EC: Europe should become a ‘trusted cloud region’ in the post-Prism age

European cloud providers must turn the Prism revelations into an opportunity to build trusted cloud services, says the EC

European cloud providers must turn the Prism surveillance revelations into a Europe-wide opportunity to build trusted cloud services for customers globally, the European Commission (EC) has said.

According to the EC, Prism revelations could slow down the adoption of cloud computing services and Europe should build on its “relatively high standards” of data protection, security, interoperability and transparency of cloud services to become the world’s trusted cloud region.

Earlier this year it was revealed that Prism is a programme that allows the US intelligence community to gain access from nine internet companies to a wide range of digital information on foreign targets operating outside the US. Its existence was revealed by whistleblower Edward Snowden.

At that time, EC vice-president Neelie Kroes said US cloud service providers could suffer loss of business in light of revelations about the US National Security Agency’s (NSA) Prism surveillance system.

In its latest memo, the EC said that as cloud users become more conscious of the need for cheap, flexible IT services, without wanting to compromise privacy, Europe should ride on its relatively higher standards of security and transparency to develop cloud services.

Regional cloud providers to use the security, privacy and transparency standards to their competitive advantage and aim to make Europe the world’s most secure and trusted region for cloud computing

European Commission

The EC’s call for Europe to become a global cloud hub comes after it established a European Cloud Partnership steering board and discussed the possible fall-out of Prism revelations. The board members concluded that post-Prism, two issues must be addressed.

One is that trust in cloud is suffering, which affects cloud uptake and results in Europe lagging behind in cloud computing adoption.

Second, the Prism revelations have led to calls for national or regional cloud computing initiatives. Such fragmentation or segmentation of the cloud computing market along national or regional lines could unfortunately hold back the development of cloud computing in Europe, the EC warned.

Addressing the concerns of European citizens, businesses and public administrations should be seen as an opportunity for the development of cloud computing in Europe. Tackling the current lack of regulatory consistency in particular could boost the competitiveness of the European economy.

The Commission advised regional cloud providers to use the security, privacy and transparency standards to their competitive advantage and aim to make Europe the world’s most secure and trusted region for cloud computing.

The European organisation also suggested that the providers must develop an EU-wide single market for cloud computing where the barriers to data movement within the EU is reduced to boost competitiveness. That is why Europe must establish a fully functioning internal market for cloud computing, the EC said. It further advised them to restore trust with more transparency, use of high standards, avoiding lock-in contracts and providing audit reports of data access to customers.

It also urged the region’s largest IT procurer – the public sector -- to widely adopt European cloud services to and drive its adoption among other enterprises.

“Achieving this ambition is not a task for the European Commission alone. It begins with the cloud providers themselves and includes all stakeholders: Member states, industry and individual users,” the EC said in its memo.

The Commission also said that it is “strongly against a ‘Fortress Europe’ approach to cloud computing”.

“We need instead a single market for cloud computing. For example, the proposal for the data protection regulation will provide a uniform legal base for the protection of personal data in Europe. The fundamental principle at stake is the need to look beyond borders when it comes to cloud computing. Separate initiatives or a Fortress Europe approach is not going to work,” it warned.

The adoption of secure cloud services in Europe is not going to happen overnight through independent actions undertaken by individual stakeholders. The European Cloud Computing Strategy will help, but it needs the support of Member States as well.

Read more on Datacentre systems management