Comments on: The Boundaries of Cloud Computing: World, Nation or Jurisdiction?

By: Bert Bouwhuis

Bert Bouwhuis — Fri, 02 Oct 2009 18:41:35 +0000

Isn’t it about time to redefine the definition of “location” when referring to digital data? At a micro-level, location is a fuzzy concept anyway, keeping various RAID levels, disk striping and data virtualization in mind. Pinning data down to one disc is almost impossible these days. However, once storage arrays span geoclusters over WAN – and that will happen sooner or later – pinning data down to one datacenter will get harder and harder. What if “location” of digital data would instead be defined in terms of the owner of the data? If this is combined with a data “boundary” definition in terms of encryption, wouldn’t that give us the hooks into the existing legal frames?

By: Andrew S. Townley

Andrew S. Townley — Fri, 02 Oct 2009 09:33:06 +0000

This conversation came up quite a lot at last week’s COSAC Security Conference here in Ireland, and I covered quite a few of the issues during my presentation: http://bit.ly/18iO22. It is a huge issue in Europe due to the EU Data Protection Act as well as the public sector extraterritoriality issues you mentioned above.

What will happen is that many cloud users will roll their own solutions to this, but it still can’t keep the data isolated to a particular locality or jurisdiction. Seizure of assets is only one issue, and with large cloud providers is actually unlikely to happen in practice. The scale and jurisdiction issues will prevent doing this on a practical level. All of the seizure procedures and laws are geared towards the assumption that your datacenter is bounded by 4 walls that can be easily identified. In the cloud environment, this assumption is clearly false.

From a pragmatic point of view, most cloud users are encrypting the information they store on cloud providers anyway, so even when the information is shipped around the world, it is effectively useless and opaque should it be captured or archived. While there are groups at the UN level looking at some of these cross-jurisdictional issues, any effective changes will take quite some time to materialize, and there will always be those countries that aren’t part of the agreement.

You’re right that these issues can initially sway a cloud discussion towards a more traditional managed services agreement with some of the larger vendors. However, I think that a lot of organizations won’t be able to ignore the cost savings and the other benefits of more global cloud solutions vs. the price point that managed services could provide. Besides, the US Government has a Federal Computing Cloud for just this reason already. Whether it makes sense for smaller EU nations or other parts of the world to do this remains to be seen.

By: Tweets that mention The Boundaries of Cloud Computing: World, Nation or Jurisdiction? -- Topsy.com

Fri, 02 Oct 2009 09:31:57 +0000

[...] This post was mentioned on Twitter by François Bergeron. François Bergeron said: RT @AndreaDiMaio The Boundaries of Cloud Computing: World, Nation or Jurisdiction? – http://bit.ly/HJLNX [...]