Security and control means cloud compromise for EC

Europe cannot fast-track itself into the digital world even though the EC is pushing for change. This will force the hybrid cloud model on government and industries, and probably mean a multiple speed adoption at varying rates across countries. And cloud compromise seems to be the message.

Neelie Kroes, EC VP responsible for the Digital Agenda told the Cyber Summit in Bonn this week: “If we want Europeans to have confidence in the online world. If we want strong European players able to provide that assurance. If we want European data and European systems subject to European safeguards. Then we need networks and systems that are strong and secure.”

But she wants rapid adoption of standards: “The answer does not lie in constraining data within national borders, hiking up the drawbridge and creating isolated national fortresses,” she says. The European Cloud Partnership is about governments joining forces, to stimulate a market and find secure cloud solutions for Europe. Using the power of public procurement, worth one fifth of the cloud market. With common standards so Governments can leap into the cloud, without compromising on security, she concludes.

There remains questions over these standards, where any rules defined today may owe more to the way conventional, on-premise computing works, forcing cloud providers to conform to specifications and business models that would be better swept aside rather than being codified as best practice.

Ken Ducatel, who heads up the DG-Connect policy unit responsible for delivering the Commission’s cloud strategy, says: “It’s going to take time because it’s going to take experience and experimentation.”
It may be preferable to set EU-wide rules rather than let individual countries go ahead with local initiatives that end up becoming barriers to operating cross-border. But this runs into the issues of national control and politics.

Therefore the cloud strategy has focused on making sense of many different and often conflicting specifications and rules that already exist for cloud computing, with the aim of bringing clarity for buyers. 
Individual protection is already in draft form, but without any great shake-up of standards; business protection seems likely to follow.