Are Clouds Compliant?

Peter Judge,

Never mind security and cost. There’s one question around cloud computing that could be a show-stopper, says Peter Judge. Do cloud services comply with regulations, and can you safely use them?

Cloud computing can save users money. In several important ways, it may also be more secure than an in-house. But can you legally use it? 

That’s the question confronting a virtual conference on 30 September. And I’ll be there, chairing a session, called Are Clouds Compliant?

The technical side of cloud computing is well understood now. Unlike previous attempts at outsourcing to the web, most of the difficulties have been sorted out.

Some users still need that going over, and some will always prefer the absolute control they have over in-house It infrastructure, and they certainty that they are not locked into a particular online provider.

But the financial side of cloud computing is now clearer – and we can be pretty sure that it will take less up-front investment to get an application on a cloud service provider’s platform than to put it up in house.

A lot of users question the security of cloud apps, but providers like Google have very good arguments why cloud is actually likely to be more secure than in-house IT.

As eWEEK’s Wayne Rash put it: even if cloud is more secure, there’s another hurdle. It has to be provable – otherwise companies in heavily-regulated industries simply can’t use it, no matter how good it is.

That’s a big question – and a somewhat ironic one. Over the years, governments have put in place increasingly complex regulations about the storage and use of personal data, and about the reliability and security of the systems that handle it – in order to protect users.

The effect of these regulations may make it hard to use a cloud service. There are arguably good reasons for this: for instance, if that service cannot explicitly say where data is being held at all times, users should perhaps be wary.

But what if the regulations are preventing users adopting services that are the future of IT? If clouds are the future, and can deliver IT better, more cheaply and (maybe) more securely, is it possible that those regulations are actually holding back a necessary and beneficial move to the future of computing?

The Cloud Security Summit, run by BrightTalk, aims to get to the bottom of these questions, and I’m looking forward to my panel, on cloud compliance. 

I hope you can join me for an enlightening session, and pitch in any questions that you have.