The business world is excited and eager to utilize cloud computing, as there are a multitude of technological benefits and advantages. But before jumping to "the cloud" there are several regulatory issues an enterprise must understand. An enterprise's adoption of cloud computing traditionally may have been a business and technological decision, but enterprises must also take into consideration all aspects under the regulatory umbrella: government regulations, industry regulations and internal corporate policies.
As for government regulation, generally the same regulations apply to an enterprise using cloud computing as it would hosting its own internal server system. However, cloud computing can add a layer of additional concerns - such as data location, management and security - that may alter the regulatory landscape for an enterprise. At the upcoming Forecast 2012 conference in New York City, the ODCA Forecast Cloud Regulation Panel will examine and discuss some of the regulations that an enterprise utilizing cloud technology should be aware of and understand.
Defining "cloud regulation" can be as difficult as defining "the cloud." In the United States, laws and regulations that apply to cloud technologies are not centralized, so there is a bit of a challenge identifying, discussing and applying the appropriate compliance measures. At this time there is no official body of "cloud law;" regulations that apply to cloud computing technology and the data stored in a cloud environment come from a collective list of laws and agencies; for example: general contract law; federal and state privacy laws; and FTC, FCC, SEC, and Department of Commerce regulations.
There are also international regulatory considerations. One critical point is that even though cloud technology is borderless, regulations often force the creation of borders in the cloud. For example, the European Union has a completely different approach to privacy than the United States and the EU Data Privacy Directive (which is currently being amended) contains language applicable to cloud computing. In addition, the 27 individual member states in the EU also have their own regulations. On the flip side, foreign entities may be weary to engage in business with American companies due to implications from the USA PATRIOT Act. Enterprises conducting business internationally or collecting data from people residing outside of their home country need to take all of these international regulatory factors into consideration.
The Cloud Regulation Panel will examine and discuss some of the hot regulatory topics:
International Regulations: As mentioned above, cloud appears to be borderless, however regulations that apply to cloud computing create borders. These regulations are not harmonized worldwide, and enterprises must be aware of regulations in their own country as well as other countries their business may touch.
Consumer Privacy Laws: One advantage in cloud computing is the capability to obtain large amounts of data, which typically contain information about subjects or individuals. Yet along with the move to "big data" comes privacy law considerations. Different regulations will apply depending on what type of information you are collecting, how you are collecting and storing the information and how you dispose of it.
Data Breach and Cybersecurity considerations: Data breach regulations, which apply to enterprises in and out of the cloud, present a challenge as the regulations vary from state to state, including nuances such as what defines a breach and what kind of mitigation and notification needs to take place. In regards to big picture security, the cybersecurity regulatory debate in Washington and internationally has only just begun, and it is important for users of cloud computing to understand the issues and watch out for regulatory changes.
All of these regulations become a factor when an enterprise is making the decision to jump to the cloud and continue to be relevant with ongoing cloud management. Enterprises may vary from one another, but they all face the same regulatory concerns. At the ODCA Forecast Cloud Regulation session we will examine just that. What are the main regulatory concerns for an enterprise utilizing cloud computing? What are cloud technology developers doing to accommodate these concerns? Have security regulations affected the development of cloud technology? How can companies manage their cloud usage in order to stay in regulatory compliance and best serve their customers?
The ODCA Forecast 12 Cloud Computing Panel will take place on June 12 at 2:35 pm. The moderator is Deborah J. Salons, Attorney and CIPP, and the panelists include: Brett Smith, Deutsche Bank Vice President, IT Security Governance; José E. González, Trapezoid Digital Security Services Chief Business Development Officer; Gordon Haff, Red Hat Cloud Evangelist; and Marvin Wheeler, Open Data Center Alliance Chairman and Secretary.
Additional information about ODCA Forecast 2012 can be found on the Open Data Center Alliance site.
Deborah J. Salons is an attorney whose practice focuses on telecommunications, cloud, and information security and privacy law. She is also a Certified Information Privacy Professional through the International Association of Privacy Professionals. Deborah currently serves as a Fellow for the Future of Privacy Forum and as a National Board Director for the Alliance for Women in Media. Deborah earned her undergraduate degree in Communications and Speech from the University of Washington, Master of Arts in Communications Management from the Annenberg School for Communications at the University of Southern California, and law degree from Indiana University School of Law- Bloomington.
The above insights were provided to InformationWeek by Intel Corporation as part of a sponsored content program. The information and opinions expressed in this content are those of Intel Corporation and its partners and not InformationWeek or its parent, UBM Techweb.