Axon Consulting has released a new Paper, co-sponsored by Microsoft, which looks at the main challenges concerning the use of coud computing services by the public sector and the potential policy actions to address them.
Governments across the world are increasingly looking at cloud computing as an IT alternative for the provision of better, more efficient and less costly public services to their citizens.
Nevertheless, it is still common for them to be reluctant to move their data to the cloud. As a more cautious response to this new and paradigm-shifting technology, government authorities may
• be concerned about information security and data protection problems associated with cloud services
• consider imposing data localization obligations, among other measures.
Our studies show that information security and data protection may overlap or complement each other, but are not substitutes, nor do they target the same objectives. What’s more, data localization may not be the right way to address these public policy objectives. On the contrary, if generalized, data localization can have an adverse effect on the local take-up of cloud services by public and private clients.
Our Paper concludes that, although overregulation of the cloud should be avoided, there is room for cloud policy and rules to address clear existing needs or gaps through a mix of mandatory and non-binding rules. The range of cloud-specific issues that may require such regulatory intervention is not limited to information security and data protection.
More specifically, our paper covers from a non-technical, and policy oriented point of view, the following:
• A high-level overview of cloud deployment models
• Potential cloud policy approaches for governments
• The pros and cons of regulation
• Regulatory measures for better information security
• Classification of data and information
• Quality standards on the collection, security, fair use and processing of collected data
• Jurisdiction in data protection matters and cross-border data transfers