Last week I was in a meeting with officials working for a research organization controlled by the Taiwanese government, and we had an open and frank conversation about the future of cloud in government. We went through the usual discussion about the importance of and case for building one or several private clouds, and I found something one of them said very refreshing: “there won’t be any other real cloud than the public one, so we’d better figure out how to use it”.
Governments are almost obsessed with the idea that they need to use a private cloud or a community cloud. If you ask individual departments, they say “private”, while if you ask organizations in charge for whole-of-government services, they say “community”. One thing they seem to forget is that scalability and elasticity are possible and affordable only if there is sufficient scale.
Shortly after the official launch of Office 365 by Microsoft, there has been some debate about how this service would made available in jurisdictions where Microsoft has no data centers. Over the last year or so Microsoft had suggested that there could be partner-hosted version of Office (not sure they ever meant those to be called Office 365) available as a service in those countries. One of the earliest partners to offer Office 365 (basically reselling the service hosted on the Microsoft cloud) has been Telstra, the Australian telecom company. When asked whether they plan to have their own hosted version of Office as a service for Australian clients who want their data to stay on Australian soil, they replied that they would need a least half a million clients to make it worthwhile.
Unless you are based in the US, Singapore or Ireland and few other places where all major cloud vendors have substantial infrastructure, you are unlikely to be able to lightly put personal or confidential information into the cloud. This is true for most public sector organizations but also for any other enterprise that must meet regulatory constraints on privacy and the likes.
But it may be even worse. Let’s assume your cloud provider has data centers in Europe and you feel comfortable with having data hosted there. Well, it appears that the Patriot Act may take effect also on infrastructure that US-headquartered providers have outside the US. This is clearly a matter for legal experts to clear and requires good risk management. However, regulated enterprises often tend to take the path of least resistance to compliance: it is easier to say no than taking the responsibility of assessing the risks of data hosted by a third party that may be required to hand over data and encryption keys to its government.
Now, all this has important consequences for the cloud market:
- If private clouds may not have the scale required to prove their value with respect to virtualized infrastructures,
- if government-operated community clouds suffer from the same governance problem as any other shared service endeavor
- if vendor-operated community clouds may not be readily available while vendors try to understand whether they can get enough client on-board to break even
- if public clouds cannot be used for data protection reasons
where does this leave the government cloud market?
There is a clear disconnect between market hype and client readiness. Things may change when more government organizations move to the cloud, and vendors start seriously planning for more localized infrastructures, or the EU and other concerned governments publish guidance or amendments to existing directives that either implicitly or explicitly prevent regulated organizations from leveraging cloud solutions on any significant scale.
How soon is this going to happen? Not sure, but it may take longer than many cloud evangelists and enthusiasts hope for.
Category: cloud Tags: