When the United States federal government adopted its “Cloud-First” approach to IT spending, governments around the world took notice. That was two years ago and in the interim the US government has saved $5.5 billion (USD) by moving significant portions of government IT infrastructure into the cloud. Current projections suggest that if “Cloud-First” becomes even more widespread, the equivalent of NASA’s annual budget ($12 billion USD) will be saved. Presumably governments are paying even closer attention now.
But are they paying attention to the wrong thing? Clearly, cloud migration is happening across government and the private sector at an extraordinary pace. This will continue as bottom line thinking eclipses other issues which are more difficult to quantify.
After all, the cloud seems to combine ease of access and data security with low, ongoing-costs. There is also something very appealing to the cloud’s “out of sight/out of mind” quality. But while cloud may very well be that disruptive technology that brings permanent economy-of-scale changes to the way we store and access our data, any organisation that is serious about security must take a step back, consider several issues and build an approach as it contemplates existing or potential cloud deployments.
The first issue is data sovereignty. It might seem obvious, but if your data is housed in another country it has effectively become a resident of that country, subject to its laws (or lack of legal rigour).