GDPR prompts data migration U-turn from public cloud to corporate datacentres, finds Forrester

The incoming General Data Protection Regulation (GDPR) has prompted a rise in the amount of data being moved out of the public cloud and back into corporate datacentres, Forrester has claimed.

The IT market watcher’s latest look at public cloud adoption across Europe reports an uptick in demand for applications to be moved out of the public cloud, as enterprises grapple with readying their IT estates in anticipation of the GDPR 25 May 2018 compliance deadline.

“[Infrastructure and operations] leaders are finally addressing the taboo topic of migrating workloads out of public cloud environments,” the Forrester report states.

“Replication technologies, first used to migrate workloads to the cloud, are now seeing more demand to migrate workloads back from the cloud. This conversation is increasingly relevant as compliance regulations change in anticipation of GDPR.”

This trend can partly be traced back to the fact that GDPR requires enterprises to be more mindful of how they collect customer data, where they keep it and how easy it is to access, said Forrester.

“Any organisation serving the European market must be more intentional with its data collection, knowing where it is and how to access it to fulfil [GDPR’s] 30-day request mandates,” the report states.

The trends should also be interpreted as recognition of the fact that IT workloads are dynamic and fluid entities, whose requirements and demands change over the course of their lifecycle, says Forrester.

Therefore, as the regulatory landscape changes, the best environment in which to run an application may also be liable to change, with Forrester going on to emphasise that there is no one-size-fits-all way of addressing GDPR compliance in the cloud.

“GDPR will have a radical impact on every step of enterprise business strategy, including cloud, and firms must modernise all business infrastructure and operations,” the report continues.

“Remember, each cloud technology includes a different level of shared security and management responsibility.”

In the lead-up to the 25 May deadline, a number of cloud firms have declared their platforms GDPR-compliant to assure enterprise users.

Microsoft and Google, for example, each used the publication of their most recent financial results to talk up the preparations they have made to ensure GDPR compliance for their users. Amazon Web Services (AWS) outlined its commitment to addressing the issue in March 2018.

“Your GDPR plan for software-as-a-service (SaaS) platforms won’t look like your GDPR plan for infrastructure as a service (IaaS). Details about tenancy, certainty of compliance, and speed to action will be key themes under this new regulation,” says Forrester.

The report’s observations are based on responses to Forrester’s data global business technographics infrastructure survey, which saw just over 3,923 firms from Australia, Brazil, China, France, Germany, India, New Zealand, the UK and the US quizzed on their public cloud use.

While its findings suggest some organisations are making a U-turn on their decision to shift parts of their IT infrastructure to the public cloud, the general trend seems to be that enterprises are increasingly looking to move their workloads into the cloud.

For example, Forrester’s data states that public cloud adoption rose from 39% in 2016 to 57% last year, with the average percentage of infrastructure hosted there rising from 16% to 21% over the same time period.