By Accenture
These days, it’s all about cloud computing. We hear about cloud computing services for almost everything, everywhere. Global companies like Citigroup, Time Warner and Starbucks have already incorporated the cloud computing system into many usages such as data analysis, process re-engineering and to provide applications for their employees.
Furthermore, global IT companies and mobile communication companies including Google, Amazon, Microsoft, IBM, Accenture, Fujitsu, China Mobile and SingTel are making the competition tougher everyday by providing new developments of diverse cloud computing services to the cloud market.
Indeed, it is of no surprise that corporate managers have their eyes locked on this new appealing IT service. Now, no CEO can overlook the importance of cloud computing.
The potential benefits of cloud computing, which include promoting economic growth, creating employment and enabling innovation and collaboration, are quite well known. Furthermore, just the pure numbers behind cloud computing services are frankly astounding. According to the IDC source on Worldwide and Regional Public IT Cloud Services 2010 - 2014 Forecast from June 2010, IT cloud services will generate $55 billion in worldwide revenue by 2015. Also, the Center for Economics and Business Research predicted that the cloud would create 2.3 million jobs across the top five EU economies from 2010 to 2015.
Setting these numbers and optimistic forecasts aside however, there also lies a grave agenda before expanding the public cloud service. To address the issue, Accenture has conducted a series of workshops, surveys, one-on-one and group interviews, and concluded that one of the most critical agendas was “data governance.”
What Accenture’s research has shown is that there are several serious impediments to the wide-spread adoption of public cloud technologies. Many of the concerns about the cloud have long been discussed without a satisfactory resolution.
As cloud computing technologies significantly exacerbate these issues, cloud providers and governments must address them at a relatively early stage in the evolution of cloud services.
These issues include difficulties faced by customers in understanding who can access their cloud data, how it is protected and how they can be sure it has been deleted.
This also includes a growing desire by many national governments to include the evolution of the digital realm within their physical borders, with major implications for where cloud providers can locate the servers that process data.
Who owns the data? Who has the right to access it and under what circumstances? What rules apply to the use and sharing of data? Such questions tend to be more complicated when data is stored in a shared infrastructure managed by a third party.
Stakeholders expressed differing views on the appropriateness and feasibility of regulation alone ― as opposed to industry self-regulation _ to specify frameworks that govern data and its use in the cloud.
There were three key factors in need of an imminent solution that were raised under the heading of data governance ― data location constraints, data privacy and confidentiality and clarity of data ownership.
It is not always clear under which legal jurisdiction data in the cloud falls ― especially if, as many cloud architectures require, the data is split up and stored in multiple locations. In some cases, it is impossible to determine where a particular piece of data is at any particular moment.
Even if this were possible, data often falls under more than one legal jurisdiction, and it is unclear how inconsistencies among those jurisdictions would be solved.
Users are concerned about the possibility of foreign governments demanding access to their data. Governments worry about losing the legal ability to “oversee” data in the cloud and to apply their laws to it.
These concerns can result in data location constraints being imposed ― for example, requiring cloud providers to locate data within national borders, or additional legal hurdles and authorization on transfers of data outside a given jurisdiction.
Some stakeholders, however, see these concerns as a thinly veiled excuse for protectionism.
For their part, some cloud providers indicate that, if countries insist on data being stored within national boundaries, they will be unwilling to build new data centers in smaller markets.
They point out that the freedom to move data across borders helps to achieve the economies of scale that are key benefits of cloud computing, as there is a significant cost involved in using architectures that keep a customer’s data in a particular country or geographical block, potentially giving the largest providers an unfair advantage.
Many users say that concerns about data privacy and confidentiality restrict their willingness to use cloud services for sensitive data. In the cloud, data is stored on remote machines that are shared with other users. This makes concerns many users about the possibility of business competitors or government authorities accessing their data in the cloud without users’ awareness or consent.
Governments would like to mandate and apply national legal requirements for data stored in the cloud, and many already have. Given the cross-border nature of the cloud, though, national measures to protect data privacy and confidentiality have only limited the capacity to reassure users.
There is a desire for greater global consistency in data privacy requirements applying to the cloud ― but government stakeholders note that fundamental differences in their approaches make comprehensive international agreements less likely.
For example, the United States has a stricter regulatory regime for specific sectors, such as health care, where privacy and confidentiality issues are especially sensitive, while the European Union has blanket data privacy laws covering all data.
Some stakeholders feel that, given these regulatory challenges, users concerned about data privacy and confidentiality will ultimately have to rely on market mechanisms to assess the trustworthiness of providers in the cloud. Nonetheless, there is no guarantee that adequate market mechanisms will emerge in a timely fashion.
When a user moves data to the cloud, it is not always clear what rights the cloud service provider has to access, modify or distribute that data. Some users are concerned that certain types of legal protection associated with data they entrust to the cloud will be compromised if data is moved through the cloud to other jurisdictions ― for example, they may be exposed to insufficient or conflicting regimes with regard to their intellectual property.
Ownership of meta-data is often raised as a concern. Meta-data is created from connections between separate individual items of data, or from the context of when and how those individual items of data were provided. Meta-data can be extremely sensitive and valuable, even when the individual items of data are not. Who should have what rights to use meta-data and acquire the value that arises?
There is a lack of agreement on these issues, and regulation is not always conclusive. EU data privacy laws, for example, distinguish between data controllers and data processors ― but, in the cloud, it is not always obvious what the respective roles and responsibilities are.
There are scenarios in which users and providers could find themselves in a legal limbo, where the law provides no clear answer as to who is responsible for the data if, for example, security is breached or a provider fails.
While regulators say they would like to improve both regulations and user awareness of the issues surrounding data ownership, industry stakeholders express concern that overregulation of data ownership at this point in the cloud’s evolution could prevent them from meeting user needs and improving services.
This article was contributed by Accenture Korea.