The article was inspired by an ICC BASIS and Government of Kenya co-hosted cloud computing workshop held during the 5th Internet Governance Forum in Vilnius, Lithuania last month.
View from the Cloud: Governing the Cloud
Herbert Heitmann is Executive VP, External Communications, Royal Dutch Shell and Chair, ICC’s Commission on E-Business, IT and Telecoms (EBITT).
The cloud offers businesses, consumers and the public sector endless flexibility, the potential for better reliability and security, enhanced collaboration, simpler devices and mobility. Yet with these benefits and opportunities come risks. While there’s little doubt that cloud computing allows people to achieve things unheard of before, many believe that predictions of its short term success have been widely overestimated.
For a start, cloud computing is in nascent stages and the market is expected to drive many improvements as deployment models mature. As often with new developments in information technology, users have legitimate questions and concerns on issues such as data security, privacy and authentication.
Policymakers too feel a need to dialogue with businesses and to be closely associated with emerging best practices and real-life experiences that could help them to effectively apply or adapt existing policies and legal frameworks to this model of computing. While effective policy forming for cloud computing will happen organically as take-up accelerates, policymakers need to avoid the “paving the way” regulatory mentality that occurred in the 1990s and continues to cripple Internet and e-commerce related policies due to being based on inaccurate assumptions.
Policy that does not appropriately consider the potential benefits of the cloud or which misconstrues the technologies or potential threats, could limit the flexibility needed by users to fully exploit the potential of new services and stifle end benefits. For society as a whole to benefit from the cloud, it is critical that policymakers invest to develop a thorough understanding of its specificity because public policy will inevitably impact the pace of development and shape the characteristics of the cloud.
There are three key areas for consideration:
Security and Privacy: Users need to be aware that any time a third party maintains information on their behalf or the information is maintained in another jurisdiction, it may be subject to different and in some cases conflicting legal obligations. Thus users should exercise caution when deciding to pass critical functions or the storage of sensitive data over to the cloud. Clear and transparent policies on how customers’ data will be used, stored, and protected are needed and governments in collaboration with business and other actors need to address issues of how to treat jurisdiction and privacy in the cloud. If policy is poorly designed, it could hamper take-up and impact services.
Competition: For the cloud to grow and evolve, open standards and interoperability must be promoted. Policymakers must seek governance and practices that encourage competition. Open standards for example, can help assure users that information can be transferred between cloud service providers with less threat of “lock-in”. They must also consider that we are still in an early stage of cloud development so any policy should be flexible enough to encourage experimentation and innovation.
Access in the Developing Countries: In developing countries, the most challenging issue coming in the way of cloud computing adoption is lack of access to broadband Internet – the pre-requisite for cloud computing. Governments must adopt policies that will promote investment in broadband networks in rural and digitally excluded areas, otherwise their countries will be placed at a competitive disadvantage and local businesses and citizens will be excluded from the myriad of benefits the cloud has to offer.
Business has a key role to play in addressing all of these issues – one that will not only benefit governments but serve in their own best interests. All stakeholders should work together to share best practices, debate issues and provide recommendations to ensure any policy decisions that are made do not affect development of the Cloud and serve to unleash the full potential of this computing model.
It’s important to note that in many cases new policy may not have to be formed. Governments must first consider existing laws in terms of their application and then decide if adjustments are required.
What is important is that laws are harmonized and focused on accountability rather than burdensome administrative processes or technology-specific legal requirements that do not produce outcomes.
There’s no doubt that policymakers have a challenge ahead – there are centuries of laws to be cleaned up which will come under increasing pressure as cloud computing adoption grows. However, if they act now and work with other stakeholders to put the best frameworks in place, the future benefits for users will be boundless.