By Leo Leung, Vice President, OCI and Oracle Technology
In the early days of cloud, the buzzword was “hyperscale.” All cloud services emanated from massive data center complexes stacked with connected commodity servers and lots of storage. That configuration kicked off the cloud computing tidal wave that swept many applications and petabytes of data from companies’ data centers to shared public cloud regions.
But as the types of cloud-bound workloads diversified, many customers started focusing more on deployment choice rather than sheer size when it came to their cloud discussions. For them, the new catchphrases have become “distributed cloud” or “sovereign cloud.”
Companies in regulated industries as well as government entities have distinct requirements for computing that make the one-size-fits-all public cloud less than optimal. They want greater control over where and how their cloud workloads run and who manages them.
Huge untapped market
As of 2022, the public cloud computing market hit an estimated $100 billion in revenue, according to Gartner. Given that large number, it is remarkable that so much room for growth remains. According to a recent IT spending survey by a global investment banking firm, just 31% of all computing workloads ran in the cloud as of 2023. We believe that cloud migration has stalled at approximately 30% precisely because customers need more deployment options than just public cloud.
A wide range of customers operating in regulated markets as well as governmental organizations are looking for a cloud provider that is flexible enough to run a regulated cloud, either hosting it with specific operating standards, hosting it inside a single customer’s shop, or facilitating a partner to operate it.
Location Choice Is Critical for Regulated Organizations
This class of customer must be particularly careful about where and how citizen (or consumer) data is processed, stored, and handled. One hurdle to cloud adoption for government agencies is that many do not want to run their IT in a physical location shared with other customers, and many prefer to have physical control over their infrastructure – whether cloud-based or on-premises.
In addition, organizations may want cloud services to remain in-country. That’s a nonstarter if a major cloud provider doesn’t host a region within their borders. And to be fair, hyperscale cloud regions are still clustered in about 30 countries in North America, Europe, and parts of Asia Pacific, and not so much in smaller countries or those in developing nations.
Sovereign clouds face different staffing needs
Cloud choice is not “just” about technology. Governmental and regulated organizations worldwide have their own staffing and management mandates. Many require that IT staff be citizens of that country and/or want to pick their own people instead of relying on the cloud provider’s employees.
And many will want their cloud services—whether they originate from shared public cloud regions or a smaller private cloud that they manage—to work well with on-premises systems. That checklist item remains a stretch for the early hyperscale cloud companies.
Here’s an example: a state agency or regulated bank may require IT staff to be citizens of a particular country and carry an array of country and regional compliance certifications. It may also decree that, for security reasons, its data center be “air gapped” or cut off from the public internet except for restricted windows of time. That is hard, if not impossible, to do using a shared set of cloud infrastructure that may not even run inside that nation.
Tech staffers may have to be employed by the organization itself, or a designated subcontractor. In some cases, the cloud provider would have to set up a local subsidiary tasked with staffing and running the operation but be subject to local laws – not those of the cloud provider’s country of origin.
Layers of regulations
In addition, if the organization in the EU processes and stores data for European citizens, it will have to ensure that it considers specific EU data privacy regulations, which may include processing personal information only inside certain countries and understanding the flow of their personal information including when it is in transit from one in-country data center to another.
Failure to comply with the EU’s data privacy regulations can — and does — result in significant penalties.
Further complicating matters are additional regulations that may require that an organization’s cloud provider not be subject to certain types of information requests from another country.
That menu of requirements would be impossible for a traditional public cloud region running elsewhere to meet.
To help customers meet EU data privacy and sovereignty requirements, Oracle rolled out EU Sovereign Cloud regions in Spain and Germany. These facilities are separate and distinct from the company’s existing commercial and government cloud regions.
Same services everywhere
But even with all this complexity, today’s regulated organizations still need powerful computing, fast networking, and ample storage. They often want some data and workloads to run in a massive hyperscale cloud while others remain under the entity’s complete control.
That means all the same cloud services must be available in both venues—another requirement that many cloud providers can’t meet, since they offer just a subset of their public cloud services to run on customer premises.
Another wrinkle: any agency tasked with responding quickly to citizen input needs near-real-time response times. That requires fast interactions between its cloud-based and on-premises systems. For that, it would likely want a “private cloud” that offers all the flexibility, power, and services found in a hyperscale public cloud, but running in a location of the organization’s choice.
A sliding scale of cloud options
As a result of these staffing, data processing, and location dictates, demand for a spectrum of cloud deployment options will continue to grow among regulated organizations. This cohort of companies and agencies will want to deploy uniform cloud services but in their choice of settings.
The reality is that while all businesses need an array of computing, networking and storage options, they will also demand a bigger say in how and where those cloud resources are deployed going forward. We think the addition of flexible deployment choices will spur another growth spurt in the cloud computing market, blowing by the current 30% adoption barrier.