Why Is the Cloud Still Not Trusted by Many Large Organizations?

Cloud computing is here to stay, and the numbers speak volumes. With worldwide end-user spending on public cloud services reaching a staggering $591.8 billion, and governments across the globe investing hundreds of millions, it’s clear that the realms of supercomputing, Big Data, and artificial intelligence are firmly entrenched in our future.

This technology has become an indispensable pillar in maintaining an effective and competitive information infrastructure, offering unmatched flexibility, scalability, and accessibility to businesses and governments.

Cloud computing has been known to reduce downtime by 57% and reduce the average time-to-market for new product features by 37%, so there is ample reason to invest in cloud infrastructure.

Still, while countless enterprises have already jumped on board, entire industries cannot move their data to the cloud, whether due to cloud security, privacy, compliance, or regulatory concerns. While such reticence is certainly justified, there is a solution on the immediate horizon.

When Privacy Keeps Organizations Out of the Cloud

The decision to avoid the cloud rarely stems from a fundamental aversion to technology. Many organizations in industries that are highly regulated opt not to trust online storage solutions because they could face liability and public confidence issues if their data were to be compromised.

Government agencies, such as the Internal Revenue Service or the Social Security Administration in the United States and their respective counterparts in other countries, handle a vast amount of sensitive personal data, making them subject to a range of privacy regulations. Given that the IRS relies on outdated software and hardware despite the vast amounts of personal information that they handle, it is inconceivable that a move to the cloud is forthcoming.

Similarly, the financial services sector has been hesitant about moving to the cloud due to questions regarding security and regulatory compliance. One example of a financial institution that initially waited to adopt the cloud is Bank of America. The bank struggled to develop a scalable solution after initial investments in private cloud infrastructures. Meanwhile, Capital One felt comfortable trusting Amazon Web Services with all its data.

The reason for these often seemingly arbitrary decisions lies in the stringent regulations that govern data handling in finance — the Privacy Act of 1974 and the PCI Security Standards Council’s standards offer two examples. While the total workloads moved to the cloud increased from 8% to 15% just in 2022, there is a lot of room for improvement, and artificial intelligence will only complicate the situation, as recent measures to prohibit chatbots show.

Oil and gas enterprises have always invested heavily in exploring unconventional reservoir sites, which is one of their most computationally intensive tasks. While this industry’s choice to perform data crunching on-site may often come down to practical necessity during seismic data analysis, such companies seem to be ardent believers in on-site computing. They may not be affected by as many laws and regulations as other industries, but it seems obvious that maintaining control over strategically relevant and proprietary data is part of their decision-making process.

However, despite the tendency for oil and gas companies to retain their data in local repositories, there are advantages to be gained from moving to the cloud, especially the potential to harness even greater efficiency and profitability through the use of shared supercomputing resources. To this end, two recent examples of oil and communication services companies joining forces to benefit from the power of the cloud while addressing the industry’s inherent challenges are Aramco’s recent partnership and Petrobras’ investment in supercomputers.

Judging by these cases, it is clear that even the most vulnerable industries want to move to the cloud. They have only been held back because current solutions fail to account for their regulatory needs or competitive strategies.

Fully Homomorphic Encryption (FHE) and the Future of Cloud Security

While encryption of data has long been the foundation of cybersecurity, it has traditionally only been effective on data at rest and data in transit. It has never been possible to process encrypted data without having to decrypt it first, which makes the data vulnerable to a security breach. Fully homomorphic encryption, though, allows analysis and sampling of encrypted data without having to decrypt it. This means that proprietary data and customer information can remain fully encrypted throughout the entire data lifecycle.

With FHE, the tasks of protecting sensitive data and analyzing that data for business purposes are no longer mutually exclusive. An enterprise can leverage cloud storage and computing solutions while reducing the risk of exposing its proprietary code or its customers’ personal data to regulatory issues or privacy breaches. Due to its lattice-based cryptography schemes, FHE is even resistant to quantum computing attacks, making it a great choice for post-quantum cybersecurity.

While there are tremendous opportunities for FHE across multiple high-profile industries, it has yet to be commercially viable. This is because FHE requires computational processing acceleration on a scale of between 100,000 and 1 million times the current performance of standard CPUs, rendering them impractical for the deployment at scale as required to protect data in the cloud.

This endeavor will be made a reality with Chain Reaction’s 3PU^TM privacy processor – presenting significant magnitude of compute and bandwidth, reducing the million-fold performance overhead associated with FHE, and enabling real-time processing on encrypted data.

With 3PU^TM, whether the data is oil reservoir analysis, election balloting systems, or patient healthcare records, businesses most sensitive IP and data remains encrypted throughout the processing lifecycle, ensuring that personal and proprietary corporate information is always safe.