There’s no doubt cloud-based Data Warehousing as a Service (DaaS) lets you do large-scale data analytics on-demand, at low cost, and with little upfront capital investment. But despite the benefits, the two predominant cloud platform choices – public or private clouds – still don’t sit well with organizations like financial services that face tough privacy and regulatory compliance constraints.Laws such as Sarbanes-Oxley and BASEL III make it difficult for organizations to take responsibility for who can access data, how they use it, and how it’s stored …when it’s in the cloud. The policies were originally written with the presumption that IT resources were on premises and under tight internal security procedures.
Public clouds, where servers, storage and other DaaS resources are shared by many, are obviously a non-starter for these kinds of organizations. But even private clouds such as Amazon’s Virtual Private Cloud Service simply fence off a section of the public cloud so that workloads can be moved between internal and external data centers in a more secure way. It’s difficult to survive a compliance audit when where your data resides and how it’s managed remains a mystery in the cloud.
That’s why we at Kognitio are big supporters of the “exclusive cloud” model, where the data warehouse still physically resides within the organization’s firewall, but functions as a cloud DaaS service from the organization’s perspective. It’s a completely hands-off solution in which the IT resources are installed, managed and protected by a service provider and served up as an on-demand, pay-per-use cloud service. As with a traditional cloud offering, organizations gain all the benefits of flexible self-servicing. There is no overhead of implementing a data warehouse on site, it’s highly scalable, and no IT involvement is required in managing the database or hardware on which it’s running. Yet the organization meets its data storage and security compliance requirements.
So while traditional public and private clouds can satisfy the needs of many companies, regulated companies have a higher level of burden to protect privacy and data from falling into the wrong hands. The risk to IT for regulatory compliance requires a new cloud strategy that delivers all the benefits of the cloud while keeping safe within the firewall.
