Why Enterprises Are Moving Critical Data to the Cloud

Thoughts about digital transformation and AI for enterprise leaders and their legal & compliance advisors

These posts represent my personal views on enterprise governance, regulatory compliance, and legal or ethical issues that arise in digital transformation projects powered by the cloud and artificial intelligence. Unless otherwise indicated, they do not represent the official views of Microsoft.

Last week I wrote about the rising confidence that enterprise executives focused on regulatory and legal compliance issues now have in the security of cloud computing. As I’ve mentioned before, my team at Microsoft works with these leaders on a host of such issues as compliance with the EU’s General Data Protection Regulation (GDPR), fair and ethical AI, and cybersecurity. From time to time we survey them to take their temperature on the key questions of the day, and the security of data and applications in the cloud is certainly one of those. In our most recent survey (commissioned from IDC), we found that four out of five compliance decision makers now believe that cloud and on-premises IT are equally secure. That represents a big swing from our 2016 survey, when two thirds still believed that that on-premises was more secure.

This week I want to offer another finding from the same IDC survey. The data point is simple but compelling. We asked 200 compliance decision makers at large U.S. enterprises (1,000 or more employees) how much of their critical enterprise data they were planning to store in the cloud, and the answer surprised even us:

Counting up across all types of cloud, including basic IT infrastructure (such as Azure or AWS) and full-fledged applications (such as Office 365 or Salesforce.com), the respondents said that they already store 52% of their critical enterprise data in the cloud and expect this number to rise to 67% by 2020.

This finding tells us that we have already reached the tipping point in the transition to cloud as the dominant architecture in enterprise IT. But the cloud is not a static place. Even as more and more enterprise data shifts to the cloud, the overall size of the cloud keeps growing. This is confirmed by another IDC study, which finds that the total amount of stored digital data in the world continues to grow exponentially, rising from about 20 zettabytes in 2018 to an estimated 47 zettabytes in 2020. In case you’re wondering, one zettabyte is a billion terabytes. This means that by sometime next year we can expect that the world will be storing more than 6 terabytes of data for every living human, and that number will still be growing very rapidly. In short, even when two thirds of critical enterprise data have shifted to the cloud, the headroom for further growth in absolute terms will remain very high.

What are the forces that have brought us to this tipping point in enterprise attitudes toward the cloud? Of course the fundamental driver is the vast movement of digital transformation that organizations of all types and sizes are undergoing. We are moving to a world where every detail of every business process, every interaction with customers, every action by employees or machinery, every aspect of every organization’s social and even natural environment is going to be captured digitally and fed into algorithms that seek to improve outcomes, not just for shareholders but—we hope and expect—for all stakeholders.

Going hand-in-hand with digital transformation is a change in the mix of applications that enterprises are deploying on the cloud. As the leader of Azure Marketing Julia White recently explained, three years ago many large enterprises were still testing the cloud waters with applications like backup, disaster recovery, and line of business systems. Certainly important, but not mission critical. Today they are deploying the core applications they run their business on, things like SAP, applications so important that the Board itself has to sign off before they can move from an on-premises data center to the cloud.

Yet there is more to the shift to cloud than just these questions of data scale and mission-critical application maturity. The last two years have also seen a tipping point in the trust enterprises place in the cloud for reasons other than technology. Providers like Microsoft have worked very hard to make the cloud a trustworthy place. We have large engineering and legal teams constantly working to ensure compliance with essentially every important standard or regulation in the world that touches on data protection or data security. We publish a vast number of third-party audit reports, technical documents, business white papers, and practical guides related to these standards and regulations on our Service Trust Portal website, and I recommend that anyone concerned with compliance or data safety spend time on this site.

A year after the entry in force of Europe’s GDPR, the stakes for gaps in compliance are becoming higher. Recall that under GDPR an organization must report a data breach to the data protection authorities within 72 hours of discovering it, with the risk of substantial financial penalties for failure to comply. During the first nine months of GDPR enforcement through March 2019, just under 60,000 breaches were reported to EU DPAs. The vast majority of these breaches were minor, with only 91 of the cases were considered serious enough to trigger fines (including a €50 million fine for Google). But it is widely believed that the DPAs deliberately took a lenient stance toward violators during the first year and will soon ramp up their enforcement efforts and the severity of sanctions inflicted.

But again, there is more for compliance decision makers to consider than standards certifications and regulatory compliance, vital though they are. There is another essential ingredient to a trustworthy cloud. It is something that goes to the core of what Microsoft has been about from the very beginning: we are a platform company. The only way we can win is if our customers use our platforms to build things of value to them. We don’t compete with you, we are not a sprawling conglomerate that pursues business in an ever expanding number of industries. We do only one thing, and that is to help our customers build, deploy, and manage the technology solutions that make them successful. Quite literally, your success is our success. I’d like to close with another quote from Julia White:

“I'm proud of the work we've done to be very transparent about our plans for our business, our core competency, what we're doing and what we're not doing. We’ve spent 40 years building trust, and we know what trust looks like.”

Microsoft has published a book about how to manage the thorny cybersecurity, privacy, and regulatory compliance issues that can arise in cloud-based Digital Transformation—including a section on 360-degree security. The book explains key topics in clear language and is full of actionable advice for enterprise leaders. Click here to download a copy. Kindle version available as well here.