Moving into 2020, there are four key Cloud computing challenges that both public and private sectors continue to wrestle with, namely: resourcing, cyber security, data sovereignty and choice of Cloud provider. As with many aspects of IT they are related and, in some cases, will need to be solved together.
Tackling resources and maintaining flexibility within IR35
Many Cloud and cyber security professionals choose to be contractors, and with IR35 increasingly applying to private as well as public sector, many organisations are now feeling the pinch.
Well over a year ago, the UK saw the tightening of IR35 legislation, which had a big impact on contractors within the public sector. As a result, many of them were forced out. This exodus left public sector organisations scrambling to find enough technically skilled people to support their transitions to the Cloud. As a managed services company we continue to see a high demand from the public sector to provide either professional services or contractors because there are simply not enough skilled people in the market to meet demand. And with technology moving on so rapidly, many organisations are struggling to keep up.
So, what will the impact be? Whilst to date this has largely been confined to the public sector, from April 2020 we are expecting to see its expansion into the private sector too. Some private sector contractors are transitioning to become permanent staff, with those wanting to maintain the flexibility of contracting looking for opportunities elsewhere. We have already seen a wave of large organisations rolling out blanket policies on the use of contractors within their respective organisations, with many more expressing concerns over the distinction between permanent employees and contractors.
IR35 has created a difficult landscape to navigate and will see the tightening-up of HMRC’s enforcement of its rules on off-payroll working. Managed service providers, like Clearvision, present organisations with the means to secure the specialist and skilled resources their projects require, with the burden of making IR35 determinations passed to the managed service provider as the fee-payer.
Public versus private Cloud, cyber security and data sovereignty
Cloud cyber security issues continue to dominate both the public and private sectors. In the public sector, the challenge is mostly around data sovereignty (the location of data). Previously the big providers, AWS and Azure, struggled to make their mark in the public sector because they weren’t able to meet the stringent security requirements demanded by closed environments. As a result, UK Cloud has largely dominated government-approved Cloud environments – and we too have worked closely with them. Today, however, we are seeing an increasing shift and the playing field is starting to level out with AWS and Azure now able to provide these very secure public sector environments.
In the private sector, squabbles between the US and Europe around the Safe Harbour agreement in 2016 caused waves in how and where data should be stored. However, in late 2016, the European Commission accepted the new US Privacy Shield as a way of certifying data in a safe place if not held in a local country, as most companies that remain protective of their data prefer to keep it within the country of origin.
There are catches. When it comes to data sovereignty, many organisations don’t realise that when you sign up with a Cloud provider, even if primary data is held in the country of origin, when capacity hits certain limits providers might actually send your data to another country for additional data centre capacity. And companies may find that, while their primary data might be held in the country of origin, their backups might in reality be held in another data centre in a different country. The need for a robust disaster recovery approach may add to this risk.
If you are an organisation operating under strict compliance regulations, such as a financial institution or pharmaceutical or life sciences company, you could unwittingly be in breach by using some of the major Cloud providers (unless you have strict agreements in place).
Furthermore, SaaS providers need to be wary of suffering from similar challenges around conforming to data compliance regulations. When customers choose a Cloud SaaS vendor to store data, this may be outsourced to a provider such as AWS or Azure for the physical infrastructure, giving the customer little idea of where their data is primarily located. Depending on the location where vendors’ SaaS applications run worldwide, this could potentially breach compliance regulations. Customers should, therefore, look to choose a SaaS provider that can ensure compliance around where data is stored.
Choosing the right Cloud provider
Finally, while Cloud providers all operate under the shared responsibility model, they differ in their offerings, each with unique strengths and weaknesses. To navigate these challenges, organisations need to understand the dynamics.
Dominating the market are the big two — Amazon AWS and Microsoft Azure. Comparing the two, AWS still has the largest customer footprint and has been around longer, with particular success in marketing their solution in the non-Microsoft world. Where Microsoft steals a march on AWS is in everything related to the Microsoft Enterprise ecosystem found in most organisations. Ultimately, they are different worlds.
If you look at the numbers, Azure appears to be expanding faster than AWS. However, when you look closer, it’s largely organisations that are operating a Microsoft 365 environment who are starting to get into Cloud, often getting licences for free off the back of Microsoft 365 agreements.
In our experience, AWS environments are stronger in terms of functionality and we find these are solid implementations —particularly in the software development world and in mature enterprises. That said, Microsoft is expanding its tools and facilities, and soon there will be very little difference between the two. If organisations are already a Microsoft shop it makes sense to go with Azure, despite the obvious strengths offered by AWS.
However, I believe many organisations will adopt a hybrid position where both AWS and Azure are commonplace Cloud providers, despite this presenting another challenge recruiting skilled resources for Cloud. Doing this effectively for either AWS or Azure is hard, hence the value in finding a trusted partner, whose business model is to provide bespoke, fully-managed services for applications and Cloud environments.
In conclusion, Cloud makes things simpler in the long run. But resourcing, cyber security, and data sovereignty challenges added to the bewildering and growing selection of Cloud services mean that organisations need to take a strategic approach in realising this vision. As with all endeavours, choose your partners wisely.
Written by Gerry Tombs, CEO of Clearvision