7 Technology Trends Emerging In 2022

A PC and Mac next to each other on a desk
  1. Digital-First, Remote-First Dominates the Technology Landscape

Let’s start with the most obvious technology trends as we look to 2022 – digital-first. It is mainstream and shaping business today. For example, workforces are more remote than ever. As a result, they demand more substantial connectivity, plus greater reliability from that connectivity. And they require it 24/7.

Your customers have come to expect a similar service level. For many, digital has become the preferred means of communicating and interacting with your business. Your reward for keeping pace with that demand is greater customer loyalty, not to more improved competitive differentiation.

Not surprisingly, according to a study by IDC, 70% of all organizations have accelerated their use of technology. As a result, new technologies and space redesigns will emerge to support hybrid collaboration.

  1. 5G Helps Deliver that Digital-First Focus

Improving networking and interconnectivity requires better and faster connections—for example, 5G averages more than 100Mbps, with peaks of 20Gbps. Plus, 5G supports up to a million connected devices per square kilometer versus 100,000 for 4G networks.

In addition, as the Internet of Things (IoT) becomes even more integral in business and our personal lives, the reliability of those internet connections becomes paramount. On a side note, the IoT certainly deserves mention as a continually emerging trend.

Equally important, the sheer number of people connecting to the internet has grown exponentially. For instance, 3.4 billion users used the internet in 2017. As we enter 2022, internet usage will expand to another 1.4 billion users. Moreover, those users will consume 4.8 zettabytes of data annually, whereas users consumed 437 exabytes of data in 2012. So, 2022 levels reflect a multiple of 11 compared to 2012 levels.

As a result, 5G will take center stage next year in the U.S. owing to its more substantial reliability and expanded bandwidth. All the major internet providers – AT&T, Verizon, and T-Mobile – will expand their 5G coverage. In 2021 alone, 5G connections globally tripled to 670 million.

That greater bandwidth delivers more responsive experiences. It also allows technology companies to make their devices more immersive. In addition, use cases for the IoT become more expansive, and with that comes greater adoption of edge computing. In short, 5G technology enables business much more than its predecessor, 4G.

By the way, 6G capabilities will begin to take shape in 2022. Starting in 2020, a Next G Alliance represented by Apple, AT&T, and Google, among others, has directed its focus on pushing toward 6G capabilities.

  1. More significant Expansion of Cloud Services

Gartner predicts cloud services spending will increase to more than $482 billion in 2022, up from $314 billion in 2020. Deloitte projects the industry cloud market at $640 billion within the next five years.

Source: Gartner

Although enterprises have reportedly migrated more than 83% of workloads to the cloud, there remains a chasm for what they host privately. Owing to compliance, regulatory, security, and privacy concerns, enterprises still maintain a sizable technology footprint in their data centers. That opens the door to a greater reliance on hybrid clouds and multi-cloud infrastructures to bridge the gap between data hosted on public clouds and on-prem.

Cloud-native applications will expand, as well. To optimize digital experiences, providers will take advantage of the cloud’s native capabilities, namely self-service provisioning, elasticity, and the power of cloud-managed services.

Cloud-native offloads the hosting burden and cost while optimizing business and technical process automation. Moreover, it allows the 24×7 response demanded by digital.

Finally, key cloud service providers like Amazon (AWS), Microsoft (Azure), and IBM present the serverless cloud as a solution. Often referred to as “functions-as-a-service,” organizations no longer tie themselves into leasing servers or paying for fixed storage amounts or bandwidth.

You don’t have to contend with configurations or technical concerns as a user. Instead, the serverless cloud delivers a bona fide pay-as-you-go service that scales as required.

  1. Artificial Intelligence Impacts Cybersecurity

Cybercrimes continue to escalate. By 2021, costs reached $6 trillion and will climb to $10.5 trillion by 2025. In addition, a single data breach in 2021 cost an average of $4.24 million. Meanwhile, ransomware claims have grown 150% since 2018, according to AIG.

It’s little wonder, cyber artificial intelligence (AI), though in the early stages of adoption, presents a trending IT solution for 2022. As a result, the market will grow by $19 billion between 2021 and 2025.

As the cyber-threat landscape evolves, organizations need real-time monitoring and remediation solutions. And AI plays a substantial role in providing those capabilities. For example, it delivers real-time network traffic analysis that enables faster response and remediation of threats. In addition, it can more readily identify risks and cybercriminal behaviors to prevent future attacks.

In 2022, you can expect organizations to deploy threat management, threat intelligence, endpoint detection and response, continuous vulnerability scanning, and Security Operations Centers with greater frequency. If they’re incapable of managing these services internally, outsourcing IT support to managed IT service providers or cybersecurity companies will provide an option owing to cost reductions and greater efficiencies.

By the way, hackers have become increasingly familiar with the benefits of AI. So, expect them to enlist AI to launch attacks.

  1. Cybersecurity Technology Trends Shaping 2022

No technology discussion can be complete without addressing cybersecurity. It shaped 2021 and will continue to do so in 2022. We just mentioned how AI would impact the security space but, here are some other trends that will shape the cybersecurity industry next year:

  • Focus on Application Security: The first half of 2021 saw a 348% increase in API attacks, according to a report by Salt Labs. In addition, Gartner predicts that API abuses will become an enterprise’s most frequent attack vector. As a result, more organizations will take a strategic approach to API security, accounting for unique business logic in application source code. In addition, anomaly detection via AI will support improved API security and defense against known and unknown threats.
  • Improving Edge Security: As IoT devices proliferate, your attack surface expands. As a result, edge security becomes critical. Improved security starts with a focus on devices themselves. But, it extends to security protocols to improve protection, including deployment of next-gen endpoint protection.
  • Deployment of Zero-Trust: Today, security extends beyond an organization’s perimeter. Hybrid and remote workforces, the increased use of mobile devices, bring your own device (BYOD), and cloud services require a different approach to security. Consequently, zero-trust architectures will become a critical trend in identifying verified users. Moreover, micro-segmented areas associated with zero-trust provide more granular verification control.
  1. Locking Down Supply Chains: Supply chain attacks increased considerably in 2021. For example, 82% of organizations suffered a data breach due to a supply chain security weakness (BlueVoyant). So, not surprisingly, we’ll see enhancements to supply chain security throughout 2022. As a result, many organizations will request a complete list of software components leveraged within a software solution from supply chain vendors. Indeed, 60% of organizations will use cybersecurity risk to conduct third-party transactions by 2025 (Gartner).

  1. Edge Computing Emerges as a Key Technology Trend for 2022

As IoT devices increase, edge computing increases. By 2022, the global edge computing market will reach $6.72 billion.

Edge computing relieves the latency issues attached to cloud computing. By moving processing to where it needs to happen, organizations can deliver time-sensitive data to remote locations. In addition, it can do so with limited or even no connectivity to a centralized location. As such, edge computing acts as a mini data center.

Of course, the expansion of edge computing requires a more significant focus on security as many devices inherently lack security.

On the horizon…

  1. Blockchain Enjoys More Industry-Wide Adoption

Blockchain, cryptocurrencies, and nonfungible tokens (NFTs) have been the darling of the media and the public. But these technologies are moving to the enterprise starting in 2022.

For example, Deloitte’s 2021 Global Blockchain Survey presented that 80% of the survey participants indicated their industries “will see new revenue streams from blockchain, digital assets, and/or cryptocurrency solutions.” As a result, spending will increase from $5.3 billion in 2021 to $34 billion in 2026.

Banking tops all industries from an adoption standpoint, followed by telecommunications, media, entertainment, manufacturing, healthcare and life sciences, retail and consumer goods, and government.

At its core, blockchain enables companies to track transactions and conduct business with unverified parties without the need for a trusted third party to validate the transaction.

Making a chain of data that you can only add to and not change increases security substantially. In addition, blockchain is consensus-driven, meaning that no single entity can assume control of the data. Moreover, it reduces business conflicts while improving transparency, immutability, decentralization, and an append-only structure.

Cloud Adopters & the Pending FTC Security Requirements – Are You Ready?

If you’ve adopted cloud computing strategies within your organization, you’ve already taken strides to keep up with the times in the ever-changing world of technology. As a result, your decisions have enabled scalability, reliability, and (hopefully) top performance — but did you know that most cloud infrastructures lack the security features required in the upcoming FTC Privacy Compliance Regulations? Not to mention the numerous processes and procedures your team MUST follow to obtain compliance and avoid major fines! 

At DataYard, we consider data security to be part of the foundation of our solutions – it’s a theme in every design, implementation, and managed cloud engagement we have. The reality is infrastructure and software alone are NOT enough under the current regulations. Companies must implement incident recovery, training, documented policies, and assign a dedicated owner / single point of contact of the organization’s privacy compliance efforts and strategy.

So the question is: Do you really have your yard in order when it comes to data security?

Third-party data service providers, especially those providing cloud computing services, are faced with unique and difficult privacy and data security challenges. While many companies that directly collect data from consumers are bound by the promises they make to individuals in their own privacy policies, cloud service providers are usually not a part of this arrangement. It is not entirely clear what, if any, obligations cloud service providers have with regards to protecting the data of individuals with whom they have no contractual relationship. This problem is especially acute because many institutions sharing personal data with cloud service providers fail to include significant privacy and security protections in the contracts that govern the exchanges. As such, individuals can be placed at the mercy of contracts that they did not negotiate and that offer insufficient protection of their data.

Since the 1990s, the FTC has been regulating companies in privacy and security matters under Section 5 of the FTC Act. This statute prohibits ‘‘unfair or deceptive acts or practices in or affecting commerce.’’ 6 The FTC has brought an extensive number of cases for problematic privacy and data security practices. We discuss in more detail how the FTC has gone about crafting a law of privacy from the ground up in our forthcoming article, ‘‘The FTC and the New Common Law of Privacy.’’ 7 Privacy and data protection attorneys at the large law firms, in-house counsel, and attorneys everywhere else follow the FTC closely. They look to the FTC for guidance about standards to follow. Thus far, the FTC has been more of a standard codifier than a standard maker. Instead of blazing a trail by creating new norms and standards, the FTC has waited until norms and standards have developed and then begun enforcement. Once the FTC has been enforced based on a particular standard, that standard achieves a new level of legitimacy and formality. For all intents and purposes, the standard becomes law. Because the law of privacy and data security is so fragmented, so magma-like in its nature, the FTC has had an unusually influential role in shaping the law of privacy and data security by embracing certain standards and norms that have achieved a decent level of consensus. For a long time, these standards have focused on what companies must do to protect the privacy and data security of personal data that they maintain. This year, however, there is an existing FTC case focusing on the standards for how a company, GMR Transcription Services, Inc., shares personal data with external data service providers.

In this case, the FTC found GMR to be deficient in doing due diligence before hiring its data service provider.12 Looking broadly at the complaint, there are three key things that the FTC is now requiring companies to do when it comes to contracting with data service providers: (1) exercise due diligence before hiring data service providers; (2) have appropriate protections of data in their contracts with data service providers; and (3) take steps to verify that the data service providers are adequately protecting data. This GMR case has several important implications. It indicates that organizations that hire data service providers may be directly at fault in many instances. The case also solidifies the principle that companies have duties of data service provider management — in choosing, contracting with, and overseeing vendors. This means that if a vendor has a problem, the organization that hired the vendor will also be under scrutiny.

Organizations that use data service providers for data processing might not just be victims if the data service providers make a blunder. They might be to blame if they failed to follow appropriate data service provider management practices. FTC enforcement based on inadequate data service provider management signals that standards in this area are starting to mature. The GMR case does not define the precise contours of what constitutes adequate data service provider management, but the details will be fleshed out over time. This FTC case has signaled that more attention should be devoted to the issue, and we can now expect more companies to take a closer look at their own data service provider management practices. The word is out that poor data service provider management might conflict with the FTC Act. Even without a data breach, poor data service provider management alone might still be a cause for FTC enforcement. Although the FTC generally cannot enforce against public-sector entities, the GMR case still has important implications. The case now establishes more clearly that there is a standard of care when it comes to contracting. The principles in this case apply to nearly all businesses, and FTC decisions reflect the consensus norms about privacy. If nearly all companies are legally obligated to do what the FTC demands in this decision, then this puts a lot more pressure on schools and other public-sector organizations to do so.

Protections of Third-Party Beneficiaries 

The FTC is also not limited in protecting consumers only when they have a direct relationship with an entity that maintains their personal data. In its early cases, the FTC focused primarily on enforcing company privacy policies. Since then, the FTC has broadened its enforcement far beyond privacy policies. Deception is a broad concept, and it is not limited to the explicit promises a company might make. Unfairness is even broader. An ‘‘unfair’’ trade practice is one that ‘‘causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.’’13 An exceptionally wide range of activities has been included in the FTC’s unfairness and regulatory efforts.14 Many of the alleged unfair actions seek to take advantage of vulnerable consumers, making exploitation the focus of many unfairness allegations.15 Thus, the FTC has very broad and general regulatory authority by design to allow for a more nimble and evolutionary approach to the regulation of consumer protection. Because FTC enforcement is not tethered to any specific privacy policy and is primarily focused on protecting consumers, it becomes quite apparent that the FTC has the authority to regulate entities maintaining personal data even if those entities do not make any promises directly to the people to whom the data pertain.

The FTC’s power to protect third-party beneficiaries of institutional bargaining extends to companies that provide cloud services to public-sector entities. Although the FTC can generally only regulate commercial entities under Section 5,22 when public-sector institutions such as schools use private-sector cloud service providers, the FTC can regulate the cloud service provider. Although the cloud service provider might not have a direct relationship with the individuals whose data they maintain, these individuals are third-party beneficiaries of the privacy promises made by those who provide data to cloud service providers. As such, if a school enters a contract with a cloud service provider where student data is shared with the provider, that provider must live up to consumer expectations. Moreover, if the provider negotiates a deficient contract with a school, the deficiencies in this arrangement might themselves be contrary to student expectations. 

Cloud Service Providers as Data Stewards 

The FTC has started to embrace a larger philosophy that third-party data service providers should act as data stewards. In other words, companies that collect, use, and share personal data have certain responsibilities owed to the data subjects. These responsibilities could include ensuring harm from the use and distribution of data is minimized using technical safeguards, administrative procedures, and contractual terms. Data stewardship is already a concept embraced in certain specific areas, such as health care. The FTC’s approach draws upon the tradition of ‘‘third-party beneficiaries’’ in contract law, whereby intended third party recipients of benefits of a contractual term are entitled to enforce that term even though they are not technically a party to the agreement.23 Good stewardship even has a fiduciary-like quality whereby relationships with stark disparities in power are sometimes treated differently than those who negotiate at arm’s length. In this way, the FTC approach is similar to that of courts when finding implied obligations of confidentiality.24 Consumers have very little ability to ensure that cloud service providers protect the personal data that were entrusted to them, which makes these consumers vulnerable and largely unable to reasonably avoid risk. The FTC has laid the foundation for establishing standards of data stewardship on each side of the cloud service relationship. The next steps have yet to be taken, but the path is there, waiting to be traversed.

the FTC staff has also issued extensive guidance on online behavioral advertising, emphasizing four principles to protect consumer privacy interests:

  1. transparency and control, giving meaningful disclosure to consumers, and offering consumers choice about information collection;
  2. maintaining data security and limiting data retention;
  3. express consent before using information in a manner that is materially different from the privacy policy in place when the data was collected; and
  4. express consent before using sensitive data for behavioral advertising.

The FTC has not, however, indicated that opt-in consent for the use of non-sensitive information is necessary in behavioral advertising.

In terms of enforcement, the FTC has frequently brought successful actions under Section 5 against companies that did not adequately disclose their data collection practices, failed to abide by the promises made in their privacy policies, failed to comply with their security commitments, or failed to provide a ‘fair’ level of security for consumer information. Although various forms of relief (such as injunctions and damages) for privacy-related wrongs are available, the FTC has frequently resorted to settling cases by issuing consent decrees. Such decrees generally provide for ongoing monitoring by the FTC, prohibit further violations of the law and subject businesses to substantial financial penalties for consent decree violations. These enforcement actions have been characterized as shaping a common law of privacy that guides companies’ privacy practices

Cybersecurity and Data Breaches – Federal Law

Cybersecurity has been the focus of intense attention in the United States in recent years, and the legal landscape is dynamic and rapidly evolving. Nonetheless, at the time of writing, there is still no general law establishing federal data protection standards, and the FTC’s exercise of its Section 5 authority, as laid out above, remains the closest thing to a general, national-level cybersecurity regulation.

That said, recent years have brought a flurry of federal action related to cybersecurity. In 2015, Congress enacted the Cybersecurity Information Sharing Act (CISA), which seeks to encourage cyber threat information sharing within the private sector and between the private and public sectors by providing certain liability shields related to such sharing. CISA also authorizes network monitoring and certain other defensive measures, notwithstanding any other provision of law. In addition to CISA, Presidents Obama, Trump and Biden have issued a series of executive orders concerning cybersecurity, which have, among other things, directed the Department of Homeland Security and several other agencies to take steps to address cybersecurity and protect critical infrastructure and directed the National Institute of Standards and Technology (NIST) to develop a cybersecurity framework. The latter, in particular, has been a noteworthy development: while the NIST Cybersecurity Framework provides voluntary guidance to help organizations manage cybersecurity risks, there is a general expectation that use of the framework (which is laudable, accessible, and adaptable) is a best practice consideration for companies holding sensitive consumer or proprietary business data. (The federal government’s response to the recent wave of cyberattacks is further detailed in Section II above.)

Specific Regulatory Areas – Federal Law

Along with the FTC’s application of its general authority to privacy-related harms, the United States has an extensive array of specific federal privacy and data security laws for the types of citizen and consumer data that are most sensitive and at risk. These laws grant various federal agencies rulemaking, oversight and enforcement authority, and these agencies often issue policy guidance on both general and specific privacy topics. Congress has passed robust laws that prescribe specific statutory standards for protecting the following types of information:

  1. financial information;
  2. healthcare information;
  3. information about children;
  4. telephone, internet and other electronic communications and records; and
  5. credit and consumer reports.

We briefly examine each of these categories and the agencies with primary enforcement responsibility for them below.

Financial Information

The Gramm-Leach-Bliley Act (GLBA) addresses financial data privacy and security by establishing standards pursuant to which financial institutions must safeguard and store their customers’ ‘nonpublic personal information’ (or ‘personally identifiable financial information’). In brief, the GLBA requires financial institutions to notify consumers of their policies and practices regarding the disclosure of personal information; to prohibit the disclosure of such data to unaffiliated third parties, unless consumers have the right to opt-out or other exceptions apply; and to establish safeguards to protect the security of personal information. The GLBA and its implementing regulations further require certain financial institutions (i.e., banks) to notify regulators and data subjects after breaches implicating nonpublic personal financial information, often referred to as NPI.

Various financial regulators, such as the federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) and the Securities and Exchange Commission (SEC), have authority to enforce consumer privacy under the GLBA, while the FTC (for non-bank financial institutions) and the Consumer Financial Protection Bureau (CFPB) (for certain banks and non-bank financial institutions) do as well. (Insurance is regulated at the state level, so GLBA financial privacy in this sector is administered by state insurance commissions.)

The SEC has also increasingly used its broad investigative and enforcement powers over public companies that have suffered cybersecurity incidents. In doing so, the SEC has relied on multiple theories, including that material risks were not appropriately disclosed and reported pursuant to the agency’s guidance on how and when to do so and that internal controls for financial reporting relating to information security did not adequately capture and reflect the potential risk posed to the accuracy of financial results. Of particular note, in 2018, the SEC published interpretive guidance to assist publicly traded companies in disclosing their material cybersecurity risks and incidents to investors. 

The SEC has suggested that all public companies adopt cyber disclosure controls and procedures that enable companies to:

  1. identify cybersecurity risks and incidents;
  2. assess and analyze their impact on a company’s business;
  3. evaluate the significance associated with such risks and incidents;
  4. provide for open communications between technical experts and disclosure advisers;
  5. make timely disclosures regarding such risks and incidents; and
  6. adopt internal policies to prevent insider trading while the company is investigating a suspected data breach.

Healthcare Information

For healthcare privacy, entities within the Department of Health and Human Services (HHS) administer and enforce the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) Congress enacted HIPAA to create national standards for electronic healthcare transactions, and HHS has promulgated regulations to protect the privacy and security of personal health information. In general, HIPAA and its implementing regulations state that patients generally have to opt-in before covered organizations can share the patients’ information with other organizations.

HIPAA’s healthcare coverage is quite broad. It defines PHI as; ‘individually identifiable health information . . . transmitted or maintained in electronic media’ or in ‘any other form or medium’. Individually identifiable health information is in turn defined as a subset of health information, including demographic information, that ‘is created or received by a health care provider, health plan, employer, or health care clearinghouse’; that ‘relates to the past, present, or future physical or mental health or condition of an individual’, ‘the provision of health care to an individual’, or ‘the past, present, or future payment for the provision of health care to an individual’; and that either identifies the individual or provides a reasonable means by which to identify the individual. Notably, HIPAA does not apply to ‘de-identified’ data.

With respect to organizations, HIPAA places obligations on ‘covered entities’, which include health plans, healthcare clearinghouses and healthcare providers that engage in electronic transactions as well as, via HITECH, service providers to covered entities that need access to PHI to perform their services. It also imposes requirements in connection with employee medical insurance.

Moreover, HIPAA also places obligations on ‘business associates,’ which are required to enter into agreements, called business associate agreements, to safeguard PHI. A business associate is defined as an entity that performs or assists a covered entity in the performance of a function or activity that involves the use or disclosure of PHI (including, but not limited to, claims processing or administration activities).Such agreements require business associates to use and disclose PHI only as permitted or required by the agreement or as required by law and to use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for by the business associate agreement. The agreements also include numerous other provisions regarding the confidentiality, integrity, and availability of electronic PHI.

HIPAA and HITECH not only restrict access to and use of PHI, but also impose stringent information security standards. In particular, HHS administers the HIPAA Breach Notification Rule, which imposes significant reporting requirements and provides for civil and criminal penalties for the compromise of PHI maintained by covered entities and their business associates. The HIPAA Security Rule also requires covered entities to maintain appropriate administrative, physical, and technical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

Information About Children

The Children’s Online Privacy Protection Act of 1998 (COPPA) applies to operators of commercial websites and online services that are directed to children under the age of 13, as well as general audience websites and online services that have actual knowledge that they are collecting personal information from children under the age of 13. The FTC is generally responsible for enforcing COPPA’s requirements which include, among other things, that these website operators post a privacy policy, provide notice about collection to parents, obtain verifiable parental consent before collecting personal information from children, and other actions.

Telephone, Internet, and Other Electronic Communications and Records

A number of legal regimes address communications and other electronic privacy and security, and only the briefest discussion of this highly technical area of law is possible here. In short, some of the key statutory schemes are as follows:

  1. the Electronic Communications Privacy Act of 1986 (ECPA) protects the privacy and security of the content of certain electronic communications and related records;
  2. the Computer Fraud and Abuse Act (CFAA) prohibits hacking and other forms of harmful and unauthorized access or trespass to computer systems, and can often be invoked against disloyal insiders or cybercriminals who attempt to steal trade secrets or otherwise misappropriate valuable corporate information contained on corporate computer networks;
  3. various sections of the Communications Act protect telecommunications information, including what is known as customer proprietary network information, or CPNI;
  4. the Telephone Consumer Protection Act (TCPA) governs robocalls and texts; and
  5. the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act governs commercial email messages, generally permitting companies to send commercial emails to anyone provided that the recipient has not opted out of receiving such emails from the company, the email identifies the sender and the sender’s contact information, and the email has instructions on how to easily and at no cost opt-out of future commercial emails from the company.

The Federal Communications Commission (FCC) is the primary regulator for communications privacy issues, although it shares jurisdiction with the FTC on certain issues, including notably the TCPA.

Credit and Consumer Reports

The Fair Credit Reporting Act (FCRA), as amended by the Fair and Accurate Credit Transactions Act of 2003, imposes requirements on entities that possess or maintain consumer credit reporting information or information generated from consumer credit reports. Consumer reports are ‘any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer’s creditworthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer’s eligibility’ for credit, insurance, employment, or other similar purposes.

The CFPB, FTC and federal banking regulators (e.g., the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency) share authority for enforcing FCRA, which mandates accurate and relevant data collection to give consumers the ability to access and correct their credit information and limits the use of consumer reports to permissible purposes such as employment, and extension of credit or insurance.
For more information on how DataYard can help you prepare for the implementation of new FTC regulations, please visit us at www.datayard.us/contact

Why buying your cloud direct is the more expensive option!

Cloud Service Providers Keep Your Data Yard in Order

When application providers or hosting managers look for cloud solutions to host their digital environments they have lots of choices to make.  Everything from the solution provider such as AWS vs Azure vs G-Cloud to the instances that are set up and how.  What about redundancy? Should you choose a public cloud architecture or private cloud architecture, what about a hybrid or multi-cloud?  The decisions are near endless and each deployment requires thought, strategy, and insight into both current and future needs. 

We often will face questions from clients and prospects surrounding why they should acquire a cloud environment through a service provider vs direct from the solution provider.  Our answer is simple… Do you know the answers to all the questions and options listed above? Are you prepared to bet your customers’ experience on it?  Companies turn to us to evaluate their needs, and how those needs are addressed within a cloud environment. Furthermore, the staff to competently deploy (nevermind properly), maintain, and manage high availability systems is very costly and often requires multiple individuals. The average cost of a DevOps resource today is $126,000 so if you need two, you are over a quarter million in salaries and you have not paid a penny to the solution provider yet.  

What about optimization and integration between systems and environments like in the case of multi or hybrid cloud architectures? Well, the complexity goes up and if these systems are not properly configured to work together or in parallel your computing costs will be far from optimized and will likely not properly perform as they should.  The truth is it takes an army to properly design, implement, optimize and maintain a cloud environment. That is what a cloud service provider (CSP) does, and because they spread those expensive resources over dozens of environments it in turn is more affordable than doing it alone.  

At DataYard we have designed some of the most robust and complex cloud environments, for some of the nation’s most recognizable brands and businesses that demand high performance and high uptime reliability.  In fact, our 99.999% average is nothing more than us properly configuring each environment for our clients’ needs, while ensuring proper updates and future deployments are coordinated and executed flawlessly. 

Next time you are comparing prices of “going it alone” vs working with a service provider, make sure to take into account the total cost of ownership (TCO) and ask yourself if deploying your valuable resources is best suited for making your cloud environment function or building more value for your customers.  We thought so!  Let’s build something great together… 

Check out DataYard’s RiSE program for information on how to get started.