In Part One of this special report, we looked at the World Economic Forum's conclusions about the concerns around Cloud Computing. In this concluding part, the WEF's eight point action plan comes into focus. WEF identified eight critical action areas for government and the Cloud industry. WEF's report notes:
The WEF eight action points
Explore and facilitate the realisation of the benefits of Cloud
There is a sense that the benefits of Cloud Computing are not well understood. This means that some users may be held back from moving to the Cloud if they perceive the risks more clearly than the benefits. In addition, regulators find it hard to make balanced decisions that are in line with the European legal principle of proportionality if they lack a clear sense of how their decisions could potentially impact the macroeconomic and societal benefits of the Cloud as well as the risks.
The WEF report suggests that research carried out over the past decade into the benefits of broadband provides a suitable model for research into the Cloud. It recommends that such research should focus on the potential for job creation (and loss), looking especially at how small and medium-sized businesses could benefit from access to “best in class” computing solutions.
Advance understanding and management of Cloud-related risks
Governments should encourage research into the unique risk drivers in Cloud Computing and identify potential solutions as authoritative research is lacking on how serious the risks are for different types of applications and data; how well they can be managed; and how they relate to broader global risks such as political issues affecting the movement of information across borders. Collaboration among industry and regulators on conducting and publicising such research could educate and reassure users, and help to ensure that government regulation is appropriately targeted.
WEF argues that a better understanding of risks would also facilitate the development of nascent cloud insurance models to offer compensation to customers in the event of losses caused by the Cloud.
Promote service transparency
Cloud providers need to make available information about how their services are provided and how they perform, including how data is secured, where data is stored and/or what jurisdictional provisions apply, how and by whom it can be accessed, and how it can be deleted. This transparency would accelerate the development of the market by improving levels of user trust and facilitating the creation of aggregated services provided by multiple providers.
Government stakeholders indicated that as more consistent and comparable information on cloud performance and security becomes available to customers, the less they will be concerned about the need to protect less-sophisticated customers through regulation.
Clarify and enhance accountability across all relevant parties
Industry, regulatory bodies and third parties should collaborate to create and implement more consistent and comprehensive approaches to accountability for how Cloud services are provided. Efforts to clarify accountability for legal compliance are being hindered by unclear and sometimes inconsistent regulation. Clarity is needed over the roles of data processors or data controllers, what the respective obligations of both parties are, and which country’s laws apply to data when a cloud provider has data centres in multiple jurisdictions.
Government stakeholders indicated that voluntary industry moves to clarify accountability and establish corporate compliance programmes could reduce the need for regulatory intervention.
Ensure data portability
Fear of vendor lock-in holds back many potential users of Cloud, while many government stakeholders are concerned about maintaining competitiveness in the Cloud market. These concerns are lessened if it becomes quicker, easier and cheaper for users to move data, and perhaps applications, between different Cloud providers and between user premises and the Cloud. Governments have a role in minimising any regulatory barriers that are faced by efforts to standardise portability.
Facilitate interoperability
Industry players should pursue interoperability among multiple (private and public) Clouds. Interoperability will need to be accompanied by the evolution of clear accountability frameworks, commitments to commonly defined service levels and broad adoption of standards. Large industry players and governments can help accelerate this maturation process – for example, through encouraging visible research and pilot projects.
Accelerate adaptation and harmonization of regulatory frameworks related to Cloud
Governments worldwide should adapt and harmonize regulations relevant to Cloud with the aim of improving their applicability and reducing divergence across jurisdictions, while considering the maturity of the overall industry. Regulations are currently often inconsistent, conflicting and difficult to apply for users and providers operating globally which means users fear regulatory provisions are insufficient to protect their data from being unduly accessed by law enforcement or retained by providers. As a long-term goal, WEF suggests governments may wish to explore:
Provide sufficient network connectivity to Cloud services
Industry, government and relevant agencies should identify connectivity requirements for Cloud services (wired and wireless) and promote the commensurate deployment of networks across the world. Governments have a role in promoting better connectivity in all markets, especially in emerging and developing countries where the issue may be more acute. Policy initiatives that could serve as examples include the Europe 2020 broadband targets and the European Commission’s Digital Agenda pillar on ultra-fast broadband. In conclusion, WEF explains that its action points are:
It notes:
