The BBC has decided not to put its core services in the public cloud as the compliance and legal issues surrounding such a move are too significant, according to Paul Boyns, head of IT strategy at the BBC.
Boyns, who was addressing delegates at the 451 Group's Hosting and Cloud Transformation event yesterday, said that data protection in public clouds is not good enough for him to make the transition confidently.
"We were looking at putting a lot of our core services into a public cloud at the end of last year, but we hit a wall when addressing concerns around compliance and legislation," said Boyns.
"The most significant issues were compliance related to both the Data Protection Act and subpoena laws when storing BBC data in foreign territories.
"The irony is that the US is one of the main countries you would look to for public cloud services, and yet subpoena laws are widely used there," he added.
Subpoena laws can be used to request certain types of data from a cloud provider without the permission of the data owner. This raises concerns for CIOs considering placing information in a public cloud.
"You have to be very careful about what information is being put into cloud systems, and you have to decide whether you are comfortable with that information going out into the public cloud. This is one of the biggest barriers to adoption," said Boyns.
Stephen White, head of solutions for London Underground information management, argued that the main problem he had with public cloud adoption is related to legacy systems.
"It comes down to current economic constraints. If have made an investment in an infrastructure due to last for another three years, then the business case for writing off that investment is difficult," said White.
"Changing tact quickly once that capital has been spent isn't really an option".
This paper seeks to provide education and technical insight to beacons, in addition to providing insight to Apple's iBeacon specification
Focus on cost efficiency, simplicity, performance, scalability and future-readiness when architecting your data protection strategy