Cloud computing refers to the delivery of computing services on-demand over the internet. This POSTnote describes the different types of cloud computing before outlining issues relating to security, regulation, energy use and barriers to the adoption of this technology.

Download the full report

Cloud computing is the use of pooled, centralised computing resources (including data storage and processing) that are provided to users (who may be organisations or individuals) on-demand, often over the internet. Many mainstream consumer services, including Netflix and Youtube, are enabled by cloud computing and estimates suggest that 89% of larger UK organisations use at least one cloud-based service. The government encourages public sector use of cloud computing via its cloud first policy which mandates that cloud computing must be considered before any other IT implementation where possible.

Potential advantages of cloud computing include increased security, the ability to use resources flexibly and improved energy efficiency. However, improper governance of cloud computing use by organisations can lead to problems such as security breaches. Furthermore, 50% of UK companies have reported doubts about the compliance of their cloud computing solutions with all required regulations. 

Key Points

  • Cloud computing allows organisations and individuals to access a wide range of computing services without needing to own and maintain specialised hardware and software.
  • The UK cloud market is forecast to be worth over £35 billion by 2023 (a 73% rise from 2019).
  • The global market leaders in cloud computing are predominantly large US companies, including Amazon, Microsoft and Salesforce.
  • Different implementations of cloud computing infrastructure exist for different purposes. For example, a private cloud is used by, and tailored to the needs of, a single organisation whereas a public cloud is shared by many users and resource provision is flexible. 
  • Cloud computing infrastructure consists of a central data centre, where computers carry out data processing and storage, and telecommunications networks which connect the data centre to end users.
  • Cloud computing service providers generally offer sophisticated security measures but user errors can result in security breaches. At present, around 95% of cloud security incidents are thought to be caused by user error.
  • Cloud computing service providers try to ensure their services are resilient to failure by providing spare computing resources, but a user’s resilience can be compromised if they rely heavily on a single provider that may discontinue service or change the terms of service.
  • Within a cloud computing system, data may be continuously moved, possibly across national borders. Some countries have data residency or sovereignty requirements which regulate movement of data out of the country but the UK does not have any such requirements.
  • 75% of the UK’s data trade is with the EU. Following the transition period the continuation of free flowing data trade between the two will be contingent on the EU judging the UK’s data privacy protection laws to be adequate.
  • Cloud computing can offer improved energy efficiency over on-premise facilities but there are some concerns that efficiency gains could lead to an overall increase in consumption.
  • A lack of appropriate technical skills and difficulties with migrating large legacy computer systems are two issues which organisations cite as barriers to the uptake of cloud computing.

Acknowledgements

POSTnotes are based on literature reviews and interviews with a range of stakeholders and are externally peer reviewed. POST would like to thank interviewees and peer reviewers for kindly giving up their time during the preparation of this briefing, including:

  • Dr Bill Mitchell OBEBCS*
  • Professor Carsten Maple, Warwick Manufacturing Group*
  • Professor Dimitra Simeonidou, University of Bristol
  • Glen Robinson, Microsoft
  • James Lovegrove, RedHat*
  • Joanna Hodgson,  RedHat*
  • Adrian Keward, RedHat*
  • Jonathan Legh-Smith, BT*
  • Ksenia Duxfield-Karyakina, Google*
  • Professor Lilian Edwards, Newcastle University
  • Neil Stansfield, NPL
  • Nicky Stewart, UKCloud*
  • Paul Duncan, NPL
  • Paul Martynenko, POST Board
  • Professor Paul Watson, Newcastle University*
  • Professor Reza Nejabati, University of Bristol
  • Rhiannon Lawson, Government Digital Service*
  • Richard Ward, IBM
  • Simon Hansford, UKCloud*
  • Sneha Dawda, RUSI
  • Rebecca Lucas, RUSI
  • Dr Stephen Pattison, ARM*
  • Sue Daley, techUK
  • Tom March, Government Digital Service*

 *denotes people and organisations who acted as external reviewers of the briefing. 

Download the full report