questions of their technology partners about just where the data and systems are housed, as the Bank of England CIO, John Finch, commented in an interview to Business Cloud News (2), a well-known hosting provider may promise to keep all data in Europe, but their systems are located in Norway – so anyone hosting with them must be aware of Nordic law to truly understand all implications for their data. And those questions have to continue throughout the lifecycle of the cloud service, as data sovereignty issues can develop over time, such as in the case of Microsoft seeking to obtain emails held on servers within Irish datacentres for companies headquartered in the US (3).
Organisations now have the opportunity to access cost-effective, highly scalable cloud services that are UK based and can guarantee that data will never cross a border. But it’s about matching the workload to the correct cloud location and service type.
A business critical application handling real-time trading information might not be right for a cookie-cutter type cloud service from one of the big players. If you have strict SLAs that need to be adhered to then you don’t want to be in a queue with thousands of other customers if the service does go down. Yet an email marketing tool that is used once a week for an hour and needs to be scalable to deal with spikes when mass emails are sent – but isn’t directly handling sensitive data and could afford to suffer a few hours of downtime without issue, could be a perfect candidate for a public cloud service.
But that’s the obvious application for a cloud service – and in fact, many cloud services are now so robust and secure, including our own cloud offerings from our UK datacentres, that they rival the security of in-house IT so the applications that can be put into the cloud don’t just have to be the lowest risk candidates. Cloud has ‘grown up’ and can offer high levels of security and robust SLAs.
We encourage the idea of a ‘Multi-Cloud’ approach to cloud sourcing, so that a safe and thoughtful approach is taken when consuming cloud – putting the right services on the right platforms. The services that don’t need to be located in the UK can sit on cheaper public cloud services delivered from a range of global datacentres, whilst critical data can be housed in the UK – with the ability to determine the specific rack, floor and datacentre where your systems are stored.
When we engage with customers, it’s a case of them presenting us with their business needs, the needs of their own customers and also the requirements that they have to adhere to from a data sovereignty perspective. Armed with that information, our expert teams can work alongside the client to plan out where their cloud services need to be housed, what they need to look like and the support services wrapped around their hosting solution to ensure it meets all required SLAs.
Delivered by HPE and Carrenza
Carrenza is a HPE Silver Partner Ready Service Provider, delivering hosting and cloud services to customers across the UK and Europe. Powered by HPE products and technologies, HPE Service Provider partners deliver a wide range of services, including dedicated hosting, hybrid cloud hosting, managed hosting, application specific hosting for mission-critical applications. HPE supports Carrenza in delivering its unique, UK based Multi-Cloud solution through joint go-to-market initiatives and sales engagement.