Fighting FUD: cloud players try to make sense of European data protection laws
#SuryaRay #Surya When the European Commission unveils its new cloud computing plan of action this week, the hope is it will reduce fear, uncertainty and doubt around Europe’s confusing welter of data protection laws that are impeding the broad adoption of cloud — especially public cloud — technologies. The upcoming European Cloud Computing Strategy is expected to push an array of standards for cloud computing and to help alleviate some of the legal hurdles to adoption.
Industry players who talked to GigaOM, clearly hope for the best but are prepping for less. Of the EU’s effort to rationalize all these conflicting dictates, Robert Jenkins, CTO of CloudSigma, the Zurich-based public cloud provider quipped: ”They say they’re moving but glaciers move too.”
The problem is that while the EU has set policy around data protection, the regulations are not uniform across its 27 countries,with Germany often cited for its tough data privacy laws that mandate that personally identifiable information (PII) of consumers remain on German soil. Switzerland, a non EU country has similarly strict laws. Clearly, that geographic requirement flies in the face of the notion that cloud computing is a borderless, frictionless world where consumers transact with merchants not necessarily knowing where that transaction takes place.
Cloud confusion reigns in Europe
Cloud computing players on both sides of the pond bemoan this lack of clarity.
“The reality is although the EC addressed data privacy issues it was a directive not a law and the net result is that EU member states have adopted a patchwork quilt of data protection laws that vary in penalties and enforcement,” said David Canellos, CEO of Perspecsys, a cloud security company.
No kidding. ”We’ve managed to confuse the hell out of customers,” said Jim Darragh, the newly installed CEO of Abiquo, a provider of cloud technologies. ”There are 160 different elements of European legislation pertaining to cloud.”
But pragmatists have to forge ahead. Terremark, is proceeding with the assumption that it will need to have presence in all the relevant countries, said Chris Drumgoole, SVP of global operations for the big enterprise cloud provider.
Having said that, Drumgoole said much of the concern over European regs is overblown. ”EU data privacy laws are the new trendy reason not to like the cloud. Basically, the rule is you must have command and control over data and know where it lies, you must be able to delete it, and provide audit records of what happens with it. These are fundamental things you should do whether you’re in the cloud or your own data center. You can’t put your data to bed in Germany and have it wake up in France.”
Now the issue is that given these laws, businesses are loath to put a tone of loads in public clouds — especially those with a limited number of data centers. Amazon, the 800-lb gorilla, hosts its European cloud operations in Dublin. It has no presence in Germany, the region’s biggest economy.
Public cloud loss is private cloud gain
Smart cloud implementors are proceeding but cautiously. Private and hybrid cloud adoption is often preached as a solution to this issue with PII data remaining under the control of the company. As IDC analyst Mette Ohorlu put it recently, Europeans are “mad about private cloud.” Her most recent data showed nearly three quarters (73 percent) of European companies surveyed are considering a move to the cloud and of those, 55 percent want to go the private cloud route, up from 36 percent last year.
The net takeaway from all my conversations is one of cautious fortitude. The feeling seems to be Europe — despite its economic woes — is a huge opportunity for cloud computing. And the upside of all this is that confusion is so bad now, it’s bound to get better with this week’s EU report and beyond. There will be more — much more — discussion of the European cloud computing picture at GigaOM’s Structure Europe conference in Amsterdam next month.