European users have three major cloud concerns:
1) Data privacy,
2) data security, and
3) legal concerns with overseas cloud providers (for which, read Americanproviders).
But it doesn’t end there. There’s also the worry about loss of control, dependency and trust.
If you have business interests in Europe, then you’re probably using a public cloud to manage your customers’ data. So you need to understand what they’re thinking.
Cloud storage has been making global headlines recently.
First, it was the Edward Snowden NSA revelations, which indicated the U.S. government could access everything in American public clouds.
Then we watched Microsoft battling the U.S. government over email privacy concerns.
Just a month ago, the phishing of celebrity selfies from iCloud was a top news story.
But even before all these causes of worry, Europe was already wary of American cloud providers. Trust-building efforts such as the U.S. Department of Commerce’s Safe Harbor program helped make progress, but these recent fears are hardening European perspective.
The different laws, regulations and uncertainty are causing four specific doubts in Europe:
1. Data Location
After the turbulence caused by the Snowden revelations about U.S. surveillance activities, this one requirement became the top priority.
Businesses in Europe now want their data to be stored in their own geographic location, so that local laws will protect it from being watched by others. In addition, some are avoiding American cloud players because of fears they’re liable to U.S. law—even with exclusively-European data centers. Microsoft continues to fight the U.S. government over access to data stored on its overseas servers.
As matters stand, it appears we’re heading toward a day where data control is defined not only by where your cloud data is physically stored, but also by who stores it.
2. Steps Taken By The European Commission
In the same way that American states are different, there’s disparity in the legal, political and cultural foundations of the 28 EU nations. So the pace of technology is far surpassing that of regulatory decision-making.
The privacy and data-location regulations that U.S. businesses protest can also hamper cross-border arrangements inside the EU. For example, German data privacy laws are far more restrictive than those of, say, the UK.
However, the European Commission finds it easier to work within the framework of these national foundations, rather than try to federalize this type of regulation. Instead, it aims to create directives, which set minimum bars that national laws must meet. A key underlying regulatory concern is to permit data to move across internal borders—but this only resolves Europe’s problem—not yours.
3. GDPR And Unprepared Cloud Providers
Try as it might to fix the internal situation, the EC will find it hard to make quick progress.
The new data protection directives of the EU General Data Protection Regulation (GDPR), aimed at strengthening consumer and business trust, could be implemented as early as 2015. However, only one in a hundred cloud providers meet the requirements, a recent study revealed.
In addition, the directive will cause concern across business relationships: It requires both data controllers—organizations that own the data—and data processors—e.g., cloud providers—to share liability for data breaches and violations of the law.
4. The Right To Be Forgotten
Residents of the European Union (EU) have a human right to request that personal information be removed from Internet search engines. This right was confirmed earlier this year by the European Court of Justice, in the so-calledCosteja ruling.
It is widely believed that the duties now imposed upon search engines will soon be extended to all “data controllers” or service providers—as part of the GDPR.Given that the average organization uses 759 cloud services, this so-called “right to be forgotten” presents a difficult task for cloud providers that maintain data indefinitely or do not have a data-retention provision in their conditions.
In addition, some also reserve the right to share the data with another third party as necessary. Digitization and cloud storage make it easier to remember than to forget, and information is more durable and retrievable than ever before.
These new rights can fast become a responsibility for cloud service providers, and the companies using them.
The Bottom Line
Such complex, unresolved issues may hamper public-cloud adoption in the EU. Companies could prefer to build their own data centers, simply so they don’t get embroiled in this seemingly unending turmoil.
Even if they do adopt cloud, they’ll want to be cautious and store their data in their own countries—even if local laws permit them to store it anywhere in the EU. This effect on IT decision-making will affect not just the customers’ business, but also that of its vendors and service providers.
At the end of the day, it’s important to evaluate the situation faced by your European customers. Before deciding on public, private or hybrid cloud for your workloads, consider the risks versus the benefits, and how you see your partnership evolve in the future.
When it comes to Europe, IT considerations can no longer be an afterthought in your strategy: They must be a focus. Done right, they could even prove to be your winning strength.