Global businesses want to move their applications and workloads to cloud primarily for two reasons: 1) Time-To-Market (TTM) and 2) to realize the cost economics offered by cloud computing. Most of the adopters of cloud today are small and medium businesses, while large business houses are lagging behind in cloud adoption. However, 74% of large industries have not adopted cloud or modernized their infrastructure. Their primary concerns are security, governance and data sovereignty (data residency). This has limited cloud providers from taking on the liability, and prevents them from indemnifying against breaches. Modern businesses that have leveraged on cloud economics are what we call the “fun and games” clouds, as they are less concerned with security, privacy and data laws across jurisdictions. Industries such has healthcare, automotive, banking etc. have yet to modernize their infrastructure and leverage the economic benefits offered by cloud-like infrastructures.In a networked society where businesses are interconnected (locally and globally), such as with a connected car, we need cloud-like infrastructures for better economics so we can potentially improve resource utilization via resource sharing/multi-tenancy etc and also improve TTM. However, that is not enough for a company to flourish and thrive in the networked society. Businesses also need to ensure that:
- liability for potential security breaches is covered
- regional and local laws are not violated
In a CNN interview last week, the CEO of Volvo said that hacking and legal liabilities could significantly slow down adoption of self-driven cars (http://cnn.it/1jeFvhr). He further stressed that if you cannot indemnify any breaches and accept liability, you shouldn’t enter into the autonomous driving business. This effectively means that you cannot modernize your business and survive in a networked society if you are not trustworthy. In other words, any modern business needs to enable trust within their infrastructure while ensuring better economics by adopting cloud-like infrastructure.
Traditional IT and the cloud industry have never been prepared to provide this trust and liability protection via service level agreements (SLAs). The question facing modern businesses is therefore: How do you ensure trust in a society that has consistently failed to protect their assets? (Too many examples of security failures, so not quoting any)
In a cloud-like infrastructure that is highly accessible and is shared for better resource utilization, adopting a weak approach for security (such as perimeter-centric security) will not be sufficient. We need new paradigms for security in the networked society. Renowned cloud and datacenter thought leader and digital industrialist Dr. Jason Hoffman in his interview with Lightreading earlier this year stated (http://ubm.io/1vOBl2l) that the industry needs to adopt a position where everyone is classified as an insider (meaning there’s an assumption that everyone has system access), and every system is defined as compromised. Instead of trying to secure the entire system, companies should instead work to secure the important data within it. Modern businesses need infrastructures that are highly accessible and that are protected against a highly sophisticated malicious insider.
Ericsson’s data-centric approach, for example, is to enable industries to act on a given malicious change of data (files, configurations or data that is consumed and generated within the infrastructure) in real time. It ensures a clean state of your infrastructure from day one and provides continuous monitoring, and a real-time data integrity detection mechanism using an internet scale technology like KSI (keyless signature infrastructure: http://bit.ly/1LdzwjE).
Another key requirement for modern infrastructure is governance and data sovereignty. Being able to go global without breaking the local laws is the holy grail. Cloud pioneers like AWS, Azure, and Facebook all target the handful of countries in the head of the curve, but have yet to address the local laws in the long tail of over 180 countries. The European Court of Justice recently invalidated the 15-year old Safe Harbor Agreement (http://bit.ly/1OtMtKI), with the result that American companies will no longer being able to keep EU citizens’ data in the US. Overnight, a centralized cloud infrastructure – where all industry data is stored centrally in one place governed and regulated by the laws of that particular country – is no longer viable.
What the networked society (and IoT) needs is a highly decentralized infrastructure that obeys data residency laws. Current IT industry solutions forgo this in favor of being able to provide a single economic and operational model with a single programmable experience. Interestingly, the telecom industry has created a model where operators can interoperate both nationally and globally, where citizens can roam while following the regulations of the country they are in. This is the kind of system the cloud industry also needs to adopt in the networked society.
To conclude, any global modern business looking to “go cloud” needs to adopt infrastructure that goes beyond today’s legacy centralized models. They need infrastructure they can trust, with complete visibility that enables them to securely do business in every country they address. With the networked society, we are entering a new world where the explosion of data sources is inadvertently leading to an explosion in data borders. It is time to rethink cloud. Let the revolution begin.