The “cloud” is (as it has been for a good few years) gaining public interest and acceptance as what will likely be the way forward. The promise is of an infrastructure and even a virtual world abstracted from life here on earth. But the reality (as it exists for now at least) is that it is certainly grounded well upon the soil of the real earth.
For those wanting to dip their toe, I introduce a fictional case featuring a fictional IT Manager “John” presenting what has been a real case, and what I feel may become an all too real reality for other “Johns” of the ICT community.
“To the cloud and beyond”
John’s been approached by the IT manager of his SME sized business to lead the charge into the cloud after his boss attended a recent seminar titled “The cloud and how to use it !!!” . John diligently researches the cloud and realises (as per the speaker notes from the seminar) that the technology is indeed the real deal and engages on “the project” to take his company “to the cloud”.
“Success ?”
Fast forward a few months. John has taken the initiative of what he truly believes is the smart choice for the company and re-architected around the pay-as-you-go, elastic environment that is the cloud. John proudly tells his colleagues about the initiative and the successes that he’s had over celebration drinks one Friday night. He’s happy to gloat that one of the reasons he had success was because he got little or no resistance from IT management. IT Management is paying for drinks as they are pleased in already seeing the cost benefits from not having to replace the aging infrastructure in the latest end of life chapter. As promised by the cloud, John even gloats about the fact the the users didn’t notice a thing. John finishes his night on a high and goes home feeling satisfied that the cloud is delivering for his company.
“The day after”
It’s 9:30am the next day, slightly hung-over from the night before, John sees the CIO racing down the hallway towards him with a panicked look. A number of things go through his mind:
1. The cloud service is down and users are screaming ? (Damn, there goes the rest of his day on the phone he thinks)
2. The cost of the service has just ballooned due to a problem with his estimation (which he’ll need sort in a hung-over state).
John’s boss makes it to his desk and in a flustered voice questions “Who the hell said you could host the companies private data in CountryABC ?”.
Slightly confused (and hungover), all John can mutter is “Pardon ?”
The conversation continues in a similar manner for some time with the crux as follows. Through John’s “Gloating” the night before, someone at the pub has overheard him spruiking about the companies move to the cloud and after some digging has found out where the cloud strategy strategy has landed his (he is a client) plus every other clients of the companies data.in CountryABC.
Still somewhat confused, John does some research and find that CountryABC is in the middle of a coup and is threatening to cut internet links, but more concerning is the fact that the government of CountryABC has just passed laws denying any form of privacy laws.
How did this happen ?
Data although a bunch of 1’s and 0’s at the end of the day ends up landing on a piece of IT equipment somewhere on the planet and at the time, falls under the legislation of the country under which that equipment is sitting.
Even with the the promise that data lives in the cloud the actual reality is that it does not and as it comes back to earth it’s (like people being exposed to the laws of the country they are currently in) is subject to the laws of the “resting” country.
Back to the present
Let me wind up by saying this, I believe in the cloud, I support where it is heading, however as someone who believes in risk management, I see the inherent risk in the cloud and the need to manage around the case as presented. The risk here is real as has been shown in several recent public failures where shareholders have found out far to late to avoid disaster (and major financial losses). For 60+ years the United Nations has been working towards orchestrating the governments of the world towards a common understanding and standardising of many of our laws. I might seem doubting, but how long will it take before the world can agree on a virtual world and associated laws where data and IP is governed by an independent set of rules ? More fantasy than this article I would say. So, please until we do hit this mythical world, do the research, know and understand not just the benefits but the also risks of the cloud so unlike John, you can suffer your hangover in peace.
Matthew Verity 