Consumer Electronics Daily was a Warren News publication.
EU Cloud Strategy Coming

Confusion in the Cloud: Industry Urges Coherent Rules for Cloud Services

December 15, 2011 by Dugie Standeford|Top News

"The EU needs to become not only Cloud-friendly, but Cloud-active to fully realise the benefits of Cloud computing,” a select industry group said in recommendations Wednesday to the European Commission. Four issues are critical to the technology’s success, it said: data privacy, governance and identity management; trust, security and certification; interoperability, data portability and reversibility; and innovation and uptake. The EC said the report signals a desire on industry’s part for a more coherent legal framework for cloud services. That lack of clarity was also highlighted by responses to an EC consultation on the cloud, it said in a Dec. 5 report.

The world is “moving towards the complete virtualisation of resources and ubiquitous access,” said the industry report (http://xrl.us/bmkzdu). Although still in its early days, cloud computing is already a commercial reality and its adoption rate is growing, it said. Gartner predicts the sector is poised for strong growth through 2014, when worldwide cloud services revenue is projected to be about $149 billion, it said.

Cloud computing is part of the digital agenda plan to boost Europe’s economy, but it won’t happen unless the EU puts the right policy framework in place to mitigate risks and seize the full benefits of the cloud, the report said. Among other things, it recommended that the EC consider harmonizing all relevant laws in the EU and in the global context to encourage efficient cross-border cloud services. The panel also urged the EC to analyze the potential value cloud services add to EU growth and the opportunity cost of those services not being developed or used because of unnecessary regulatory and legal barriers. The EC should also determine if there are gaps in existing legislation currently under review, such as proposals on cybercrime, intellectual property and lawful access to data, it said. Industry should propose transparency best practices for cloud providers, it said.

End-users won’t move to the cloud unless they trust it, the industry report said. Laws governing the flow, processing and protection of data, including access, user security and retention requirements, must be made clearer, it said. The panel recommended that industry consider a warning/notification system for cloud data breaches as well as voluntary and industry-led mechanisms for enhancing trust and security.

One pressing issue is the need for better interoperability and data portability, the report said. Because of the complexity of the hardware/software stack that makes up the cloud, interoperability on all levels must be explored, it said. Recommendations included that the sector inventory all relevant existing and emerging cloud and Internet-related standardization and interoperability initiatives around the world by governments and industry to ensure the matter is approached in a global way. Industry should come up with a roadmap of necessary steps to ensure data portability in the cloud and ease of migration from one service to another, the report said.

In the area of innovation and uptake, the panel said adoption of cloud computing in Europe isn’t yet sufficiently transparent. Administrations and industry must overcome barriers relating to security, reliability, data privacy, network performance and other aspects, it said. Those efforts should focus on persuading businesses, especially small and mid-sized companies, to move to the cloud, it said.

All respondent groups to the EC public inquiry on cloud computing “agreed that rights and responsibilities are unclear” in cross-border situations, the EC reported. Commentators also complained of a general lack of certainty about liability and data protection, which jurisdictional laws apply to particular cloud situations, and other legal issues, it said.

The confusion points to a need for clarification, the EC said. Good practice guidelines for contracting, model terms and conditions and reasonable expectations for service level agreements would be appreciated, it said. Governments, as cloud services adopters, could set requirements for security, data portability and interoperability standards to spark rapid deployment, it said. But international agreements are needed for principles such as certification, data protection and security, it said. In any case, much more research and development is necessary, it said. The EC will unveil its cloud computing strategy in 2012, it said.