Concerns about regulatory compliance and data security have put the brakes on cloud adoption at many firms. The health care sector has been particularly impacted by these concerns, due to worries about complying with the Health Information Portability and Accountability Act (HIPAA).
At the heart of the problem is the tension between the efficiences of scale promised by the cloud and the need of individual companies to ensure compliance and security. Joseph Granneman, an information security expert familiar with the insurance and health care sectors, characterizes the challenge:
"The cost benefits for cloud service providers come from the ability to scale multiple clients across shared resources. This can make compliance difficult as regulations often require encryption, auditing and data separation, which increase hardware requirements and limits resource sharing."
The cloud achieves efficiency by treating data and storage as generic commodities. But firms cannot treat their data as generic, and are at least uncomfortable treating their storage that way.