"You have to be careful you don’t get sucked into an on-premises version of a public cloud in that you are making an investment that could be pretty costly," he says.
It sounds similar to the bare metal offerings of IBM's Softlayer subsidiary or Rackspace, but it's not. In Amazon's case, the dedicated host still runs the application in an Amazon Machine Image or a Xen virtual machine. You just have greater control over the hardware allocated, and a better audit trail.
While the market may not be too big, in terms of companies dealing with compliance issues, Crawford says "more times than not" he sees firms in those industries using compliance as an "all-encompassing excuse" not to embrace the cloud at all.
"Compliance is only for specific apps and data sets. It doesn’t govern the whole company. When you break down the problem it only governs a specific piece or component of data and only those apps," he says.
The result is compliance hamstringing companies from moving to the cloud. For example, a medical company has to deal with HIPAA. Ok, what about the rest of the firm? Mail, Office, accounting, CRM can all be moved to the cloud. But they aren't breaking down the problem and laying out the workloads and data sets, he notes.
"Let's say 40 percent of the data needs to be governed. Ok, you put a little more security around it. What about the other 60 percent? Go forth and conquer," says Crawford.
Sign up for CIO Asia eNewsletters.