Regulation: The 'bogeyman' of cloud adoption
By Edwin Yapp November 7, 2013
- Regulation, legislation important in a cloud world; but current frameworks holding back benefits
- All stakeholders must discuss this complex issue openly as cloud cost economics cannot be ignored
DATA privacy has been cited as one of the major impediments standing in the way of cloud computing but the issue, while significant and important, may just be a convenient bogeyman against its adoption, says a senior Workday Inc executive.
Speaking at the recently concluded CIO Leaders Summit held in Singapore, Annrai O'Toole, chief technology officer of Workday in Europe, said that while security is a issue that can be addressed directly, data privacy is a much more tricky issue to deal with.
“I believe that there is no doubt we [Workday] can do a better job in security than any of our customers can,” he said in his keynote address. “Just dealing with the mechanics of encryption, unauthorised access, and denial-of-services, we can operate at a scale that most organisations can’t.”
“[But then] there is data privacy, and regardless of how well we’re doing it, the interpretation of what the legal frameworks in different countries around the world are like and what they are telling us to do [or not do], means that some industries can’t use the service the way we are providing.”
Established in 2005, Workday is an enterprise software-as-a-service (SaaS) vendor that was born out of Oracle Corp’s hostile takeover of PeopleSoft Inc the same year.
The Pleasanton, California-based company, founded by former PeopleSoft executives David Duffield and Aneel Bhusri, specialises in human and financial capital SaaS services, powered by its public cloud platform.
O’Toole said that where data privacy is concerned, there is a reality of what legislation says and then there are people’s perceptions of what the legislation is actually backing up, adding that there are sometimes inconsistencies in how processes are practised in different countries.
In the United States, for instance, people wanting certain information would have to go to the US Foreign Intelligence Surveillance Court (FISC, also called the FISA Court) to get the authority to get it, he noted.
But in Britain, any police officer “with the rank of Detective Inspector and above can go knocking on doors and get the data” they require, O'Toole claimed.
“People get upset over the Patriot Act in the United States but in Britain, the requirements [for getting to private data] are much lower," he said. “I’m not trivialising the issue here but people must believe that their data is well maintained and secured at the same time."
“[What] I’m saying is that data privacy is a far more complex [issue] and a long conversation that we must have. But often times, people [just] boil things down to a simple statement that, ‘We need the data centre to be in our own country.’
“Well, actually we don’t. Regulators may want it, and it may make it easier [for companies] to do business but that’s a business decision. Is it for a genuine legal or regulatory reason? That’s open to debate,” O'Toole (pic) argued.
The Patriot Act 2001 was signed into law by former President George W. Bush in response to the Sept 11, 2001 terrorists attacks on the United States. The law was enacted to deter and punish terrorist acts in the United States and around the world, to enhance law enforcement investigatory tools, amongst other purposes.
O’Toole further argued that data privacy was only as strong as its weakest link, noting people could still compromise information even in large organisations, which have big on-premise data centres, as long as they have the right access and passwords.
“If you think that your organisation is not safe because your systems are not that good, and that you’re not emailing information around because you think it’s not safe, you’re deluding yourself. [Fact is] people are absolutely emailing confidential information around.
“People want access to the information, and they want it easily, and if you don’t make it easy, they’ll bypass your ridiculous security, and do things that are 100 times less secure,” he said.
Asked what can be done to mitigate such issues, O’Toole said public cloud service providers such as Workday will continue to obfuscate the information they hold in their data centres in order to alleviate some of the aforementioned concerns.
But despite what regulators and the industry are thinking, he believes that the cloud is an “unstoppable force of nature” and that it offers compelling economics.
“I don’t see the world saying, ‘Because the regulators say so, we’re going to spend 100 million dollars more to have our own data centres.’
“The cloud is an unstoppable force of nature and is fundamentally changing the CIO’s conversation from a ‘command and control’ into a ‘outcomes and experience’ conversation. This is what I believe most organisations’ leaders want to have.”
The CIO Leaders Summit was held from Nov 4 to Nov 5 in Singapore and was organised by Media Corp International. Digital News Asia (DNA) is the official media partner for the event.