Before a car is allowed to be used on the roads in Germany, it must first obtain approval from the TÜV. The same principle applies to cloud providers as well. In this scenario, however, PwC, among other organisations, awards corresponding certification. Markus Vehlow, cloud expert at PwC, offers his outlook on future cloud computing:
1. The term “cloud” will become a thing of the past
After all, the cloud metaphor is only used to emphasise what people have been spending so much time talking about in the last few years. In the mid-term, this word will simply blend in with what is associated with normal, everyday IT because cloud technologies are state of the art.
More and more companies are offering their IT services as cloud-based solutions. Other firms such as Amazon and Salesforce, on the other hand, have never done anything different to this ─ the cloud is quite literally part of their business model. IT applications that are not cloud based will, of course, also be used in future but will no longer be the dominating force.
2. Silicon Valley learns from the Germans
It certainly did not happen overnight. The Patriot Act, Safe Harbor, etc. – U.S.-based companies have taken a long time to internalise local legislation and the mentality and line of thinking that accompany it. The transition phase is nearing an end, however, as leading U.S. cloud providers have already become proactive by erecting data centres in Germany that are then subject to German jurisdiction. This, in turn, gives companies greater peace of mind that is sometimes rooted in a trustee concept or mutual arrangement reached to prevent administrative access to the data saved on German customers from a foreign location.
3. Legal framework conditions are being established
Previously the problem surfaced quite frequently that technology gave rise to something that the laws currently in place had not taken into account. In order to create standardised and reliable framework conditions in this context, a uniform approach must be adopted for managing international data traffic. One step that has already been taken in this direction is the EU-wide baseline data protection policy. Certain regulatory provisions are still required, however. This is why the German federal government has reacted to the ever-increasing levels of cyber crime with the IT Security Act which, among other stipulations, entails heightened security requirements and reporting obligations for operators of “critical infrastructures”, or structures that are of significant importance to society as a whole. These requirements and obligations also apply to corresponding cloud-based solutions.
4. The public sector is becoming “cloudy” and triggering a domino effect
The public sector will likewise rely more heavily on cloud-based environments. In order to meet the particularly high security requirements associated with activities in this area, the German Federal Office for Information Security (BSI) commissioned PwC to devise a control and implementation checklist for safe and secure cloud computing. This checklist now also applies to cloud providers looking to do business with organisations in the public sector. In the past, the BSI always had something of an umbrella effect on the entire market that, accordingly, transfers to numerous companies. As soon as cloud-based solutions satisfy the needs and requirements of a government department, they will also become attractive to companies who place a great deal of importance on secure computing.
5. Cloud first?
The “cloud first” strategy is playing an ever more important role to companies, whereby whether or not an application can be integrated in the cloud is the first question to be thrown into the room when it comes time to make new IT investments. Only if cloud integration is not feasible is the cloud environment ruled out. The cloud now brings together many ideas and concepts, including the internet of things, social media, Industry 4.0 and digitalisation. All of these are trendy topics that have been the talk of the town for years. And they all have one thing in common ─ namely, that the entire supporting infrastructure is built around a cloud-based solution.
6. Cloud governance to become an absolute must
“What I don’t know, I don’t care about.” This line of thinking can backfire quite badly when sensitive corporate data is involved. Many companies are not even aware of how many cloud-based services they and their employees actually use. PwC customers frequently work under the assumption of four to five services; in reality, however, they can easily number several hundred! Shadow cloud discovery, or shadow IT, is a term used in this context and is not seldomly associated with high-risk access on the part of employees when they save large numbers of confidential PowerPoint presentations on Dropbox, for example. It is therefore wise to analyse the aspect and relevance of shadow IT at the beginning of a cloud-based project to establish a common and accepted initial basis for subsequent cloud endeavours.