Transparency and openness will build our trust in Cloud…
Trust is a major issue for cloud customers and providers today. Information revelations have made many people question who has control over and access to their data, and raised issues of trust about cloud environments in particular.
This is the third in a series of blogs about cloud. The first took a broad look at today’s cloud industry post Snowden. The second focused on managing that continuing issue of trust. This blog will examine how we need to drive new levels of transparency to convince the most skeptical customer that cloud can indeed be trusted.
A key element in building cloud confidence is down to providers. The industry has to operate by standards that are open and verifiable, and it has to be seen to do so.
In shared cloud environments, particularly, it’s essential that the customer knows where data has been, and who has had access to it. Providers can do much more than deliver a monthly bill. They can produce data dashboards in real-time, detailing where data has been, who has had access to it, whether a breach has occurred, and how promptly it was reported and resolved. Customers can then contact their provider with enquiries, and build a trusting relationship.
Learning lessons from others
Transparency is a lesson that the meat industry has learned the hard way. The comparison might be unexpected, and the products and driving business forces are certainly very different, but the meat industry has encountered severe criticisms about its processes that were just as threatening to its success as cloud providers are now encountering. And it was a sustained strategy of transparency that helped the meat industry to survive and prosper.
When we buy our meat in the supermarket, we expect to know which country it comes from, where it has been, who has had access to it, what antibiotics have been administered, and what else has happened to it on the way. Global trading made those questions difficult to answer, so many consumers moved back to more expensive local butchers (think of a private cloud analogy), where the meat’s history was traceable.
The global meat industry then responded by introducing barcodes and QR-codes to provide routing and product information up to purchase. With openness and transparency, consumers have become convinced that the products are safe, and trust is rapidly regained. Cloud providers have the same challenge – and the same opportunities to introduce game-changing transparency.
National and regional governments have a vital role to play in underpinning cloud industry transparency. The new European Cloud Standard is still in its early stages of development. Canopy has been instrumental in helping to define what the European Cloud Standard will be in years to come, and it should make data legislation across the continent much clearer and easier to understand and comply with.
Canopy and Atos are actively participating in this debate, working alongside industry groups to develop new policy which is legally feasible, and helping partners and customers remain compliant as new laws evolve. In November 2014, Atos became the first IT company to obtain the Binding Corporate Rules (BCR) approval for processing personal data on behalf of its clients and for itself.
One of the big issues of trust where transparency is particularly important is data sovereignty. With huge amounts of data generated by customers each day, many cloud providers store it – raw and backed up data – in a variety of locations, so they can operate economies of scale in their highly competitive industry. However, customers expect to know where their data is stored, not least because the physical location determines the legal jurisdiction presiding over it.
As the cloud industry develops across the world, there will be growing numbers of different regulatory regimes. Valuable global customers will expect their data to reside in specific countries to meet their operating models, and transparency will be business critical for cloud providers.
Just as important, because one form of cloud does not fit all requirements, providers need to differentiate between open data and ‘very’ private data in order to understand what kind of compliancy rules are applicable, and whether data sovereignty issues are important.
Europe and its cloud industry has a proud record in developing standards that will help to build enduring trust among individual and corporate customers and sustain a successful cloud industry.
Look out for more blogs on the Canopy website that tackle pressing cloud issues in future.