And What Cloud Fax Can Do for Your Business

Understandably, enterprises in heavily regulated industries such as healthcare and financial services have been relatively slow to adopt new cloud technologies for their companies.

Enterprises in less-regulated industries — media and retail, for example — needed to be convinced primarily of the cloud’s potential for cost-savings and improved efficiencies. When those advantages became clear, many of these enterprises moved their communications and other IT services to the cloud. But regulated businesses had more pressing concerns about entrusting their data and systems to a cloud service.

To cite just one example, the federal law Sarbanes-Oxley (SOX) holds both the CEO and CFO of a publicly traded firm personally responsible for all financial reports and reports on the company’s internal controls. As Reuters explains, this means that if a company executive signs off on a financial statement that is false, that executive can be held criminally liable, face millions of dollars in fines, and be sentenced to years in federal prison.

Suppose a CFO signs off on an accurate financial report, and the company stores this report in the cloud before submitting it — and while in cloud storage that file is hacked and altered. Is this scenario a common occurrence? Not at all. But when you’re that company’s CEO or CFO, and you are criminally on the hook for whatever report your firm sends out to the public, you will understandably take your time in vetting new technologies or platforms before trusting them with such sensitive data.

The Private Cloud: How Regulated Industries Took a First Step Toward Cloud Computing

SOX is only one of many regulations and guidelines demanding strict processes and protocols from enterprises across industries — all under the threat of severe penalties from federal auditors for failure to comply.

Financial services firms are regulated by the federal Securities and Exchange Commission and the independent regulator FINRA (the Financial Industry Regulatory Authority). Any institutions that provide consumers financial products are governed by GLBA (the federal Graham-Leach-Bliley Act). Educational institutions are subject toregulated by the federal law FERPA (the Family Educational Rights and Privacy Act). And of course healthcare providers and their Business Associates are subject to the hundreds of pages of rules comprising HIPAA (the Health Insurance Portability and Accountability Act).

What all of these regulations have in common is that they set forth very strict guidelines for how businesses in these industries must treat sensitive data — clients’ financial information in the case of financial institutions, and health records in the case of healthcare providers.

In other words, the enterprises in these industries had to worry about the security of their sensitive data not only for the standard reasons — their ethical obligations under doctor-patient confidentiality, for example, and protecting their companies’ reputations against the awful press of a data breach. They also had to worry about the looming threat of a federal investigation, fines, penalties and even being shut down by regulators.

So, as these heavily regulated businesses saw the unmistakable benefits of cloud technology for their communications, collaboration and data storage, their IT teams found a first step into cloud computing that they believed would allow them to leverage cloud’s benefits but also keep their data safe: the private cloud.

A private cloud, as the name suggests, is a cloud infrastructure developed for only a single organization’s use and access. It can be maintained either entirely on premises, or distributed as a combination of on-premises and offsite hardware in the data center of a cloud service provider. What distinguishes a private from a public cloud setup is that in a public cloud environment your organization’s data and systems are maintained on servers that also house the data of other businesses.

Although the public cloud today is highly secure, at least when an organization uses a trustworthy and expert cloud service provider, many regulated businesses were not initially comfortable either with transmitting their sensitive data across the Internet between their own systems and their cloud environment, or sharing their offsite servers with other businesses.

With a private cloud, all of the servers and other systems that comprise your cloud infrastructure are used only by your company and managed only by your own IT staff.

Additionally, these regulated businesses believed that if they maintained all of their clients’ or patients’ regulated data on privately maintained and internally secured servers — even if they did suffer a data breach or loss — their businesses would be on more solid ground regarding regulatory compliance than if they had placed this data on a public cloud and turned over control of that data to a third party.

The upshot of these concerns was that regulated industries such as healthcare, banking and legal were among the slower industries in adopting cloud computing.

Three Reasons Regulated Businesses Were Concerned About Cloud Computing

Even as recently as a few years ago, many large enterprises, particularly those in heavily regulated industries, were still reluctant to migrate their organizations to the cloud.

If you look at the chart below, from researchers at Gartner, you’ll see that healthcare and banking were still among the slowest industries to move to a public cloud model. And although banking had built out a mature cloud system, it was entirely a private cloud.


As Cloud Security Alliance reports, three main reasons contributed to enterprises’ slow adoption of cloud services.

1.  Rapid increases in data breaches.

Just as enterprises in regulated industries were growing more comfortable with the security of the public cloud, and preparing to migrate their communications and IT services to a cloud model, many of them saw the massive spike in high-profile hacks and decided to step back and re-examine their go-to-cloud strategy.

And keep in mind, many of the largest and most high-profile cyberattacks were against these very industries — such as healthcare, which saw more than 100 million patient records compromised in 2015 alone.

2.  Data residency requirements.

When you sign up with a cloud service provider, it is often difficult to know where your data will be traveling. And many industries, particularly those in Europe, are governed by strict geographic  data privacy requirements — meaning their customers’ (and employee’s) private data originating in the EU is not allowed to travel electronically outside the European Economic Area (except to certain designated countries). European data that is transported even momentarily to other countries can be grounds for non-compliance.

This was yet another reason why many enterprises were reluctant to move to the cloud. Even if their cloud service providers maintained data centers only within their country, they still could not be certain that their data would not at times bounce around the world while in transit. On the other hand, the ability to control the routing of data within certain geographical areas is emerging as a point of differentiation for international cloud service providers.

3.  Internal and industry (including regulatory) requirements.

Finally, because these enterprises maintained so much valuable personal client/customer/patient data, and they knew how strict the regulatory guidelines governing this data were, they were hesitant to make the move to the cloud.

Additionally, they also knew their increasingly web-savvy clients would demand the highest possible standards of security and encryption if the companies were to place their personal data on a public cloud.

All of these factors — a need to carefully study the ramifications of moving personal data to the cloud, the need to check their cloud providers’ policies against relevant regulations, and the need to satisfy their customers that such a move was safe — kept regulated enterprises from moving to the cloud in a meaningful way for years.

Which might not have been such a bad move — at least not in Europe. According to a report from the Ponemon Institute, reported by ComputerWeekly, found that among European-based businesses, 72% say their cloud service providers have failed to comply with their industries’ data protection regulations.

Regulated Businesses Now Moving to the Cloud

But 2015 and 2016 seem to represent a turning point in which large enterprises, including the most heavily regulated, began moving in great numbers to public cloud infrastructures for their communications and data.

A major contributor to this seems to be the fact that the big cloud services players — such as Amazon, Google and Microsoft — are convincing even the most guarded enterprises that the public cloud is a safe place for their data.

As the BBC points out, Amazon Web Services has played up its encryption capability, for data both in transit and at rest, on its cloud servers. AWS also boasts that it employs more than 1,800 security controls to protect users of its cloud services. These types of advances seem to have made many of these enterprises more comfortable than they’ve ever been with placing their data on the cloud.

Also, as the BBC piece notes, “It says a lot that Amazon is happy to run its entire business on its own platform.”

Moreover, a December 2015 CIO article — Cloud Adoption Soars in Regulated Industries — reports that the steepest rate of increase in the adoption of cloud applications are among government agencies and businesses in regulated industries.

One example cited in the report is that between 2014 and 2015, 36% of healthcare organizations were on their way to adopting cloud applications — up from just 8% in the previous year.

Another example, financial services, had similar findings. Cloud adoption was at 37.5% — up from only 9.5% the year prior.

In fact, the only factor keeping the financial sector’s cloud adoption rates from jumping even higher in 2015? Industry regulations governing the use of IT!

Regulated Businesses Finally Able to Reap Cloud’s Benefits

So what does this migration to cloud mean for regulated businesses? For one thing, it means these enterprises will finally be able to realize the many benefits of cloud — cost-savings, enhanced employee productivity, improved collaboration, and more IT resources available to deploy onto more forward-looking projects.

Speaking of which, another reason some of these businesses in heavily regulated industries were slow to adopt a public cloud model is that they had already invested so heavily in a private cloud model.

After spending time and building out a private-cloud infrastructure and training their IT staffs to learn how to operate and maintain this infrastructure, these companies understandably wanted to amortize this investment and generate as much ROI from it as possible. This made it more difficult to switch to a fully outsourced public cloud model — when their in-house servers, backup systems and other hardware and software still had useful life left in them.

But what most of these companies will find is that it is better to migrate to a more cost-efficient technology — in this case, the public cloud — and start enjoying its organizational benefits right away, than it would be to wait until their legacy systems were fully depreciated or finally gave out, and they had to make such a move hastily.

Which brings us to another aging technology that you might still be operating in legacy mode, but which you can quickly and easily migrate to a hosted cloud system — and begin reaping its many benefits right away. That technology is fax.

eFax Corporate: The Most Trusted Name in Secure Business Cloud Faxing

A pioneer in cloud faxing 20 years, eFax Corporate enables enterprises —including those in heavily regulated industries like healthcare and finance — send and receive faxes by email, online, from mobile apps and using a host of other tools and platforms.

Our proven track record as the world’s most successful, secure and reliable cloud fax company is just one reason that eFax Corporate is the leading cloud fax partner for enterprises, and the cloud fax solution preferred by the majority of Fortune 500 corporations.