Head in the public cloud
UK datacentres from AWS and Microsoft give public sector bodies the opportunity to use the public cloud, but just how secure could personal data be, asks Tom Wright?
Since its inception, the public cloud has been a controversial talking point when it comes to highly regulated markets, with issues pertaining to security and compliance never being properly addressed.
Data sovereignty regulations in the UK require data to be stored on these shores, and this has led to the rise of local hosting providers. Meanwhile across the Atlantic, Microsoft has been taking on the US government after it aggressively tried to gain access to one of the company's overseas datacentres.
Until now, large enterprises in these regulated markets have steered clear of the likes of AWS and Microsoft Azure, but both are now boasting of increased traction as they bring datacentres to the UK for the first time.
Speaking during his keynote at AWS' Enterprise Summit in London, chief information security officer Stephen Schmidt claimed that large enterprises in a number of sectors are now considering public cloud to be a "genuinely viable option" as these security and regulatory issues are addressed.
Gavin Jackson, managing director of AWS UK, added: "You can always tell when you're part of some sort of movement when the ecosystem sort of flocks and gravitates towards the opportunity.
"The enterprise dialogue itself has also matured over the last 12 months. Enterprise customers are now very comfortable about sharing their stories and their journeys to cloud and AWS."
This increasing demand has resulted in AWS setting out plans for new datacentres - or regions, as it refers to them - across the world including in the UK. Microsoft is further down the line with its UK Azure datacentres in London, Cardiff and Durham - with the Ministry of Defence and an NHS Trust among its users.
Crucially, UK-based public cloud datacentres open up the opportunity for public sector bodies to meet data sovereignty regulations around where their data is stored.
Chris Bunch, head of Europe at MSP Cloudreach, said he expects to see a swell of interest from public sector bodies interested in both AWS and Azure when the datacentres are up and running, claiming that UK-based hosting providers could find themselves in trouble.
"[The UK hosting providers'] business model is based on one single fact: that you were forced as a public entity to put your data in the UK and it meant you couldn't use Dublin or Frankfurt," he said. "Dublin, to me, is not in a foreign nation but it is technically outside the UK. So having datacentres in and around England and [the wider] UK means that workloads they [public sector bodies] previously would have had to run in a disgusting old datacentre, can now be put in a proper public cloud solution."
Regulatory barriers
UK hosting providers have however been bullish in their defence of the services they offer, and have raised questions around the integrity of US-owned datacentres in the UK, with some claiming that the data would still be easily accessed by the US government.
A landmark ruling in July saw the US Department of Justice (DoJ) defeated in the Supreme Court when trying to access data in Microsoft's Dublin datacentre, but the DoJ this month appealed the decision, with the outcome expected to have far-reaching implications for how safe UK organisations feel their data is in a US company's datacentre.
Safe Harbor's replacement framework Privacy Shield - which allows US companies handling EU data to self-certify that they will do so in compliance with local law - was also met with scepticism over how protected data is from the US government.
Nicky Stewart, commercial director at UK hosting provider UKCloud, told CRN that regulatory confusion - along with political unrest surrounding Brexit and Trump's election - still creates more questions than answers.
"These things are all conducive to increasing trust issues. Not that I'm saying that Microsoft and AWS are intrinsically untrustworthy, that's not the case, but it comes back to the [uncertain] position of US providers wherever they are in the world in the context of US law," she said.
"Cloud is a growing market; it's growing in the UK public sector exponentially. There's room for everybody to play but I would absolutely, categorically say that our business model is not broken and it's not going to break either."
Stewart added that the size of hyperscale datacentre providers such as AWS and Microsoft also means that they are less able to adapt quickly to changes in niche markets.
"Things like terms and conditions can be quite challenging; things like developing products which are specifically intended to meet that market - we align our product road maps and product life cycles to the needs of our particular sectors and we can respond very quickly to regulatory changes as well," she said.