Cloudy data sovereignty in Europe (part two)

Part one can be found here. Part two examines the ‘safe harbour’ approach to cloud data, and answers the question: who’s ultimately responsible for data in the cloud?

In 2000, the US Department of Commerce created the Safe Harbour framework to ensure organisations put appropriate controls in place for the protection of data when handling European and UK companies’ data that may be stored in the USA (for example an American company who may have regional offices in the UK, France and Germany that keeps employee data such as employment, tax and personal details centrally in the USA).

The Safe Harbour directives consist of seven rules that have been established specifically for US companies to comply with EU data storage directives.

The ‘safe-harbour’ approach, which allows for data on EU subjects to be moved out of the EU, does not have the adoption you may think, even if you …

Size Doesn’t Matter. Controlling Big Data Through Cloud Security

The issue of Big Data seems very prevalent these days. How to store it. How to manage it. And, how to best secure it. But Big Data is much more complex than a voluminous amount of information. It requires a new paradigm in application, process, and security…all from the cloud.
There’s data. And then there’s BIG DATA. Many of us have been bombarded with the term in many frameworks. There are some professionals that chalk it up to marketing hype or meaningless buzzword. Personally, I prefer the way Gartner categorizes it. That it is more than size. It is a multi-dimensional model that includes complexity, variety, velocity and, yes, volume.

read more

The Problem with Consumer Cloud Services…

…is that they’re consumer cloud services.

While we’re all focused heavily on the challenges of managing BYOD in the enterprise, we should not overlook or understate the impact of consumer-grade services within the enterprise. Just as employees bring their own devices to the table, so too do they bring a smattering of consumer-grade “cloud” services to the enterprise.

Such services are generally woefully inappropriate for enterprise use. They are focused on serving a single consumer, with authentication and authorization models that support that focus. There are no roles, generally no group membership, and there’s certainly no oversight from some mediating authority other than the service provider.
This is problematic for enterprises as it eliminates the ability to manage access for large groups of people, to ensure authority to access based on employee role and status, and provides no means of integration with existing ID management systems.

read more

IBM Eyes Amazon, Salesforce Cloud Turf

Amazon and Salesforce are getting so popular they’ve started infiltrating top accounts that have historically belonged to IBM. Amazon’s new partnership with the Nasdaq announced the other day is a good for instance.

So IBM has decided to fight fire with fire by going after the mid-sized businesses – concerns with less than a 1,000 employees – where Amazon and Salesforce are quite at home and peddle these companies Big Blue clouds they probably never knew IBM had or thought they could afford given IBM’s penchant for carriage trade pricing.

Reportedly IBM is going to adjust its pricing and trust its reputation and techno-smarts to make up any difference.

Big Blue is apparently hoping little sales – little by its lights – will add up to something substantial.

Salesforce CEO Marc Benioff claims IBM has lost its mojo and told the Wall Street Journal it “doesn’t own the technology like they did in the last wave.” He certainly hasn’t been seeing IBM in his accounts.

IBM, however, will be using partners such as Infor, Highland Solutions and 1,400 MSPs to penetrate his flanks with IBM PureSystem technology and rebranded OpenStack-beholden SmartCloud software for building public, private, and hybrid cloud. Naturally there will be analytics too.

They will be using their own data centers and IBM’s money (in the form of zero percent loans).

IBM has got so-called centers of excellence in Shanghai, Tokyo, New York and Germany where MSPs can get training and aims to devote a “substantial part” of a $100 million marketing budget to the cause.

IBM is depending on the cloud as well as emerging markets, analytics and smart cities to increase its revenue stream.

Gartner estimates the sale of cloud computing services will reach about $58 billion this year, up about $8 billion since 2011.

read more

Is cloud computing the future for EU economy?

Neelie Kroes hopes to make the EU the ‘e-EU’ with new strategy

The EU has launched a new cloud strategy, entitled “Unleashing the Potential of Cloud Computing in Europe”, designed to increase the use of and speed up cloud computing in Europe.

“Cloud computing could offer a huge lift to the European economy, but only if users can understand and trust it,” said EU digital agenda VP Neelie Kroes to open her speech yesterday.

The figures: a yearly 160bn Euro (£127.6bn) boost to the European gross domestic product (GDP) by 2020 – the equivalent of a few hundred euros per citizen – and a net gain of 2.5m jobs.

It’s not surprising, therefore, that Kroes called the cloud “a game-changer for our economy”.

According to the EU, one of the most important aspects of the strategy is to “cut through the jungle of technical standards”, with necessary standards to …

EC Aims To Tickle Cloud Adoption with Rules

The European Commission thinks the European bloc has been slow to adopt cloud computing in part because of security fears over data loss and privacy, particularly in view of America’s Patriot Act.

So it’s proposing to get involved in standards setting, contract condiitions and SLA terms on the happy theory – provided by IDC – that its intervention in cloud adoption will expand the European Union’s overall GDP by close to €1 trillion by 2020 – that’s €160 billion or $206 billion a year – and create 2.5 million jobs.

The scheme, called “Unleashing the Potential of Cloud Computing in Europe,” is laid out in couple of position papers released Thursday.

Neelie Kroes, who used to be antitrust commissioner and is now digital agenda commissioner, claimed that “Cloud computing is a game changer for our economy. Without EU action, we will stay stuck in national fortresses and miss out on billions in economic gains. We must achieve critical mass and a single set of rules across Europe. We must tackle the perceived risks of cloud computing head on.”

Among the initiatives on the agenda is the idea – already underway – of creating a so-called European Cloud Partnership consisting of the procurement officers in all the EU’s public agencies, which are responsible for 20% of the region’s IT spend, and have them set common requirements – like demanding interoperability – and pool their buying power.

Cloud-based e-government service would set an example and local providers would be favored with a leg up in the hope Europe can keep up with the US.

Anyway, the EC is proposing to sort out the jumble of security standards, develop a global data privacy standard, legislate a data-sensitive model contract and clarify knotty cross-border legal questions on data protection and liability by next year.

“You shouldn’t have to have a law degree to use the cloud,” Kroes cracked. “But today, many potential users think it’s too complicated, too risky, or too untrustworthy.”

According to Reuters, poor debt-ridden Greece “shows a bigger cloud appetite than its biggest European creditor, Germany,” allowing that maybe it’s because its hardware is coming up for renewal.

However, the Commission’s data suggests that EU companies could cut their costs by up to 20% by using the cloud.

The plan is to get an EU-wide certification scheme in place for “trustworthy cloud providers” as well as establish “safe and fair” contract terms and SLAs by next year.

The current contracts, the EC complains, may “impose the choice of applicable law or inhibit data recovery. Even larger companies have little negotiation power, and contracts often do not provide for liability for data integrity, confidentiality or service continuity.”

It will review the standard clauses governing the transfer of personal data to third countries. There will have to be “binding corporate rules” for cloud providers and the industry will be asked to endorse a data-protection code of conduct.

The EC means to get the European Telecommunications Standards Institute (ETSI) coordinating with stakeholders so a “detailed map of the necessary standards (inter alia for security, interoperability, data portability and reversibility)” can be drawn by 2013. It’s also pushing for standards around the cloud’s environmental impact, including energy consumption, water consumption and carbon emissions, to be in place by 2014.

See the 16-page http://ec.europa.eu/information_society/activities/cloudcomputing/docs/c… and the longer 32-page http://ec.europa.eu/information_society/activities/cloudcomputing/docs/c….

read more

Cloud, Virtualization, Storage and Networking in an Election Year

My how time flies, seems like just yesterday (back in 2008) that I did a piece titled Politics and Storage, or, storage in an election year V2.008 and if you are not aware, it is 2012 and thus an election year in the U.S. as well as in many other parts of the world. Being an election year it’s not just about politicians, their supporters, pundits, surrogates, donors and voters, it’s also a technology decision-making and acquisition year (as are most years) for many environments.
Similar to politics, some technology decisions will be major while others will be minor or renewals so to speak. Major decisions will evolve around strategies, architectures, visions, implementation plans and technology selections including products, protocols, processes, people, vendors or suppliers and services for traditional, virtual and cloud data infrastructure environments.

read more

EC launches cloud computing strategy

The European Commission has released details of a cloud computing strategy that it claims will create 2.5 million jobs and boost EU GDP to the tune of €160bn annually by 2020. The Commission’s plan for “Unleashing the potential for cloud computing in Europe” is intended to speed the uptake of cloud services in the region, according to Neelie Kroes, EU vice president for the digital agenda.

“Cloud computing is a game-changer for our economy,” said Kroes in a statement. “Without EU action, we will stay stuck in national fortresses and miss out on billions in economic gains. We must achieve critical mass and a single set of rules across Europe. We must tackle the perceived risks of cloud computing head-on.”

The Commission believes that the absence of common standards and contracts is dissuading enterprises from embracing cloud services, with fears around the safety of internal and customer data paramount. A proposed European Strategy for Cyber Security is to be put forward “in the coming months”, the Commission said.

The Commission said that key actions of the cloud strategy include:

“Cutting through the jungle of technical standards so that cloud users get interoperability, data portability and reversibility; necessary standards should be identified by 2013;

Support for EU-wide certification schemes for trustworthy cloud providers;

Development of model ‘safe and fair’ contract terms for cloud computing contracts including Service Level Agreements;

A European Cloud Partnership with Member States and industry to harness the public sector’s buying power (20 per cent of all IT spending) to shape the European cloud market, boost the chances for European cloud providers to grow to achieve a competitive scale, and deliver cheaper and better eGovernment.”

Popularity of BYOD Highlights Need for Mobile Cloud Security

The explosion of mobile devices in recent times has forced enterprises to tackle security issues as more employees are taking to accessing privileged company resources such as email, file servers and databases with their personal phones and tablets. An earlier report by research firm Gartner indicated that the security concern is increasing with this rapid proliferation with 90% of enterprises having already deployed mobile devices, mainly smart phones and with 86% of enterprises surveyed planning to deploy media tablets this year. These devices are now mature enough to replace many of the roles played by laptops or even traditional workstations. Considering the popularity of personal use tablets and the increasing time that employees spend on these units, it makes sense for enterprises to integrate them under a centralized IT network to save employee time and company resources.

read more

Cloud Expo Silicon Valley: The Cloud Identity Crisis

Information and identities are the lifeblood of your enterprise, yet the use of public cloud services challenge many legacy approaches to protecting what’s important. The move to the cloud requires a new control point that provides visibility and protection of your critical information and identity assets.
In his session at the 11th International Cloud Expo, Nico Popp, Vice President of Product Management and Development for Symantec O3, learn how Symantec O3 can help you realize the vision of a protected cloud, and hear the CISO from a major business bank discuss information security in the new world of cloud computing.

read more