There's no such thing as a 'cloud' -- data has to be physically stored somewhere
The issue is that cloud computing is global in nature, but relies on servers and networks based in real, physical locations, within national boundaries. And therein lies the rub, as BBC's Bill Thompson explains:
"Behind all the rhetoric and promotional guff the 'cloud' is no such thing: every piece of data is stored on a physical hard drive or in solid state memory, every instruction is processed by a physical computer and every network interaction connects two locations in the real world ... In the real world national borders, commercial rivalries and political imperatives all come into play, turning the cloud into a miasma as heavy with menace as the fog over the Grimpen Mire that concealed the Hound of the Baskervilles in Arthur Conan Doyle's story."
For example, he related, Canada "has a policy of not allowing public sector IT projects to use US-based hosting services because of concerns over data protection." The USA Patriot Act states that the FBI and other agencies can review "content stored on any computer, even if it being hosted on behalf of another sovereign state." The UK has similar authority laid out in its Regulation of Investigatory Powers Act.
Carr adds that France also bans government ministers from using Blackberrys "since the messages sent by the popular devices are routinely stored on servers sitting in data centers in the US and the UK." And, of course, there's China's firewall.
The examples cited here reflect concerns about how and where data is handled in cloud computing, or for that matter, in any type of IT arrangement that transcends national borders. It's unclear how this relates to applications themselves.
But this does raise the question of how much do we need to know about the services we acquire or consume from other sources. And, inevitably, it raises the specter of more meddling from legal departments in IT affairs. The beauty of both SOA and Enterprise 2.0 is companies have the ability and flexibility to subscribe to and consume services from a variety of sources from within and outside the firewall. Will consuming a service first require vetting by the legal department?
A lot of these concerns are not new, and have arisen with the growth of the Internet over the past decade. Data security and auditability is perhaps the greatest concern that arises with reliance on offsite services. Additional concerns voiced at this blogsite around cloud computing include the business viability of service providers, and the matter of competitive differentiation achievable through IT.
However, momentum is clearly moving toward more services being delivered from outside the firewall, and as the case with internal IT, this is an area that needs careful, yet enlightened, management. Even if your company is located in or around the Grimpen Mire.