The transition to the cloud presents enormous opportunities for global enterprises. The rapid growth of higher value services like AI, analytics, blockchain and Internet of Things (IoT) is enabling companies to unlock transformative insights from their data like never before.
Enterprises are rapidly embracing the public cloud to help them manage, connect and optimize these big data workloads. However, with more data comes greater responsibility. Concerns about data residency, security and personal data protection are at an all-time high, especially as businesses navigate regulatory and compliance requirements like HIPAA, GxP, QMS and the upcoming General Data Protection Regulation (GDPR).
All organizations that collect, store, manage or process data have an obligation - and in most cases, a legal requirement - to handle it responsibly. In fact, research conducted by Vanson Bourne on behalf of IBM shows that almost half (47 percent) of survey respondents in the UK, France and Germany find it critical that they know what data protection measures their cloud provider has available.
Getting ready for GDPR compliance
The regulatory and compliance landscape that enterprises face is complex – varying by industry and country. However, the impending GDPR is top of mind for many enterprises around the world and they need to move quickly to prepare.
GDPR is a framework that affects companies both in and out of the EU, requiring businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. And the clock is ticking – the framework’s implementation date is May 25, 2018.
More importantly, GDPR has some serious repercussions if not met properly. For instance, some of the largest financial penalties for any failure to comply with GDPR could reach up to 20 million Euros, or 4 percent of global annual turnover, whichever is higher.
Taking a hybrid cloud approach
While it may present challenges, businesses that take a strategic approach to GDPR and compliance readiness will gain real opportunities to earn deeper customer trust. In reality, the cloud is a pathway, not a barrier, to success.
A hybrid cloud model is a good place for enterprises to start as they transition to the public cloud and prepare for GDPR. Factors such as geography, compliance, skill sets and existing infrastructure are all key considerations when implementing a cloud strategy and, as a result, it has become commonplace to use a mix of both public and private clouds.
One of the most important considerations is to strategically determine where data should reside. Many businesses have invested billions of dollars in infrastructure, applications and data, so it is critical to look at a cloud strategy from a holistic viewpoint.
By relying on a cloud platform with a single, integrated architecture, enterprises can use private cloud for their most sensitive data, a strong and secure public cloud for economies of scale and hybrid capabilities to connect and unify all clouds, data, services and applications.
Unified data governance
Another key consideration when navigating regulatory and compliance challenges is data governance. It’s entirely possible for organizations to meet regulatory and compliance requirements while still tapping into the innovation potential of higher order cloud services like analytics or AI. The solution to striking this balance is having a unified governance strategy that provides a single approach to managing data across the enterprise regardless of where it resides. This approach helps customers understand key characteristics of their information assets, apply rules and policies, establish a single trusted view of individuals and entities and manage data regardless of whether that data resides on a business critical system, a private cloud behind the firewall, a public cloud platform, or in hybrid cloud environment.
Interestingly, GDPR is actually becoming a catalyst for better data management and governance. As data volumes grow, taking a unified approach to data governance will help enterprises discover data and track its sources. There must also be controlled access to data sets with transparency regarding the location of the data, who is using it and what it’s being used for, as well as data isolation to ensure that it’s not intermingled.
The path forward
Enterprises are well past the stage where they look at the cloud in isolation or strictly as a cost-saving initiative, and they are eager to embrace the cloud as a platform for innovation. Even in the face of complex regulatory and compliance requirements like the fast-approaching GDPR, enterprises can leverage cloud to unlock new value from their data by maximizing their investments across public, private and hybrid cloud deployments as well as adopting a unified data governance strategy.
There are a number of data regulations in any given industry, and things can get complicated quickly. While your organization may be under a lot of stress for fear of non-compliance, rest assured that the cloud can help give you the agility, security and economies of scale you need to innovate and thrive in the data-driven economy.
John Considine is general manager of cloud infrastructure services at IBM