Capping IT Off

Capping IT Off

Opinions expressed on this blog reflect the writer’s views and not the position of the Capgemini Group

No more "regulatory compliance" excuses for cloud adoption please

Category : Cybersecurity

Microsoft Online Services anounced today that GlaxoSmithKline bought a 100.000 seat license for their SaaS solution. Two interesting things here:

  • GSK was a Lotus shop before. This is also the biggest group that Microsoft is targeting with this BPOS service offering with a pretty compelling price offer. Microsoft Online does NOT want to replace on-premise Exchange nor Sharepoint solutions, let that be clear.
  • "GSK is a highly regulated customer in a highly regulated industry". This is pretty intruiging because you always hear people saying "oh coud is not for our company, we are too much regulated to adopt that". Well guess again.
Now you have to realize a few things here. You need to make a distinction between the primary processes that are really critical and the secondary processes that just support your business. Big part of most companies' IT systems belong to the second and that part is easier to move to a SaaS or cloud solution. Even more, you see that SaaS vendors are more and more coming forward to addressing the issues of archiving, long-term viability, compliancy etc. Choosing a large stable partner like Microsoft or Google might be in that case a safer bet than an obscure Web 2.0 startup. (ok don't whine about the Gmail outage please :-p) And then you need to ask yourself: "are we really prevented to adopt the cloud by some regulatory compliance issue, or are we just assuming that?" There are probably a lot of gray areas where people think that they can't but actually with taking some measures they can. If you take for instance the GigaSpaces framework for building your cloud application on the AWS platform, then you can actually have a solution where your data is stored on-premise and the cloud is used as your processing datacenter. If you make sure your data is encrypted according to certain standards and make use of the fact that the GigaSpaces framework can allow you to process everything in-memory without writing anything to the disks of the processing servers... well are you still breaching any laws then? So, in several cases it's just plain obvious that you can't go all the way cloud, but I have the feeling that there are a lot of cases where you actually can if you take the right measures. Any law-firms specialized in cloud? ;-) --- Lee Provoost is a Cloud Computing Strategist and ERP+ lead at Capgemini. You can follow his ongoing stream of thoughts on Twitter

About the author

L. Provoos
L. Provoos

Leave a comment

Your email address will not be published. Required fields are marked *.