Cloud Policy: Where Ideals Meet Reality, Part 2

Add Your Comments

Bob Deutsche joined Intel in 2004 and has more than 25 years of business and IT experience in positions that ranged from data center operations to software development to CIO. He can be found online at Bob Deutsche on the Intel Server Room.

Bob_DeutscheBOB DEUTSCHE
Intel

This is the second installment of the two-part post I began last month on my sixth fundamental truth of corporate cloud strategy: Technology-driven business practices often circumvent government regulations, but legal and government policy standards will dictate the cloud’s success.

In part one, I introduced six, tier-one policy and standards considerations for the cloud, based on Keio University’s Asia Cloud Manifesto (pdf):

  • Privacy
  • Competition and standards
  • Bandwidth management (wired and wireless)
  • Sovereignty
  • Copyright
  • Security (logical and physical)

Let’s examine these considerations and identify some of the major global government cloud policy initiatives that you (or your cloud provider) should consider as you continue your journey to the cloud.

Policy and Standard Considerations

Privacy. Let’s start this discussion with an idea sparked by a comment I received from Brad Ellison (Intel IT, Senior Data Center Engineer) on part one.  In Brad’s response, he states, “One of the things often lost in the industry’s discussion about the cloud is that there is a physicality underlying the capability.” Privacy, like all cloud policy considerations, is under the jurisdiction of the originating geography. Given that the cloud is a community-based ecosystem, how can you protect data privacy (whose definition varies from community-to-community) in a cross-jurisdictional environment?

Competition and standards. While international bodies (e.g., IEEE) pursue global standards, there are many more that shape standards along geography-based interests. Based on conclusions in the Asia Cloud Manifesto, rapid standardization in one ecosystem has the potential to lock out new standards and limit the actions of players outside the ecosystem. In short, the likelihood of conflicting national standards increases as these geo-based consortia propagate.

Bandwidth management (wired and wireless). This topic is so significant that I want to spend my next Data Center Knowledge column discussing it.

Sovereignty. When asked about a reciprocity agreement with Canada on July 21, 1911, Teddy Roosevelt said, “Economic considerations mattered less in foreign negotiations than those of national pride.” What was true then still holds today. No universal rules or legislative framework take precedence where multiple jurisdictions have an interest in a single matter. For a cloud ecosystem, jurisdiction over data is potentially asserted based on location of the:

  • Service provider
  • User
  • Server

How this consideration ultimately impacts market access via a cloud-based community is (at least in my humble opinion) the key element for the entire business model.

Copyright. How is this consideration applied uniformly, worldwide? How do you protect your company’s patents or an individual’s intellectual property (IP)? How do intermediaries deploy filtering features that comply with the appropriate jurisdiction’s rule of law (see sovereignty discussion above)? What happens if there’s copyright infringement? Who bears financial liability—the service provider, service broker, or country where the IP violation occurred?

Security (logical and physical). There’s an obvious link between security and privacy, which is perhaps best described by a comment made by Ed Goldman, Intel IT CTO and GM, IT Strategy, Architecture and Innovation. In a discussion we had on cloud security, Ed stated that “Privacy advocates desire that less data be retained about individuals (no matter if they want the personalization capacity which requires lots of data about them) and security advocates want us to keep more (to investigate and resolve). As we ensure better security, it comes at the cost of privacy. Conversely, as we enable more privacy controls, it comes at our ability to identify security risks and customer demands.” There are many geography-based security standards that compound this challenge, none of which apply end-to-end.

Government Policy Initiatives Sampler

There are cloud initiatives and strategies developed in the United Kingdom, Germany, Finland, France, Japan, and Taiwan and throughout the European Union. I’ve listed some of them below. I don’t intend this to be an exhaustive summary of all existing or draft legislation for all geographies. Instead, I hope it demonstrates the potential challenges imposed on a robust cloud ecosystem by non-aligned, geographically-based policy initiatives.

European Union

  • Electronic Commerce Directive
  • Data Protection Directive

United States

  • Cloud Computing Act of 2011 (draft)
  • Digital Millennium Copyright Act
  • Communications Decency Act
  • U.S. Patriot Act
  • FCC Ruling on Net Neutrality
  • Sarbanes-Oxley

Japan/Some Parts of Asia

  • APEC Data Privacy Pathfinder Project

To conclude this discussion, and maybe clarify a common misperception, let me say that these policies apply to both public and private cloud deployment models.

Finally, to help keep things in context, here’s a complete list of the inviolable, fundamental truths of corporate cloud strategy:

  • Large-scale transformation to cloud computing, including your critical business systems, is a journey that will take you from 8 to 10 years.
  • Cloud is a top-down architectural framework that binds strategy with solutions development.
  • Your cloud ecosystem is only as robust and adaptable as the sum of its parts.
  • Services-oriented enterprise taxonomy is not optional.
  • Cloud is a verb, not a noun.
  • Technology-driven business practices often circumvent government regulations, but legal and government policy standards will dictate the cloud’s success.
  • Bandwidth and data transmission may not always be as inexpensive and unencumbered as they are today (geo-sensitive considerations).
  • Altruistic motives do not generally keep the lights on.

In future discussions, I’ll continue to detail these fundamental truths. As always, I’m interested in what you see or hear about today’s topic or others we’ve discussed. Please join in the discussion by posting a comment or contacting me via LinkedIn.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.

Add Your Comments

  • (will not be published)