Clouds are a law unto themselves. They float freely, without regard for geographic, political or national demarcation lines. With a fair wind at their disposal, they can go more or less wherever they please. Of course, you could also argue that they are at the mercy of the elements and that these control their every move.
Which creates a clever analogy with cloud computing. Should it be allowed to ‘wander’ wherever it might please, without restriction, or should there be forces in place that dictate how and where they may operate?
It’s a big question and there are big numbers involved, with the market for cloud computing having surged in recent years. Market research firm IDC expects businesses worldwide to spend $28.2 billion on cloud services this year alone, up from $21.5 billion in 2010, with spending forecast to more than double to $57.4 billion by 2014.
Right now, the European Commission is knee-deep in finalising a strategy on cloud computing and a key issue is how to determine the applicable law when the user of a cloud service is a non-EU citizen or when the service provider operates within the EU, but is based in a non-EU country.
It’s a muddy field and, not surprisingly, some legal aspects concerning data and privacy protection are still under debate. To foster greater interconnection between services, the commission wants to create incentives for the industry to develop common standards over “security, interoperability, data portability and reversibility.”
All well and good, but for free-flowing clouds is it realistic, when you consider local protectionism and security issues? What if you’ve signed up with a service provider, with a data centre located in a particular country and that country suddenly has major security issues – and passes legislation that allows it access to all data within its geographical borders. The upshot is that your critical data may no longer be safe from prying eyes.
That apart, companies that provide ‘in the cloud’ services inevitably collect a vast amount of data from their clients. What do they do with it? And can you get all your data back, if you discontinue service with them? Tied in to privacy and accessibility, your data may be subject to different national laws and regulations regarding how it can be used. Are you comfortable (or even aware) of these diverse sets of rules and regulation governing use and access?
All of these caveats point in one direction: that you first make sure you are knowledgeable and comfortable with all of the rules and regulations governing how your data will be held and accessed—before you commit it into the hands of a third party.
Cloud without borders is both a geographical and legal challenge. Yes, it has many great advantages. But rushing in, like some crazed gold prospector, is fraught with risk. Those who secure their claim with a well thought-through approach and strategy that deals with all of the potential threats and traps is much more likely to be carrying off the biggest nuggets in the longer term.
As you plan your move to the cloud ask yourself these questions:
- How can you secure your information to the same degree?
- What assurances do you have around where the data is held?
- Can you maintain your compliance posture equally well?