Cloud customers want security and control that goes beyond the hyperscale model

Mahesh Thiagarajan Profile picture for user Mahesh Thiagarajan July 6, 2023
One cloud does not fit all. Customer needs stretch across ever-shifting cloud computing parameters - can organizations deliver everything to everyone? Mahesh Thiagarajan of Oracle looks for answers.

Cloud computing technology at scale concept © Just_super -
(© Just_super -

Fifteen years into the cloud computing era, most cloud providers sound a lot like auto pioneer Henry Ford: “You can have any color you want as long as it’s black.” In their view, businesses can use any cloud they want – as long as it runs in a massive ’hyperscale’ data center. If customers want to deploy cloud services from a smaller facility, perhaps even from their own location, they’re out of luck.

That is changing in large part because many current and potential cloud customers, ranging from companies to entire countries, must meet security and regulatory mandates that require far more flexible deployment options. At the same time, these organizations and governments don’t want to compromise on benefitting from the continuous innovation happening in the hyperscale cloud world. They want the option to run all of the same services without delays, no matter what configurations they need for their cloud deployments.

Cloud computing is no longer one-size-fits-all because it can’t be, any more than Henry Ford could keep people from wanting red, blue, and yellow cars.

Helping cloud customers balance compliance and efficiency

A growing number of countries have established policies to protect the privacy and security of their citizens’ data, not to mention sensitive information related to military, intelligence, and other government operations. That makes using a multi-tenant cloud region that can extend beyond their borders problematic, at best.

Public cloud offers enormous benefits to businesses and government entities, such as providing extremely efficient data processing and storage. But the very nature of the cloud is based on the use of shared servers, networking, and storage, putting that model at odds with privacy and security mandates. That friction makes life complicated for governments and companies in regulated industries that want cost-effective and high-performance computing resources. Yes, you can cordon off pieces of a public cloud region for use by a single business, but that alone will not satisfy many of these complicated — and often shifting — regulations.

The answer is cloud deployment choice

The result is that organizations need to add another factor into their considerations — data sovereignty. This is the concept that data related to individuals and organizations is subject to the privacy regulations of their home nation. Some regulators decided the easiest way to ensure that was to outlaw data leaving the region. Although well intentioned, this creates issues for any organization planning to benefit from the use of a standard hyperscale cloud. That’s why existing and potential cloud customers are clamoring for options, including cloud deployments which will give them more control over how and where their data is stored and processed and who can access it.

On top of all of that, cloud infrastructure requires a ’secure-by-default’ approach to make sure the customer is not spending extra time and resources on basic protections. Broadly speaking, the only way to meet this increasingly diverse set of requirements is to offer a choice of several options for deployment, location, and staffing, along with a complete set of cloud services that runs across all those options with 100% fidelity.

For example, a large French bank may want to utilize full cloud services in its own data center and ensure that it is managed and maintained by French citizens employed by the bank, not the cloud provider. Or a South American government agency needs a super-secure cloud that is air-gapped (ie, isolated) from the rest of the world but that still runs the same cloud services that are available in the public cloud.

Oracle Cloud Infrastructure (OCI) meets the needs of many customers around the world with its distributed cloud, which offers public cloud to customers via dozens of cloud regions located in several countries around the world and multi-cloud, hybrid cloud, and dedicated cloud options including cloud services deployable on-premises. But increasing regulations, such as the General Data Protection Regulation (GDPR), mean that many customers need more specific controls. To help customers fully address the European Union’s (EU) regulatory laws, Oracle’s upcoming EU Sovereign Cloud will restrict the operation and customer support responsibilities to EU residents to ensure total compliance with the regulations. Customers with data and applications that are sensitive, regulated, or of strategic regional importance, as well as workloads that fall under EU requirements for data privacy and sovereignty (such as GDPR), can now move to the cloud. This also opens the door for government agencies to adopt cloud technology in their operations in ways that were not previously possible.

Other customers need to take it a step further. In Japan, the Nomura Research Institute (NRI) needed to modernize its IT operations for its financial services.  It needed to have access to the full range of cloud benefits — availability, scalability, efficiency, and performance among others. However, the sensitive nature and compliance requirements of the financial transactions on this system meant that it couldn’t sacrifice control over its data and financial governance. The financial services industry is one of the most demanding in terms of regulation and security, and so the companies that operate in that space need a level of customization that standard hyperscale cloud models just don’t provide. The answer for NRI was OCI Dedicated Region, which allowed the company to run a fully up-to-date cloud region from within its own datacenter — giving it the best of both worlds.

The need for choice will only grow

The need for more cloud deployment options will only grow as technical and regulatory requirements change. Regulations in each country, and across regions like the European Union, will shift and proliferate as needed. In 2016, the 261-page GDPR law replaced the Data Protection Directive of 1995. And everyone needs to be prepared to adapt again because no one thinks the requirements of GDPR are set in stone, even eight years later. Things will change.

There will always be a market for services operating in massive hyperscale public clouds. But organizations with key sensitive workloads — their crown jewels — will increasingly demand reliable, secure cloud services that run from a more diverse set of footprints.

Once again, the days of ’one-cloud-fits-all-needs’ are over.

A grey colored placeholder image