The Chartered Institute for IT and Cloud Governance

I’ve been communicating with a number of standards organisations on the status of Cloud Governance in different jurisdictions. With the portability of cloud workloads, the governance model should be handled on a global level and the standards institutions are moving quickly to set up a framework with a number of national and global bodies.

One of the most interesting pieces of work I have been sent is from the Chartered Institute for IT. The document sent to me (PDF linked here) is a response to questions raised by the European Commission for Cloud Computing in 2011.

I’ve pulled out some quotes from the document that have provided me some food for thought.

The cloud concept is straightforward and the potential cost benefits are staggering, yet progress has been hindered by the ability of society need for reassurance to embrace new business models and commercial software suppliers to operate in a truly multinational domain

In response to a question on the rights and responsibilities of both user and provider.

User confidence and awareness will improve through the demonstration of workable/scalable multi-tenancy clouds used by multiple organisations. The deployment of the eGovernment and eSciene infrastructures will provide examples of best practice, as well as help potential users and providers to identify potential obstacles when using cloud.

In response to a question on the role of eGovernment in the cloud.

… standard ratified models and agreements covering the different aspects of delivery and various levels of cover should be incorporated into the cloud strategy. These standards would mean that it would be up to the user and provider to agree which they want/need to apply to the particular service they are procuring/providing.
… standard flow down models and agreements that would enable a user to have the confidence that they are fully covered if they procure a service from a third party
… the presence of proformer (pre-agreed) data transfer and ownership agreements that stand up to EU legislation. This would help to remove one of the key barriers to cloud adoption and therefore should be included in the final version of the strategy.

In response to a question on cloud governance requirements

The Institute believes that for cloud to become a success then efforts will need to be made to encourage confidence among users. Cloud computing has long been criticised as limiting the freedom of users and making them dependent on the cloud computing provider. Users will need to be reassured that they are not going to get locked into services which are not flexible to meet changes within their business.

In response to a question on the limitations of cloud computing today

The PDF is well worth a read and I really hope to see some of the recommendations made in the document come into practice.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Data Privacy Regulations in the Middle East – Saudi Arabia

This is part of a series of posts, each one focusing on a specific country in the Middle East and Africa, discussing the current state of laws and regulations around the cloud. Today we’ll be taking a look at the Kingdom of Saudi Arabia.

As with the previous post I will be analysing the available information against six “Cloud Governance Concerns”:

  1. Can I store and process personal data and are there any requirements for me to be able to do so?
  2. Can I move personal data between different jurisdictions?
  3. Do I need to comply with any requests from individuals that own the data?
  4. Do I have to comply with requests to disclose personal data from other entities?
  5. How am I liable if data loss occurs?
  6. How long do I have to keep data?

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Dispersed Clouds and Loss of Control

Chuck has written a quite thought provoking article on his blog about the emergence of dispersed clouds and the need for a new computing model to build and manage them.

The Terminator.

The Terminator. (Photo credit: Wikipedia)

My first thought on reading this was of battling Arnie in a post-apocalyptic future where the machines had taken over. A future in which consulting would probably not be the most sought after profession.

Instead of giving it all up, growing a (bigger!) beard and building Dubai’s first underground bunker, I’ve had a think about why the topic of decentralised control is often an emotional one, especially in the Middle East. Many IT organisations over here are very tightly controlled with a central command structure. This has been greatly beneficial in developing standardised and integrated technology solutions within these IT organisations, however the phenomenal growth of the number of services and the amount of users that a typical IT department has to cater for is pushing the hierarchical service management model to it’s breaking point.

Chuck wrote that a “cohort” model would be used to allow cooperation between nodes in a dispersed clouds, with a global policy used to keep their actions within acceptable boundaries. This global policy is something that really got me thinking. To use my “Rise of the Machines” Analogy, the global policy would be akin to Asimov’s three laws of robotics:

  1. A robot may not injure a human being or, through inaction, allow a human being to come to harm
  2. A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law
  3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law

With the three laws as a global policy, the robots would be free to act and cooperate independent of a central command structure without doing something that would end humanity.
Great! That should keep the metal thugs in check.

Taking it back to dispersed clouds, what is needed to get everyone more comfortable with the perceived loss of control is a common language or framework for defining these global policies and I’m afraid it will probably be a bit more complex than Asimov’s three laws.
In order to define a global policy for a cloud the following would need to be taken into account:

  • Localisation – Where processing or action would be allowed to take place
  • Trust within the cloud – Services with which interaction or integration would be allowed
  • Trust outside the cloud – Other clouds that would be allowed to integrate
  • Scale of action – Metrics defining how much action a service can take in carrying out its tasks
  • Task blacklist – What tasks a service should never carry out

Structuring a conversation around a framework like this will help me to have a much more fruitful discussion with clients and I will try to play down the post-apocalyptic connotations.

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email

Data Privacy Regulations in the Middle East – United Arab Emirates

Update: Addition of some details gained from the Data Protection Laws of the World Handbook

This is part of a series of posts, each one focusing on a specific country in the Middle East and Africa, discussing the current state of laws and regulations around the cloud. Today we’ll be taking a look at the United Arab Emirates.

When trying to understand what can and cannot be done with data that is required to provide a public or private cloud service the following six “cloud governance concerns” can be considered:

  1. Can I store and process personal data and are there any requirements for me to be able to do so?
  2. Can I move personal data between different jurisdictions?
  3. Do I need to comply with any requests from individuals that own the data?
  4. Do I have to comply with requests to disclose personal data from other entities?
  5. How am I liable if data loss occurs?
  6. How long do I have to keep data?

Continue reading

Sharing Options

  • Twitter
  • LinkedIn
  • Google Plus
  • Facebook
  • Reddit
  • StumbleUpon
  • Delicious
  • Email