Home » Technology » Cloud Computing » Who regulates the cloud?
There is one question that many businesses fail to ask themselves – who is in charge up there?
As more and more organisations embrace cloud computing models, there is one question that many fail to ask – who is in charge up there? Cloud computing seems like a good answer to many issues, however, it could all come crashing down if organisations fail to take stock of policies, regulations and, ultimately, ownership.
The Global Software Piracy Study from the Business Software Alliance (BSA) shows that software piracy is likely to migrate to the cloud, especially as more users avail themselves of the technology for a mixture of professional and personal reasons. While organisations recognise the need for investing in licences on desktops and in software on the ground – i.e. visible solutions and services – it’s all too easy to ignore ones in the cloud. And services and solutions accessed via mobile and tablet devices. Ultimately, it all adds up.
According to Gartner, ‘cloud is a disruptive force and has the potential for broad long-term impact in most industries.’ In particular, a key trend identified in Gartner’s predictions is the move towards hybrid clouds, which cover both public and private clouds. Private clouds saw greater pick-up over the past year due to the concerns raised in connection with data security and regulations, which dictated where the cloud had to ‘be’.
We are already seeing an expansion in offerings that build and deliver cloud services, as vendors evolve their software licensing, monetisation and compliance strategies to accommodate new technologies like cloud and virtualisation. Ultimately, however, enterprise software licensing is a complex system of variables and equations that are extremely difficult to calculate, and cloud computing introduces yet another layer of complexity by adding in variables that are nearly impossible for software vendors to account for and for customers to track. Take, for example, if a company has a Central Processing Unit (CPU) based-licensing model. CPU models are licensed on the assumption that you will use a certain amount of CPUs. In the cloud however, if an application or programme needs additional computing power then the cloud service will automatically add one to accommodate this, therefore the number of CPUs running can be variable. This could mean that companies breach licensing agreements without even realising. Therefore, it is important that as your environment grows in complexity, you seek out correct advice to ensure that you are not only efficient, but also compliant.
Another point to consider is not only where your data resides within the cloud, but also how this fits into existing regulations that are drawn according to physical geographical borders. For instance, in the US, where a commission created by the TechAmerica Foundation – composed by figures from the cloud market – has set out a Cloud Computing Technology Roadmap, there is a motion to ‘slacken up’ on national border regulations for data hosting and transfer. US cloud firms faced challenges in pitching into, for example, the UK public sector unless they had a data centre within UK borders in which sensitive data can be stored.
Ultimately, the responsibility and ownership lies with the organisation choosing to place some, or all, of its data in a cloud-based environment. A survey from PwC showed, most organisations are now using cloud in one form or another, yet businesses are omitting to check the security controls surrounding their data. And although three-quarters (73%) of organisations are using at least one outsourced service over the internet, only 38% of large organisations ensure that data being held by external providers is encrypted. Despite this, around a quarter of large organisations and one-fifth of smaller ones have extremely confidential data hosted on the internet.
What I am trying to highlight here, is that your data is your responsibility. You need to carry out due diligence before choosing a cloud provider, to weigh up the options, including the advantages and disadvantages. What it comes down to is that there is no one regulator and you need to take control – whether by being meticulous in the agreement and contract agreement, or by working with a partner who can do this for you.
Additional resources and information relating to this subject provided by Dell are available here