How the Most Security-Conscious Industries Adopt Public Cloud

Security and compliance requirements no longer hold back IT from operating in the public cloud—even in industries under the microscope. Learn from regulated industries breaking free.


By Tisa Murdock, Director of VMware Solution Marketing

Security has long been one of the biggest concerns holding back organizations from moving to the cloud. Even today, as cloud technologies advance and misconceptions dissolve, worries over security in the cloud still linger.

But research shows that even the most security-conscious industries adopt public clouds. Regulated industries, including retail banking, healthcare and federal government, face some of the strictest security and compliance requirements. Yet, even these industries will contribute to the 27-percent growth of application deployments in the public cloud over the next two years.

According to IDC research (available at

  • Nearly 77 percent of healthcare providers used some form of a public cloud in 2018.
  • About 15 percent of U.S. banks deployed software via the public cloud in 2017, and 19 percent even deployed mission-critical customer relationship management solutions in the cloud.
  • Cloud exceeds expectations of driving innovations and/or digital transformation for 70 percent of survey respondents in federal government.

So how do these industries overcome security and privacy concerns, as well as regulatory or compliance issues, to take advantage of the benefits of public cloud?

IT Excellence and the Promise of Public Cloud

Just like any enterprise, retail banks, healthcare organizations and government agencies need to adapt to what customers want: more responsiveness, personalization, self-service and engagement. To deliver these types of digital experiences, IT needs to innovate, but the complexity, costs and delays of legacy technologies can keep that from happening. So first, IT needs to digitally transform and build a digital foundation for innovation.

The public cloud shows promise for IT organizations looking to gain speed and efficiency. In an IDC survey, between 40 and 50 percent of respondents from regulated industries agree that the public cloud could improve their operational agility, cost efficiency, productivity, simplicity and even security.

Regardless of the many benefits, however, these industries are still bound by regulations that bring the viability of the public cloud into question. Not all cloud services meet industry regulations and certifications, such as FedRAMP, SOC and HIPAA. Not all cloud providers guarantee the security and high availability of sensitive data and traditional applications. And not every industry application is certified to run in the public cloud.

That’s why many regulated industries adopt a hybrid cloud strategy.

Managing Security in the Cloud

“It’s not necessarily true that clouds can’t be secure, but companies have to adapt to a new way of how security is managed in the cloud,” Gary Chen, research manager of software-defined computing at IDC, says in a new video. Hybrid cloud is one way security-conscious organizations move to the cloud without losing visibility and control.

“Hybrid cloud is a seamless integration of on- and off-premises assets to avoid creating more silos and bring together existing and future environments.”

In hybrid cloud environments, IT can seamlessly migrate workloads between the public cloud and their data center. This flexibility means IT can strategically leverage the best of both worlds based on the needs of each application: the on-demand resources and newest capabilities of the public cloud and the control and compliance of the data center or private cloud.

Hybrid cloud solutions build in bidirectional portability and allow for consistent operations. So in a sense, the public cloud can now be an extension of the enterprise data center. This helps IT centralize governance, visibility and control, which not only simplifies operations but also further helps ensure security.

Keen on getting to this hybrid cloud state, many IT organizations are transforming their data center to get the most out of their deployment. Over half of federal agency respondents in a 2018 IDC survey had taken steps to prepare for hybrid cloud deployments. Another third planned to do so, including centralizing security processes and tools or consolidating management and operations.

The Fast Path to Cloud

Many companies once squirmed at the thought of operating in the public cloud. “What about security? How will I meet compliance regulations?”

But as cloud computing became the aspirational model for IT, no company could afford to miss out on the cost savings, speed and scalability. Competitors designing new, cloud-native apps or streamlining operations for large, legacy apps in the cloud gained the upper hand. They could modernize apps and operations, quickly crank up resources on demand and easily mine huge quantities of data for customer insights.

But that doesn’t happen overnight. Leaders in the cloud get there early and quickly by embracing hybrid cloud computing. By doing so, IT can take a cloud-like approach to managing the data center, as well, with more transparency, governance and agility.

Fast Path 2 Cloud

Learn about VMware Cloud on AWS for regulated industries.