The cloud industry has felt the wrath of Rupert Murdoch’s legal team more than most in recent years, as the broadcaster has taken against several firms for daring to use the word “Sky” in their branding.
Microsoft encountered the company’s commitment to preserving the use of the word “Sky” for its own business ventures back in August 2013, when it was made to change the name of its SkyDrive online storage service to OneDrive following a legal challenge.
Voice over IP messaging service Skype was subjected to something similar after taking steps to register its name with the Office for Harmonisation in the Internal Market (OHIM) in 2004, paving the way for a decade-long legal wrangle.
A European Union ruling in May 2015 concluded there was a risk consumers may confuse the two brands and their respective offerings, prompting Microsoft – who acquired Skype in May 2011 – to announce plans to appeal.
Microsoft has continued to operate the service under the Skype name since then and has faced no direct pressure to rebrand it. Meanwhile, as far as we know, Sky has not (yet) pursued an infringement claim against the company for doing so.
Sky’s earlier success with getting Microsoft to change the name of SkyDrive has been implicated in the firm’s latest trademark dispute involving public sector-focused provider Skyscape Cloud Services.
At least that was the name of the company until today, when Skyscape officially rebranded itself as UK Cloud, bringing an end to its long-running dispute with Sky, who claimed the name infringed on its trademarks.
While the pair are said to have been embroiled in a letter writing campaign for the past two years with regard to the name, Sky stopped short of launching legal proceedings against Skyscape.
Concerned about the uncertainty surrounding its right to use the name long-term, Skyscape sought to secure a declaration of non-infringement from Sky earlier this year by embarking on a legal challenge of its own.
The case was dismissed, and – as a result – Skyscape has decided to rebrand, rather than appeal or pursue any further stake or claim on the name.
In a statement to Ahead in the Clouds, Simon Hansford, CEO of the company formerly known as Skyscape, said the rebrand was its way of drawing a line under the matter.
“With the High Court’s decision, we felt the logical way for us to move forward and continue delivering exceptional assured cloud services to our customers would be to rebrand as UK Cloud,” he said.
“As a company, we decided to focus our time and money on creating a brand that showcased our unequivocal focus on the UK public sector and reaffirms our commitment to the market, rather than tying ourselves up in endless and costly legal proceedings.”
According to the company’s most recent set of results, for the financial year ending 31 March 2016, its services are used in around 200 active public sector cloud projects, while its revenue has risen from £3.7m to £32.1m over the past two years.
Public sector vs. general public perception
What’s interesting about the Skyscape case is, unlike the Microsoft SkyDrive and Skype debacles, the company involved is not a consumer-facing brand and its services are not marketed to the general public. Skyscape only sells to the public sector.
So, while the brand and its services might be well-known within government procurement circles, awareness of it within the general population is likely to be far lower. And, so too, one might argue is the risk of consumers confusing the two brands, which is the crux of Sky’s past issues with SkyDrive and Skype.
Hansford even raised this point with the High Court, to little avail, stating: “Given the ways we promote our services and the procurement frameworks through which we contract, I do not believe the general public is ever likely to become aware of our business or the services we offer; they simply are not relevant to consumers.”
While the rationale behind the rebrand does make sense, the circumstances surrounding it seem a tad unfair. Particularly when Skyscape has spent so much time building up its brand, as wells working to drive up the use of cloud services within the wider UK public sector.
In this guest post, Dr. Peter Agel, global segment leader for hotels at software giant Oracle, explains how pay-as-you-go computing is helping the hospitality sector improve profitability and respond to changing consumer demands.
Like every consumer-facing business today, the hospitality industry is confronted with unprecedented—and ever-increasing—demands from customers. To stand out from the competition, hoteliers at every price point are striving to provide a smoother, friendlier, and more personalised guest experience.
To do that successfully, organisations need to identify, adopt, and integrate new technological capabilities as soon as they become available. Otherwise, each new development becomes a negative differentiator—something you can’t do but the other guy can.
The CIO should lead this process of ongoing innovation, but assuming this role within the hospitality sector has typically been a challenge, because of the industry’s fragmented approach to IT.
Typically, each individual site has their own IT team running their own servers, carrying out maintenance and software upgrades, and collecting its own data.
In companies where a centralised system exists, hotel staff can and do bypass it in the interest of, say, getting a guest checked-in quickly. If there is no record of a certain guest in the hotel’s database, rather than waste time checking the central data repository, a busy desk clerk may simply create a new record on the spot.
In such an environment, it is extremely difficult to upgrade system capabilities without adding a lot of bolted-on point solutions, which in turn makes the system even more difficult to maintain and scale up.
Opportunity for innovation
Cloud offers CIOs an opportunity to leapfrog over these structural difficulties by moving, organisation-wide, to a simplified environment that is secure, stays current, and can scale rapidly. Through its cost efficiencies, it can also enable them to develop and add-on their own proprietary innovations.
By replacing the traditional, decentralised hotel-chain IT structure with a centralised, easily maintained and upgraded system, CIOs are afforded the opportunity to stop being the guy who keeps things running to someone who works hand-in-hand with the organisation’s business stakeholders to drive innovation.
The case for innovation in this industry is not hard to make. The entire travel sector has been feeling the aftereffects of the economic crisis, while online travel agencies sought to disrupt hotel chains in terms of distribution cost and customer relationship management.
Hoteliers have responded by attempting to build a direct relationship with their customers, while seeking out opportunities to merchandise and upsell.
Creating these relationships, however, has yielded challenges of its own. Hoteliers are inundated with bits and pieces of information, which collectively promise to unlock vital insights into their business but lie scattered and inaccessible throughout their operations.
Bringing it all together requires a digital technology management system or repository, where the data can be tapped quickly and easily by any qualified user and shared enterprise-wide in an instant.
Greater security and data integrity
Moving from a local IT model to the cloud is a major change, though, and there is an understandable hesitation in the industry about making (what can appear to be) such a radical step. While some hotel companies are aware of the advantages of the cloud and are working toward making the transition, a greater contingent is held back by concerns about system security and data integrity. A centralised function that is off-site seems simpler, but triggers key concerns: What if I lose power? What if I lose my data?
Though seemingly counter-intuitive, it can be argued these problems are less likely to occur in a cloud-based system. By its very nature, data processing in the cloud is distributed across a large network of servers, which means it is less likely that there is a single point of failure.
This redundancy, coupled with 24/7 global support for the systems, enables major suppliers of cloud-based services to run at higher uptime than many local IT systems.
As for data integrity, a cloud-based system could handle all customer records in one place, automatically merging and updating them virtually in real time – providing a more robust customer database than decentralised systems.
To protect this asset, major cloud service providers offer encryption, virus scans and whitelist support, and these protective systems are continually maintained and upgraded. The same cannot always be said for local IT operations.
Arguably, the greatest benefit of cloud is that it takes responsibility for IT away from local hotel managers, allowing them to devote their attention to guests. Moreover, by creating a central customer database, the cloud enables hotel managers to provide even better, more personalised care as well as offer ancillary products and services.
On the enterprise level, the cloud makes it possible to stay abreast of business and technological developments without having to make unexpected investments in IT infrastructure.
Along with these reduced implementation and ongoing resource costs come automatic and universal software upgrades. Other benefits include increased power, storage capacity and performance, and a drastically shortened deployment process.
With the tumultuous challenges facing the industry today, it’s no wonder hoteliers are kept awake at night with weighty questions: How can we broaden our array of services or enhance interactions with customers? How can perishable inventory – a room that stands empty for a night is revenue lost forever – be better distributed? How can work efficiency be increased? Fortunately, some answers can be found in the cloud.
In this guest post, Frank Denneman, Chief Technologist at PernixData, advises operators to apply Rubik Cube-solving strategies to datacentre management problems.
When attempting to solve a Rubik’s cube most people pick a colour and complete one face of the cube before moving on to the next. While this approach is fun, it is ultimately doomed to fail, because addressing the needs of one side of the cube causes the remaining five to be thrown into chaos.
The components of a virtual datacentre are similarly inter-twined, as isolated changes in one part of the IT infrastructure can have massive implications elsewhere. For example, a network change might result in bad SAN behaviour. Or, the introduction of a new virtual machine might impact other physical and virtual workloads, residing on a shared storage array.
The shared components of the virtual datacentre are fundamental to its success, as it allows operating systems and applications to be decoupled from physical hardware. This allows workloads to move around dynamically, so they can be paired with the available resources.
This provides better ROI and arguably benefits the quest for business continuity. But it’s this dynamism that makes it so difficult to solve the problems when they arise.
Tackling datacentre management problems
Due to the sheer complexity of today’s datacentre, troubleshooting is typically done per layer. This is an interesting challenge in the world of virtual datacentres, where more virtual machines and workloads are introduced daily, with varying behaviour, activity and intensity.
While context is critical for virtual machine troubleshooting, it is very hard to attain because the hypervisor absorbs useful information from the layers below it.
Furthermore, applications running on top of the hypervisor are very dynamic, which makes traditional monitoring and troubleshooting methods inadequate. You need to take a step back and ask, “Are my current monitoring and management tools providing an answer to a single side of the cube, or are they providing enough perspective to solve the whole puzzle?”
The only way to solve all aspects of a datacenter management problem is to use big data analytics, which have been changing the way things operate for years.
Wal-Mart and Target, for example, are able to correlate many data points to accurately predict customer behaviour. Similarly, bridges are equipped with sensors and big data analytics to identify changes in heat signatures, vibrations and structural stress to prevent mechanical and structural failures. With this in mind, IT should use the power of big data analytics to improve results in their own datacentres.
Applying big data analytics inside the hypervisor taps into the vast collection of data present, with insight into application, storage and other infrastructure elements. You can create a context-rich environment that provides an in-depth understanding of the layers on top and below the hypervisor.
For example, you can get unprecedented insight into workloads generated by virtual machines, and how they impact lower level infrastructure, like storage arrays. You can discriminate workloads from one another, and understand how the infrastructure reacts to these workloads.
This, in turn, helps developers optimise their code to the infrastructure, which then lets infrastructure teams optimise their systems as needed.
With big data analytics inside the hypervisor, everyone wins. You can view your datacentre in a holistic fashion, instead of solving individual problems one at a time.
Cloud contracts are notorious for being weighted in favour of providers but, for an industry still grappling with how best to win the trust of users, it’s a risky way to do business, argues Caroline Donnelly
Whenever news breaks about a cloud company going out of business or announcing shock price hikes, the first thought that usually crosses their customers’ minds is, “what are my rights?”
Having covered the demise of a few high-profile cloud firms over the years, experience has taught Ahead in the Clouds (AitC) that if people only ask this question once their provider runs into trouble (or does something they are not happy with) it’s probably too late.
Finding out where they stand should the company decided to up their prices, terminate a service they rely on or carry out some other dastardly deed, should – ideally – be established well before they sign on the dotted line.
Experience also tells us that, in the rush to get up and running in the cloud, not everyone does. In fact, AitC would wager, when faced with pages and pages of small print, written in deathly-dull legal speak, very few actually do.
So, one might argue, when something goes wrong, the customer has no-one to blame but themselves if the terms and conditions (T&Cs) give the provider the right to do whatever the heck they like with very little notice or regard for the impact these actions may have on users.
But is that right, and should the cloud provider community be doing more to ensure their T&Cs are fairly weighted in favour of users, and are not riddled with clauses designed to trip them up?
In AitC’s view, that’s a no-brainer. End-users aren’t as fearful as they once were about entrusting their data to the cloud, but if providers are not willing to play fair, all the good work that’s gone into getting to this point could be quickly undone.
And it’s not just AitC that feels this way, because the behaviour of the cloud provider community has emerged as a top concern for consumer rights groups and regulators of late – and rightly so.
Held to account
The Competition and Markets Authority’s 218-page (CMA) Consumer Law Compliance Review, published in late May 2016, raised red flags about five dubious behaviours it claims cloud storage companies have a habit of indulging in that risk derailing the public’s trust in off-premise services.
And, while the CMA’s review set out to examine whether the way online storage firms behave could be considered at odds with consumer law, a lot of what it covers could be easily applied to any type cloud service provider and how it operates.
Examples of bad behaviour outlined in the report include failing to notify end-users about their automatic contract renewal procedures, which could result in them getting unexpectedly locked in for another year of service or hit with surprise charges.
Remote device management company LogMeIn’s activities in this area have come under close scrutiny from Computer Weekly, with customers accusing the firm of failing to tell them – in advance of their renewal date – that the price they pay for its services was set to rise.
LogMeIn refutes the allegations, and claims customers are notified via email and through in-product messaging when users login to the company’s control panel, even though its T&Cs suggest it’s under no legal obligation to do so.
Other areas of concern raised by the report include T&Cs that allow cloud firms to terminate a service at short notice and without offering users compensation for any inconvenience this may cause.
Microsoft’s decision in November 2015 to drop its long-standing unlimited cloud storage offer for OneDrive customers, after users (unsurprisingly) abused its generosity, would fall under this category.
The 2013 demise of cloud storage firm Nirvanix also springs to mind here, when users were given just two weeks to shift their data off its servers or risk losing it forever after the company filed for bankruptcy.
The borderless nature of the cloud often works against users intent on seeking some form of legal redress in some of these scenarios, as the provider’s behaviour might be permissible in their own country, but not in the jurisdiction where the customer resides.
The costs involved with trying to pursue something like this through the courts may vastly outweigh any benefit the customer hopes to get out of doing so, anyway.
In cloud we trust
It’s certainly a step in the right direction, and here’s hoping similar initiatives, incorporating a wider range of suppliers spanning cloud software and infrastructure start to emerge as time goes on. Because if customers can’t trust a provider to put their interests first, why should they assume they’ll treat their data any differently?
In this guest post, James Bailey, director of datacentre hardware provider Hyperscale IT, busts some enterprise-held myths about the Open Compute Project
Market watcher Gartner predicts the overall public cloud market will grow by 16.5% to be worth $203.9bn by the end of 2016.
This uptick in demand for off-premise services will put pressure on service providers’ hardware infrastructure costs at a time when many of the major cloud players are embroiled in a race to the bottom in pricing terms, meaning innovation is key.
On the back of this, The Open Compute Project (OCP) is slowly (but surely) gaining traction.
Now in its fifth year, the initiative is designed to facilitate the sharing of industry know-how and best practice between hardware vendors and users so that the infrastructures they design and produce are efficient to run and equipped to cope with 21st century data demands.
Over time, a comprehensive portfolio of products have been created with the help of OCP. For the uninitiated, these offerings may appear to only suit the needs of an elite club of hyperscalers, but could they have a role to play in your average enterprise’s infrastructure setup?
To answer this question, it is time to bust a few myths around OCP.
Myth 1: Datacentre efficiency is all that matters to OCP
This is largely true. After all, the mission statement of OCP founder, Facebook, was to create the most efficient datacentre infrastructure, combined with the lowest operational costs. The project encompasses everything from servers, networking and storage to datacentre design.
The server design is primarily geared around space and power savings. For example, many of the servers can be run at temperatures exceeding 40C, which is way higher than the industry norm, resulting in lower cooling costs.
This efficiency adds up to an important cost saving and a smaller carbon footprint. When Facebook published the initial OCP designs back in 2011, they were already 38% more energy-efficient to build and 24% less expensive to run than the company’s previous setup.
Myth 2: Limited warranty
Most OCP original design manufacturers (ODMs) offer a three-year return to base with an upfront parts warranty as standard. This can often be better than what is offered by other OEM hardware vendors today.
The warranty options do not stop there. Given the quantities most customers purchase, vendors are open to creating bespoke support and SLAs.
In recent times, some of the more mainstream players have got in on the action. Back in April 2014, HPE announced a joint venture with Foxconn, resulting in HPE Cloudline servers aimed specifically at service providers.
Myth 3: Erratic hardware specifications
Whilst specifications do indeed evolve, the changes are not taken lightly. Any specification change is submitted to the OCP body for scrutiny and acceptance.
The reality of buying into the OCP ecosystem is that you are protecting yourself from vendor lock-in. Many manufacturers build the same interchangeable systems from the same blueprints, thus giving you a good negotiation platform.
That said, there is a splintering of design. A clear example is difference in available rack sizes.
The original 12-volt OCP racks are 21-inches but – more recently – ‘OCP-inspired’ servers have emerged that fit into a standard 19-inch space.
Overall, this is positive as you can integrate OCP-inspired machines into your existing racks, which has created a good transition path for datacentre operators looking to kit out their sites exclusively with OCP hardware.
Google’s first submission to the community is for a 48V rack which would create a third option. But surely this is all healthy?
Google estimate this could have energy-loss savings of over 30% compared to the current 12V offering, and who would not want that? There are also enough ODMs to ensure older designs will not disappear overnight.
Myth 4: OCP is only for the hyperscalers
Jay Parikh, vice president of infrastructure at OCP founder Facebook, claims using OCP kit saved Facebook around $1.2 billion in IT infrastructure costs within its first three years of use, by doing its own designs and managing its supply chain.
Goldman Sachs have a ‘significant footprint’ of OCP equipment in their datacentres, and Rackspace – another founding member – heavily utilises OCP for its OnMetal product. Microsoft is also a frequent contributor and runs over 90% of their hardware as OCP.
Additionally, there are a number of telcos – including AT&T, EE, Verizon, and Deutsche Telekom – that are part of the adjacent OCP Telco Infra Project (TIP).
Granted, these are all very large companies but that quantity of scale drives the price down for everyone else. So, if you are buying a rack of hardware a month, OCP could be a viable option.
Opening up the OCP
In summary, the cloud service industry has quickly grown into a multi-billion dollar concern, with hardware margins coming under close scrutiny.
The only result can be the rise of vanity-free whitebox hardware (ie hardware with all extraneous components removed). Recent yearly Gartner figures show Asian ODMs like Quanta and Wistron growing global server market share faster than the traditional OEMs. Nevertheless, if Google is one of your customers, it is easy for these numbers to get skewed.
Even for those not at Google’s scale, the commercials of whitebox servers are attractive, and it might give smaller firms that are unable to afford their own datacentre a foot in the door.
However, most importantly, the project has also led to greater innovation and that is where it really gains strength.
OCP brings together a community from a wide range of business disciplines, with a common goal to build better hardware. They are not sworn to secrecy and can work together in the open, and that really takes the brakes off innovation.
Amazon Web Services (AWS) celebrated its 10th anniversary on 14 March, having devoted the past decade to popularising the cloud computing concept and – in turn – shaking up the IT industry.
To mark the occasion, the Infrastructure-as-a-Service (IaaS) giant released a series of blog posts that saw execs -such as CTO Werner Vogels – taking a fond look back at some of the high points of AWS’ first decade in business.
These include signing up a million active users to its cloud platform, such as Netflix, AirBnB, Lebara, Guardian Media Group, Trinity Mirror Group, Aviva and others, while cultivating a product release cadence that sees it rollout hundreds of new features and services for subscribers each year.
However, while the firm and its execs set about looking back over its successes, industry watchers were busy pondering what the company’s next 10 years in business are likely to look like. Particularly in light of the news that several of the firm’s high-profile customers have started scaling back their use of its services. Or have they?
Music streaming site Spotify announced in February that it was in the throes of moving its IT infrastructure over to the Google Cloud Platform, having previously been hailed as a reference customer of AWS.
Earlier this week, Dropbox, a major user of Amazon’s Simple Storage Service (S3), outlined details of the work it is doing to curtail its use of cloud, resulting in 90% of its users’ data now being stored on-premise.
A few days later, this was followed by a (source-led) report that consumer electronics giant Apple was following Spotify over to Google’s cloud. The company is already known to run unspecified amounts off its operations in both AWS and the Microsoft Azure cloud, incidentally.
Shifting sands of enterprise IT
This apparent “mass exodus” of big AWS customers has prompted a degree of debate online about whether or not this is indicative of a wider industry trend, and that – after a decade of steady growth and big customer wins – Amazon might be losing its hold on the cloud market. I personally don’t subscribe to that notion.
You see, while the Spotify, Apple and Dropbox news is certainly interesting (I wouldn’t have written about it, if it wasn’t), I personally don’t think what we’re bearing witness to here is necessarily a sign that Amazon’s grip on the cloud market is weakening.
According to Ahead In the Cloud sources, Spotify and Dropbox are still using Amazon’s cloud. And – certainly in the latter case – looks set to use more of its capacity over time to prop up its international operations for data sovereignty purposes.
So, no, I don’t think we’re witness the beginning of the end of AWS, despite what some rather over-excited folks on Twitter might claim.
Instead, what we’re actually seeing is the cloud market coming of age. And, by that, I mean really starting to deliver on the promises the industry’s great and good have made in the past about off-premise services giving enterprises greater freedom when it comes to IT.
I’ve spent more time than I ever care to think about sat in IT conference keynotes, listening to vendor execs wax lyrical about how cloud will allow enterprises to move their workloads – based on their cost, performance and security requirements – to wherever makes most sense to run them.
With that in mind, what we’re really seeing – in the case of Spotify, Dropbox and (allegedly) Apple – is simply them exercising their right to do this.
It’s also worth mentioning that cloud is still a relatively nascent technology concept, and many companies are still getting to grips with how best to use it, undoubtedly resulting in several tweaks to their product and supplier strategy as time goes on. Again, what we’re seeing with Spotify, Dropbox and Apple (reportedly) is probably them going through the same process.
Social gaming firm Zynga went through something similar several years ago, that saw it set out plans to ditch AWS, in favour of building out its own datacentres because – given the sheer number of people playing its games – they could achieve the economies of scale needed to make it worthwhile for them.
Unfortunately, this change in strategy occurred just before demand for its flavour of desktop- and browser-based games dropped through the floor, and mobile gaming took off, prompting it to abandon its build-your-own datacentre strategy and ramp up its use of AWS again.
All-in or all-out?
What the Zynga example neatly serves to highlight is the futility of discussing company’s cloud strategies in absolute terms: you’re either all-in or you’re not, and once you’ve moved your final workload or whatever to a certain provider’s cloud, the job’s done.
The reality is, for many firms, their cloud strategies will probably end up being a lot more fluid than that, with end users moving to shift workloads from one provider to another or back on-premise as and when they want and need to.
As the price of using cloud continues to drop and providers add more features and functionality to their platforms, end users will get more comfortable with using off-premise services. This, in turn, means they will become more adept at switching providers – if someone is offering a sweeter deal elsewhere – or move to adopt a multi-provider cloud strategy.
While we watch and wait for all this to play out, here’s to the next ten years of cloud. Or whatever we’re calling it by then.
In this guest post, Ashish Gupta, BT’s UK president of corporate and global banking financial markets, shares his views on how the banking sector should go about embracing cloud.
The need to scale – add more customers, trade new asset classes, expand locations – at speed has overcome the financial services sector’s initial reluctance to use cloud services. What’s more, the flexibility of cloud-based resources and services is an attractive alternative to the expense of owning and running large datacentres.
When talking cloud, the first question is always about security. Just how secure can customer data and commercial operations be when stored on someone else’s infrastructure? The short answer is: very secure indeed. Cloud services should be at least (if not more inherently secure) than their in-house equivalents.
However, the absence of industry-wide standards and the ease with which an individual department or business unit can sign up to the cloud mean some organisations are using cheaper, consumer-grade cloud services that could leave them vulnerable to security breaches.
A piece of research by BT exploring attitudes and levels of preparedness towards distributed denial of service (DDoS) attacks found more than a third of financial services organisations admit using mass market cloud services. Others may not even know they are.
Innovation is key to success
Of course, one of the great positives about cloud computing is that it encourages innovation, helping to build a more responsive, agile organisation. But if allowed to flourish uncontrolled, so called ‘shadow IT’ can open up a host of problems.
As such, banks and financial services companies need to know where their customer data is at all times, and details about how it is being handled. They need to be sure that an external cloud service isn’t going to leave the door open to malicious activity and DDoS attacks.
For the CIO, the challenge is how to let the organisation exploit the choice and flexibility of on-demand services without compromising corporate security or contravening regulatory requirements.
A CIO must – somehow – exercise a degree of control over the whole varied and shifting cloud estate.
Specialised cloud services for the financial community are part of the solution; they provide a highly secure ecosystem that connects thousands of applications and services with users worldwide. But what about your broader enterprise cloud applications? They also need to be secure.
The answer is to roll all your distinct cloud services – public, private and hybrid – into one single cloud that you can manage and secure centrally.
Adopting this type of approach without the support of an external service partner is quite a big task, even for the most experienced of IT professionals. The pragmatic CIO will look for an expert partner, such as an independent global network provider with skills in connectivity, security and integration.
Or, as industry analyst Ovum puts it: “Enterprises are increasingly likely to discriminate toward cloud service providers with combined datacentre and networking orchestration skills as their trusted brokers across hybrid clouds.”
Bursting the cloud of uncertainty
Centralising control with this type of strategy will help build security into the whole cloud environment, so employees (or customers) will to be able to connect securely from anywhere on any device to any service.
There’s no reason why mobile devices cannot be as secure as a desktop PC with the right controls. So cloud-based proxy servers let users connect securely via the internet from wi-fi, fixed and mobile lines.
You can remotely lock down the microphone and camera on smartphones so they can be used securely on the trading floor. Your own app store gives you control over what your users can download and use over the cloud.
Financial regulators including the SEC and the Financial Conduct Authority are taking a keen interest in cyber security. Taking a an approach like this will help financial services companies demonstrate that they understand the operational risks of cloud computing and have the right measures in place for secure trading and to protect data. For business, it offers the best of both worlds: the freedom to innovate, in a secure and compliant environment.
In a joint guest post, Rafi Azim-Khan, the European head of data privacy, and Steven Farmer, Counsel, for Pillsbury Law set out the reasons why cloud firms and users must tread carefully around Safe Harbour’s replacement
The European Commission and the US Department of Commerce have reached an accord on a new transatlantic data transfer protocol to replace the defunct ‘Safe Harbour’ agreement.
Known as the EU-US Privacy Shield, the new-look agreement was met with a mixed reaction from those relying on Safe Harbour (which was invalidated in October 2015) to shift EU data to the US. But, is it really the cure-all solution that industry watchers in some quarters have heralded it to be?
Although the text of the new framework is not yet available, reported key features of the Privacy Shield include:
- Stronger obligations to be imposed on U.S. companies to protect the personal data of EU citizens, and stronger monitoring and enforcement to be carried out by the US Department of Commerce and Federal Trade Commission. It is yet to be confirmed how such activities will take shape.
- Written assurances from the US that its government will not commit indiscriminate mass surveillance of data transferred pursuant to the Privacy Shield, and that government access to EU citizens’ data for law enforcement and national security purposes will be subject to clear limitations, safeguards, and oversight mechanisms.
- Similar to Safe Harbour, US companies wishing to rely upon the Privacy Shield will have to register their commitment to do so with the US Department of Commerce.
- Imposing a “necessary and proportionate” requirement for when the US government can snoop on EU citizens’ data that would otherwise be protected.
- New contractual privacy protections and oversight for data transferred by participating US companies to third parties (or processed by those companies’ agents).
- A privacy ombudsman within the US to whom EU citizens can direct data privacy complaints and, as a last resort, the Privacy Shield would offer EU citizens a no-cost, binding arbitration mechanism.
- An annual joint review of the Shield that would also consider issues of national security access.
While adoption of the Privacy Shield is arguably preferable to the gaping hole that was left by the defunct Safe Harbour, there are several issues that may undermine its value.
With the new framework not yet finalised, it is possible the threshold for keeping tabs on EU citizen data may not be satisfactorily defined.
This could lead to the re-establishment of a vague legal standard subject to political whims on both sides of the Atlantic. The end result being that companies relying on the Privacy Shield could be subjected to shifting policies and interpretations.
Additionally, if the annual joint review of the framework allows for it to be dismantled or substantially changed each year, then this could also diminish the certainty that US companies would seek to achieve through compliance.
All this raises the question of whether the Privacy Shield will offer a more valuable solution to those currently available to US importers of data. At this point, maybe not.
With uncertainty surrounding the Privacy Shield, other options for transatlantic data transfers – namely model contract clauses and binding corporate rules – are arguably more attractive alternatives for US companies transferring data Europe at this point.
More will be revealed as the EU and US move closer towards a binding agreement but at this stage companies might be better off considering the alternatives rather than putting all of their faith in the Privacy Shield.
In this guest post, Pete Koehler, technical marketing engineer for PernixData, explains why datacentre operators need to get a handle on the Working Set concept to find out what’s really going on in their facilities.
In this guest post, Sarvesh Goel, an infrastructure management services architect at IT consultancy Mindtree, offers enterprises a step-by-step guide to moving to the cloud.
There are many factors that influence the cloud migration journey for any enterprise. Some of them may trigger change in the way software development is approached, or even internal service level agreements, and information security standards.
The risk of downtime, and the knock-on effect this could have on the company’s brand value and overall reputation, should the switch from on-premise to cloud not go to plan, is often a top concern for some.
Below, we run through some of the other issues that can dictate how an enterprise proceeds with their cloud migration, and how their IT team should set about tackling them.
If there are multiple applications that talk to each other often, and require high speed connections, it is best to migrate them together to avoid any unforeseen timeout or performance issues.
The dependency of applications should be carefully determined before moving them to the cloud. Standalone apps are usually easier to move, but it’s worth being mindful that there are likely to be applications that simply aren’t cloud compatible at all.
There could be a few applications that require fast access to internal infrastructure, telephone systems, a partner network or even a large user base located on-premise. These can rely on a complex network environment and present challenges that will need to be addressed before moving to cloud.
Alternatively, if there are applications that are being served to global users and require faster download of static content, cloud can still be the top choice to provide customers with access to local or closer locations for content. Such examples include the media, gaming and content delivery industries.
Business continuity plan
Business continuity and internal/external SLA with customers often drive the application migration journey to cloud for disaster recovery purposes.
Cloud is an ideal target for hosting content for disaster recovery. It provides businesses with access to certified datacentres, hybrid offerings, bandwidth, storage and all at a lower cost.
The applications can be easily tested for failover and customisations can be made to hardware sizing of applications if and when disasters occur.
There could be legal reasons why personal or sensitive information needs to remain within enterprise’s firewalls or in on-premise datacentres.
Such requirements should be carefully analysed before making any decision on moving applications to cloud, even when they are technically ready.
IT support staff training
Undertaking a migration requires having people on hand who understand the cloud fundamentals and can support the move.
Such fundamentals include knowledge of storage, backup, building fault tolerant infrastructures, networking, security, recovery, access control and, most importantly, keeping a lid on costs.
For businesses around the world, including Europe, building a disaster recovery solution can be expensive, difficult, and requires regular testing.
Many European cloud vendors offer services on a pay as you use basis, with built-in disaster recovery, application or datacentre failure recovery, and continuous replication of content.
Using cloud for disaster recovery could provide a significant cost reduction in terms of infrastructure hardware procurement and the maintenance of the datacentre footprint.
Organisations could also choose disaster recovery locations in the same region as the business or several thousand miles away.
To conclude, once the applications are tested on cloud, and the legal/compliance concerns are addressed, organisations can opt for rapid cloud transformation.
This allows the development team to adopt the cloud fundamentals and use the relevant tool sets for rapid scaling of applications and create a more robust application experience, embracing all the power that cloud provides – not to mention the fallback option that gradual cloud migration provides to enterprises.