For the past two years we’ve all been reading about the acceleration of cloud migration. However, the reality is that many large organizations, particularly those in highly regulated industries, aren’t adopting cloud services as fast as they might.
In conversations with business leaders, we repeatedly hear that the CIO and other members of the C-suite want to move to the cloud to support digital transformation initiatives for benefits including innovation, agility, scalability, and efficiencies. But the CISO, who is responsible for securing data wherever it resides, has concerns about losing control over data and the ability to maintain data privacy and protection. In fact, in their Market Guide for Hybrid Cloud Storage, Gartner predicts that by 2025, 40% of enterprises will have implemented hybrid cloud storage, up from 15% in 2021. That’s a large segment of the market using on-premises or private cloud storage, and holding back from jumping all in with software-as-a-service (SaaS).
Control over the crown jewels
Popular SaaS providers like Salesforce, Workday, Dropbox, and others, offer tremendous value to organizations, but to use these services customers have to give up control of their data. It’s a conundrum because on the one hand, SaaS providers are expected to deliver 99.99% availability. So, naturally they want to maintain control over as many pieces of the solution as possible. On the other hand, for CISOs this can mean turning over their crown jewels to a third party. This can be a showstopper unless they know they can trust that data maintained and processed through the service will remain private and secure.
Evolving regulatory climate
There are other reasons why cloud migration isn’t happening at the pace we expect: regulations and uncertainty around how they will play out. As a matter of good business practices, SaaS providers have the responsibility to earn and maintain the trust of their users that data will remain protected. However, SaaS providers within the European Union (EU), or based in another country but offering products and/or services to individuals in the EU, have the legal obligation to follow the EU’s General Data Protection Regulation (GDPR) data privacy and security law.
Service providers are trying to be compliant, but until we see how strictly EU courts interpret the Schrems II decision on current GDPR guidelines on data transfers outside of the EU, European businesses and US SaaS providers are both in limbo. Another piece of the regulatory puzzle is the Clarifying Lawful Overseas Use of Data (CLOUD) Act designed to expedite access to electronic data for the purpose of countering crime. It’s still early days and its implementation is another uncertainty for market participants.
To navigate these regulations, some US-based SaaS providers stand up their own datacenters in the EU, while others are forming partnerships with datacenter providers in EU countries. Such extra measures take time, cut into profits, and require that SaaS providers change their model and relinquish control over customers’ data to another entity. And we haven’t even talked about doing business in other parts of the world, where regulations to protect citizens’ data are not in place. Doing business in those regions while upholding best practices that provide CISOs with the confidence they need to migrate certain services to the cloud, is difficult at best.
Enter 'bring your own storage'
It’s time for SaaS providers to start thinking about data storage differently to ease the logjam. Organizations should be able to choose where their data is stored and how it is accessed – whether all or some of their data required for service delivery is stored with the SaaS provider or stored securely somewhere else.
A microsharding option is one approach that gives the organization control over their data, operating in the background as secure storage and configured to work seamlessly with the SaaS provider’s technology stack. Enabling “bring your own storage” with microsharding can create a win-win for organizations and SaaS providers. It can get fence-sitters to accelerate their transition to SaaS solutions and enjoy the many benefits, since the organization maintains control of their data. And it helps lower some of the costs and regulatory barriers for SaaS providers to penetrate the EU and other markets.