Opinion by David McLeman
Public sector procurement regulators at the European Union (EU) look to have finally got a grasp on the issues around cloud computing in Europe – which is good news for both users and providers of cloud computing services.
Public software-as-a-service solutions the way forward
Like the UK government, with its G-Cloud initiative, the EU has declared that the use of public software-as-a-service solutions is the way forward to meet public sector IT needs.
At EU level, this support is taking tangible shape in the form of a European Cloud Partnership (ECP), funded to the tune of €10m. The aim of the ECP – which is made up of various public sector procurement officers from across Europe – is to help the sector leverage its buying power. It will do this by identifying common requirements and standards across Europe and supporting procurements to meet these common needs.
EU policy-makers make the use of cloud solutions both simpler and more secure for all users
However, there is a second and perhaps even more important strand to the EU's activities: EU commissioners Neelie Kroes and Viviane Reding are looking at what they can do to make the use of cloud solutions both simpler and more secure for all users, including the private sector.
At the start of 2012, the commissioners announced plans to create a new legal environment that should make it simpler for cloud providers to offer solutions that support innovation and mobility while also providing security and data portability.
A new approach to data protection
At the heart of this plan is a new approach to data protection that means it will no longer matter where the data is or where the provider is based: "In Madrid, Mumbai or Mountain View", as Kroes put it. If the customer is based in the EU, EU data protection standards will apply.
That will give cloud providers the flexibility to locate operations for maximum resilience and minimum cost, while ensuring customers can be confident services meet EU security standards, no matter how or where they access them.
In short, says Reding, cloud service providers will need to offer "privacy by design" as standard.
The two commissioners have also announced that the EU's new approach will provide strong safeguards against supplier lock-in. Cloud service providers will have to make it easy and straightforward for users who want to switch services to get their data out, something users of Google Apps for Business have been offered from the start.
What's even more encouraging is that as the EU has moved forward with these plans, it has recognised that data protection is just one aspect of a wider regulatory and legislative environment that affects cloud computing services.
In a presentation in May, Kroes acknowledged that "many policies are relevant for the cloud, while the cloud is relevant for many policies." Along with data protection, she also named IT security, competition, consumer rights and intellectual property as areas that are integral to the development of cloud services. She added: "We will look at every relevant legislative and regulatory field in the EU and make sure that we do not inhibit with one hand what we are trying to promote with the other."
Commissioner Kroes has also made it clear that her team understands this is not just a European issue. During the same presentation, she remarked, "We can't just think European. The internet is global. The companies who use it are global. So we are ready to work internationally to agree on a common framework, especially when it comes to areas like cloud certification, data protection and security."
While the proof is still in the pudding, and we'll need to see exactly what form these new and changed regulations take – as well as what practical benefits are delivered by the European Cloud Partnership – it's heartening to see the EU has a decent understanding of both the benefits of cloud computing and the current roadblocks to adoption – and a willingness to take action to help cloud computing move forward in Europe.