What does Cloud Security Really Mean (Part 2)?
In my last blog entry on cloud security, I discussed how privacy, risk profile and data security all contribute to security in cloud-based services. The last element – regulatory compliance – requires a bit more time to discuss.
Regulatory is a key issue with the cloud, not only for industries such as healthcare and financial services but also governments. In Asia, there is still a fragmented regulatory framework, and this remains a significant hurdle for international companies working in multiple countries within the region. For instance, some countries – even tiny island nations -- require that citizens' personal information remain inside their national borders. Regulations like these prevent some of the benefits of economies of scale that are possible with the migration to cloud-based services.
These regulations means that cloud service providers can't maximize efficiency by providing regional data centers. And Software-as-a-Service providers can't run applications remotely if they need to download data in order to analyze or change it. Indeed, it could even hamper disaster recovery, because back-up data centers might be affected by the same weather or terrorism issues that shut down the main site.
At another level, it is challenging to identify which regulatory rules apply to which cloud services and their associated data, particularly given the prevalence of trans-border data flows. This is because of the tension created when competing authorities assert jurisdiction over cloud services and data across state and national borders. In China, government who also blocks Facebook does not allow companies to offshore their data, meaning they can use data centers only inside China.
IDC has estimated that in 2009, only about 4% of companies in China were using cloud-based services, compared with 16% in Singapore. Although Asia still lags a decade behind the US and Europe in terms of cloud maturity, the past 12 months have seen an acceleration in cloud adoption as more products and services enter the market and customers understand the benefits cloud computing can provide.
Australia and Japan are leading the region in cloud computing adoption at this stage. Japan in particular has had major cloud investments from local IT firms over the past two years, and these efforts have been heavily supported and encouraged by the government. According to telecomlead.com, Australia continues to lead the adoption of cloud computing in Asia Pacific with 43% of enterprises now using cloud computing in some form, and 41% of IT decision makers indicating that cloud computing will be a top priority for them in the current fiscal year.
At this opportune time, governments in Asia are in a prime position to design regulatory and legal frameworks that help build trust and confidence in the design and deployment of the cloud. With all the present red tape and stonewalling that we see, I predict business drivers will ultimately triumph because the business benefits are just too compelling to be passed over.