EU Wakes Up To Cloud Data Protection And Security Issues

An increased focus on security and data protection in the Cloud lies at the heart of the proposed European Union strategy on Cloud Computing, according to EU vice president for the Digital Agenda, Neelie Kroes.

However, the industry is coming together already to drive self-regulatory initiatives such as the recent launch of the Cloud Service Provider Code of Practice here in the UK.

“A cloud without robust data protection is not the sort of cloud we need. So these features should be well-integrated in the design of cloud-computing products and services, from the very beginning of the business processes,” Kroes said last Thursday in a speech at the Les Assises du Numerique conference in Paris.

Businesses are increasingly aware of the benefits that the cloud can bring and in these straightened times, and that is not just about cost reduction, its about having the flexibility and agility to adapt your business to be more efficient, available and current. However for the cloud to become the commercial success those in the industry claim it to be, there are a number of key issues suppliers need to address now regardless of possible future Government regulation so that they can provide confidence to customers about data security, transparency of contracts and prevent technical lock in.

The Code of Practice was launched last month. Its goal is to address these end user concerns by improving accessibility to meaningful and consistent information about vendors transparency, capability and accountability for the services they offer to help deliver on the promises migrating to the cloud can make.

Data protection standards must also be transnational, Neelie Kroes added, stating: “the free movement of personal data within the EU is another way to complete the digital single market in Europe”.

The devil is in the detail when it comes to announcements from Europe and yet what struck us most was the Commissioner’s call for the development of new laws and Codes of Practice. The industry is already one step ahead of the EU in that respect so we would urge the EU Commission to engage with those at the coal-face such as the Cloud Industry Forum and Eurocloud and find out what is in fact going on at a national and industry level.

Whilst I am an advocate for the good intent of transnational policies and regulation to ensure a fair and ethical playing field these take time to deliver and build credibility. I am also a realist and understand the issues of data security and sovereignty that many businesses are concerned about, and the desire to get clarity on exactly where, and in which jurisdiction their data is held. The industry led initiative, open to governance by end users and independents is a much more realistic and practical approach for the market at this time.

I have argued from inception over a year ago that what was needed was an objective, transparent approach to the definition and delivery of Cloud computing and the provision of sufficient information for prospective customers to make an informed decision on which supplier/s can offer the best solution for a particular business need.

The Cloud Industry Forum intend to drive the debate to ensure that Cloud service providers work in a common interest to ensure that challenges to cloud adoption are addressed in an industry-wide Code of Practice, rather than being hindered by what could be seen as purely an aspirational approach by the EU at this time! I will work with the UK government and the EU but will not delay the essential work in providing clarity and comfort to end users through the requirements placed on service providers when participating in the Self Certification process.

Andy Burton is Chairman of the Cloud Industry Forum (CIF), which aims to develop and sustain a credible and certifiable Code of Practice for the Cloud Industry. He is also the CEO of Fasthosts, a Web hosting company. He previously adopted the role of Chief Executive Officer of Centennial Software, a leading provider of IT asset discovery.