By Alix Leboulanger, Senior Analyst, Aerospace, Defence & Security, Frost & Sullivan
The cloud is omnipresent in the headlines as a brand new and must-adopt-technology, but it has been there for a while. Cloud is a fancy name for online services and powerful data servers and processors behind. So, technically, as the experts put it, there is no cloud. Still, it is famous enough to become a phenomenon, with even a name for converging into the cloud as business offers are becoming incredibly attractive: the cloudification of business.
The increasing reliance on cloud based solutions hosted by few a single foreign providers, primarily based in the US, has been gaining more attention and even concerns over the last few years from commercial and government entities. The steep adoption of cloud computing to ease business workflows, better data processes and storage and subsequent savings could actually slow down as security, data privacy and regulations are getting into the picture.
First, the overall lack of data security has been holding back investments from governments and critical industries in cloud based solutions. If the public-private cloud architecture is widely used amongst commercial entities, they may certainly not offer the relevant security layers to protect data, especially classified ones. Interestingly, a survey* conducted by McAfee highlighted that 83% of commercial organisations are storing sensitive data in the cloud and 69% of respondents indicated they believe their sensitive data will be secured in public cloud but 1 in 4 have experienced data theft from the public cloud.
In addition to cloud security, recent regulations have casted a shadow on such enthusiasm. Are we witnessing the early beginning of cloud war between the US and EU?
As a matter of fact, the GDPR had a mixed welcome from big players such as the GAFAS in 2016, especially in a data centric world where data is the new oil and private user data the new gold. If governments, military and security sectors are not directly concerned by such regulations, the Cloud Act (Clarifying Lawful Overseas Use of Dada Act) enacted in the US in May 2018 is bringing a new perspective on this matter. This regulation allows from now on American authorities to access user data stored overseas by American companies (mainly the GAFAs).
On one hand, it could not underscore better the extraterritoriality challenges brought by the digital transformation. On the other hand, it also puts into light how sensitive data stored in GAFA’s clouds by non-US entities can be retrieved by American authorities and how they can access them.
Non –American commercial entities have voiced their deep concerns in terms of company business confidentially, competitive positioning and strategic planning. For instance, accessing sensitive European or Asian company private information stored in the cloud hosted overseas, based on the ground of anti-trust or fair competition, could be dramatic from an economic intelligence perspective, as it would reveal upcoming M&A plans and scenarios of one company, giving eventually the tactical edge to American competitors.
So let’s not imagine what would be the scenario if one country was storing military sensitive data into an American clouds hosted locally. By essence, no classified data is stored in the cloud as the security shield is not mature enough. And yet, it might be the case with some foreign government agencies directly using foreign clouds, or indirectly through cloud brokers and technology integrators.
Unless governments can step aside the cloudification or can build their very own ones, at a certain cost and know-how, the question is: do we really need to work with the cloud? What are the other alternatives: a highly secured, heavy-maintenance, limited modularity and adaptability private data centre to retain full ownership? Or Traditional physical storages capabilities? Or something else? It might not be necessary to go back as far as to the trees as would recommend uncle Vania in Roy Lewis book (The Evolution Man or how I ate my father) Can you really skip the cloud in the name of security and renounce to all its organisational benefits?…. or bring another legal retaliation act?
It is quite certain that all of this will happen, but one important recommendation is also to look ahead and assess what digital technologies can offer to tackle this divide. In the end, refusing the cloud is almost similar to refuse the digital transformation and it might not be a wise choice for survival.
For more information, or to contact the analyst please speak to Jacqui Holmes on jacqui.holmes@frost.com