European Commission Wants Your Input on Cloud Computing

The European Commission (Commission), the executive body of the European Union, is seeking the advice of cloud computing users and providers regarding the best uses of cloud technology.  While difficult to define, cloud computing offers a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction.  In other words, a cloud provides instant access to stored data but eliminates the need for that data to be physically located on central hardware.

On Monday, May 16, the Commission launched an interactive Public Consultation on Cloud Computing, whereby individuals can submit their experiences with, expectations of, and fears related to using or providing cloud services.  The online questionnaire will be used to aid in the development of the Commission’s forthcoming official statement on cloud computing strategy, currently scheduled for release in 2012.  Questions include:

• Do you think there are updates to the current EU Data Protection Directive that could further facilitate Cloud Computing while preserving the level of protection?
• What are the most important Cloud Computing problems that have to be discussed at a global level?

Privacy and security concerns have arguably been the single greatest factor limiting the growth of cloud technology to date.  While many businesses and individuals are intrigued by the ease, low cost, and on-demand nature of data storage on a cloud, the potential risks pose major barriers to implementation of the technology.  Like any data storage context, data storage on a cloud raises questions as to:

• Who owns the stored data?
• How does data storage affect the intellectual property rights to any proprietary data?
• How can a provider ensure security of the stored data?
• What measures are necessary to respond to a breach of the stored data?

However, these questions are far more complex in the context of a cloud.  Whereas traditional servers offer a hardware storage center where data is held, a cloud lacks a central point of physical storage that can be secured and monitored.  This amorphous nature of the cloud makes it more difficult to determine the exact location of stored data at any given time and, therefore, results in both difficulty protecting stored data and difficulty identifying if a security breach has even occurred.

In the global context, some of the issues I think exist include:

• Jurisdictional uncertainties;
• Cultural and national issues (e.g., valuing privacy, training and quality control, employee turnover, transparency of the operation and security);
• Host nation embargos on secure corporate servers;
• Obtaining cooperation to comply with litigation obligations; and
• Access to assets to satisfy a judgment

Although cloud computing has yet to result in a highly publicized data breach, there have been instances of data loss due to cloud failure.  Most recently, the crash of Amazon’s EC2 Cloud, permanently destroyed customer data.

With incidents like the EC2 crash and the host of novel security issues presented by clouds, the Commission will be looking for input on how to safely utilize this emerging technology.  If you or your business has experience with cloud computing, please consider offering your comments to the Commission.