More work in standardisation, data protection needed to meet EC’s cloud plans

Industry welcomes EC’s cloud strategy but insists more efforts are needed in standardisation, security and data protection

The industry has welcomed the European Commission’s (EC’s) ambitious cloud computing strategy but insisted more efforts are needed in areas of cloud standardisation, security and data protection if the EC’sforecasts are to be met.

The European Commission’s cloud strategy – which aims to improve and increase the use of cloud computing in EU – stated that cloud could generate about €900bn and an additional 3.8 million jobs across the EU by 2020 with an overall investment of €45bn in the same period.

The UK’s cloud services body, Cloud Industry Forum (CIF), welcomed the strategy but warned that considerable effort will be required to standardise cloud services and improve end-user confidence if the EC’s ambitions are to be met.

“Europe will need to operate seamlessly as a community if it is to fully realise the advantages of cloud enablement,” said Andy Burton, CIF chairman.

According to the CIF, cloud standards must be defined and implemented to help establish trust among the customers. It also added that data protection, security and sovereignty issues must be clarified and resolved between European countries as well as with the US.  

The action-plan for the Commission’s ambitious strategy includes improving cloud’s standards, flexibility, interoperability and data portability; and developing models for customer-friendly service contracts.

"Cloud computing is still nascent with a rapidly evolving set of technologies and applications. Any attempt to prematurely create standards will strangle competition, reduce adoption, eliminate the incentive to innovate and restrict the potential economic benefits of cloud,” said Randy Bias, co-founder and CTO of Cloudscaling.

In this case, market dynamics are best left to play out in order to allow greater and more rapid adoption of cloud services, he added.

Premature attempts at standardisation can have the unintended long-term consequence of holding nations back as technologies evolve, experts warned.

“Currently, we see a proliferation of organisations working on cloud standardisation,” said Yves Le Roux, a member of Cloud Security Alliance (CSA).

The maturity in cloud computing can be achieved only when necessary standards and cloud certification schemes clarify the situation in co-ordination with worldwide organisations such as US’s National Institute of Standards and Technology (NIST).

While the EC has outlined that it will work with the US and Japan to prevent data protection regulation acting as a hurdle in the adoption of cloud computing across the EU, it has not specified a timeframe for it.

EC strategy lacking in answers

“The report acknowledges EU data protection hurdles to cloud, but it is hard to see where it actually comes up with fresh solutions to these challenges,” said Vinod Bange, a data protection specialist and partner at international law firm Taylor Wessing.

The experts welcomed some measures, outlined by the EC, such as developing certification for security standards and encouraging the EU data protection reforms to gather speed.

But “simply pointing to data protection solutions such as binding corporate rules (BCR) as being an appropriate answer provides no silver bullet”, Bange added.

Addressing the data protection challenges needs new thinking, experts said.

“It is disappointing that the strategy did not go further and specifically address the issue of the impracticality - from a cloud perspective - of references in EU legislation, which require physical auditing of data processing facilities,” said Luke Scanlon from technology law firm Pinsent Masons.

The EC should have made it a matter of priority to remove obstacles currently set out in EU laws which are holding back the uptake of cloud services, Scanlon said.

“Unfortunately, instead of taking this approach, EC said it will work with ENISA and other relevant bodies to identify appropriate voluntary certification schemes by 2014. This is not the answer that the industry wants to hear in 2012,” Scanlon added.

Europe at a disadvantage

Laws in non-EU markets are currently enabling competitors to help European businesses move to the cloud on the basis of certification schemes that are created by large cloud providers, such as Amazon and Microsoft.

“The Commission’s ‘we’ll get back to you by 2014’ puts Europe at a further competitive disadvantage, Scanlon warned.

One of the actions the EC is planning is to develop a European Cloud Partnership with member states and industries to harness the public sector's buying power (20% of all IT spending) to shape the European cloud market, boost the chances for European cloud providers to grow to achieve a competitive scale, and deliver cheaper and better e-government.

“Government and the public sector are major procurers of technology and their impetus will stimulate wider business adoption and growth,” Burton said.

Its own research on the UK market showed that public sector cloud adoption -- which currently stands at 62% -- will rise rapidly. Of those public sector organisations currently not using the cloud, roughly a third expect to do so within the next 12 months, adding credence to the European Commissions’ projections for growth.”

But experts said that cloud adoption in the EU can be improved only if big cloud issues such as standards, sovereignty, data protection and security evolved.

The industry welcomed EC’s cloud strategy, but insisted more efforts are needed in standardisation, security and data protection. The cloud computing strategy and guidelines the Commission has just announced, in its current form, “will have no effect on cloud adoption and may actually have the reverse effect”, said Colin Tankard, managing director of Digital Pathways.

Read more on Cloud computing services