We are all making increasing our use of Cloud, whether that is through migration of existing legacy technologies out of datacentres, building new applications in the Cloud or by adopting vendor provided Cloud based services. Cloud is now mainstream; a foundational part of every companies technology estate. Almost all of the respondents to the 2020 Gartner Cloud End-User Buying Behaviour Survey indicated that their organisation plans to maintain or increase IT spending on cloud computing in the next 12 months. Gartner also state that 40% or all enterprise workloads will be deployed in Cloud Infrastructure by 2023, up from only 20% in 2020. The COVID-19 pandemic has resulted rapid advancement of Cloud strategies, driven by the non-negotiable need to collaborate and move teams out of physical premises and datacentres.
Like our client in this story, many businesses now adopting, or furthering the depth of their Cloud adoption, have an impossible shopping list for their Cloud needs; we want our Cloud to be the: safest, cheapest, most fully featured deployment with world class innovative, agile, provider agnostic, quickest to build, lowest maintenance system that is totally under our control to enhance and build upon. Whilst Cloud does set a new normal for the levels of nimbleness businesses can realistically achieve, it does open new threat vectors for those businesses that hold their company information and end customers’ personal and transactional data within the Public Cloud. Attacks and data breaches are very damaging to a compromised business. This becomes even more damaging when your business is operating within a regulated industry and this is why is it vital that regulated businesses have a Control Framework for Cloud that well adopted and operationally evident across their business.
- It is now a regulatory requirement that businesses have a full Controls Framework
- In August 2020 Experian, a consumer credit reporting company, experienced a breach of data which has exposed personal information of as many as 24 million South Africans, and 793,749 business entities, to a suspected fraudster
- The UK’s financial regulator has fined Commerzbank £38m for money-laundering failures, including an “out-of-control” system for checking clients
- 160,000 violations reported to the data protection authorities, GDPR fines approach €200million in Europe
- Of the $36 billion in fines since 2008, roughly $10 billion of non-compliance fines were awarded in 2019
Focus from regulatory bodies on Cloud Controls has never been more important. Broadstones have helped a brand name Financial Services business address this challenge of remaining demonstrably in control whilst consuming Public Cloud and be prepared for constructive, evidence based discussions with their regulator.