Figuring out the physical location of your corporate information used to be a simple task. However, with cloud computing, the old standard places (in your PC or down the hall in the mainframe) often no longer apply. With cloud computing, that data could be the same city or literally 10,000 miles away.
In a recent blog entry, I wrote about how the FedRAMP policy is setting cloud computing guidelines for U.S. government agencies. Similarly in Europe, this NY Times article discussed that a European Union (EU) panel, known as the Article 29 Working Party, is expected to make the recommendation as part of its long-awaited guidelines on cloud computing in the 27 EU countries. The sellers of cloud services are hoping the new guidelines will improve their image in Europe where concerns about privacy and fears that business secrets could be stolen from data stored actually in U.S.-based cloud centers have discouraged sales.
Control over data is a primary concern and one reason why Europe is about two years behind the U.S. in terms of cloud computing services sales, according to the article. As a matter of economic policy, it is understandable that some governments may want data kept within their borders (to feed their own companies) and also to enable more control over the data itself.
These issues will get solved over time. Some IT leaders may take on more risk for tier 2 and tier 3 cloud storage as an example of where that line might be drawn. But patient medical information, financial data and even tax records will be the “long pole” in judging the degree to which public cloud computing is trusted. While “where is my data” is among the many good questions to ask when thinking through risk factors associated with cloud computing, a better question to put to the cloud vendor is “what are the steps you are taking to ensure the integrity and availability of my data?” Once you get a detailed answer, you should have a much better idea of the possible risk involved with a cloud deployment.