Businesses must consider the regulatory, security and monetary concerns with cloud computing before adopting it if they hope to safely enjoy its advantages, according to Bank of England CIO John Finch.
Speaking at the Cloud World Forum on Wednesday, Finch called for businesses to ignore promises from cloud providers and independently assess their needs.
"All the vendors will be telling you 'you don't need IT teams as they'll do the heavy lifting for you'. That is sometimes true and there are cases where cloud can be a real enabler. But that doesn't mean it's always right," he said.
"Think about business models. There are many different variants [to] how you can scale using other people's infrastructure. One size doesn't fit all. The vendors will also tell you there is a financial upside. My answer is don't let the bean counters tell you how to count your beans, go and see an external accountant."
Finch (pictured below) highlighted data sovereignty as well as legislative concerns as key issues that business should examine before adopting cloud solutions.
"If you go to a partner to host your data, you need to ask questions. Do you know where the boxes it runs on are and do you know the legislation that covers those boxes? One well-known provider promises your data will stay in Europe. With this provider the boxes sit in a Nordic region somewhere. Who here knows Nordic law?" he said.
"Then you need to think about where they are domiciled. Even if that well-known cloud provider says 'don't worry', if they're an American company, your data is linked to the American Patriot Act. That means if the FBI or CIA want it, they've got it. Think about what you're giving and when."
Finch's comments follow a series of questions about government intelligence agencies' cloud-surveillance campaigns. The questions began in 2013 when whistleblower Edward Snowden leaked documents to the press proving that the US National Security Agency (NSA) was collecting vast amounts of customer data from web service providers.
Finch added that firms should also carefully examine the providers' security practices when choosing who to partner with.
"The big elephant in the room is cyber security. We're quite worried about it. Remember, when you go to a third-party provider, you are placing some of your security posture in their hands. That may be a good thing if they have the expertise, but remember you are leasing part of your perimeter," he said.
Finally, for firms that have met these assurances, Finch said businesses should carefully examine the cloud service contract, to ensure it will meet their future, as well as immediate, needs.
"Look at the contract. Do you know what's in the contract? Sure it can save you money, but will the contract allow you to grow at diminishing market cost? Will it let you contract out? Will it let you get out of it when you want to? Think through the contract," he said.
Finch acknowledged though that, despite his warnings, businesses that adopt cautious cloud strategies will glean significant advantages from the technology.
"I may sound like a cloud denier. I'm not. It can offer great value, but don't let the providers drive your strategy," he said.
Despite offering this advice, Finch said he was unable to discuss how the Bank of England uses technology for legal and security reasons.
The Bank of England is one of many institutions to warn businesses against rushed cloud strategies. The UK GCHQ announced plans to issue fresh cloud security best-practice guidance earlier this week.
Facebook database included text-message metadata - despite not using Facebook Messenger for SMS
Successful attack could result in harm to patients and financial loss, warns NHS governing body