In IT circles, the move to the cloud may have become a broadly acknowledged inevitability, but the legal and regulatory frameworks surrounding cloud computing in developed and emerging nations remain a highly unsettled proposition, according to a new study from a leading software trade association.
The Business Software Alliance surveyed the policies in 24 countries estimated to account for 80 percent of the global information and communications technology market, finding significant disparities and ominous signs of digital protectionism that could chill the global expansion of cloud services.
"Our view is that really to capture the full economic potential of the cloud, governments have to do a better job of harmonizing their policies," says BSA President and CEO Robert Holleyman. "There is a substantial risk that governments will adopt policies that will really chop the global cloud into little pieces."
The BSA presented its findings as a scorecard, evaluating each country by a measure of seven policy areas the group considers critical to the growth of the cloud market, including data privacy, cybersecurity and intellectual property.
Japan Tops Charts, U.S. Finishes 4th
Topping the list was Japan, which received high marks for its policies to promote universal high-speed Internet access and its efforts to strengthen free trade. The report also touts a comprehensive set of Japanese laws that promote privacy without impeding data transfers and protect intellectual property, among other cloud-friendly policies.
The United States ranked fourth in the BSA's evaluation, counting among the strongest of the nations for its support of industry-led standards and efforts to harmonize international trade rules.
The BSA notes that the term "cloud computing" on its face is quite broad, citing a definition advanced by the National Institute of Standards and Technology that deems cloud systems those that enable "ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction."
"What is more important — and more understandable — are the economic and social benefits inherent in cloud computing," the authors of the report wrote. "For small and large businesses, governments and consumers, it equalizes access to technology."
Some of the developing nations that could present enormous market opportunities for cloud providers had some of the least friendly regulatory environments. Brazil ranked at the back of the pack, with a score of 35.1 out of a possible 100, receiving especially low marks for its stance on combating cybercrime and promotion of free trade.
China, which received the fourth-lowest score, also took a hit for its free trade policy, with the authors of the report noting the favorable regulatory environment that domestic companies enjoy in that country.
"China today only allows the cloud to operate behind the great firewall," Holleyman says. "Secondly, for U.S. or non-Chinese-based companies who want to prove cloud services in China, that has to be done as a joint venture with a Chinese company."
Predictably, many of the developing countries in the BSA's index continue to struggle with efforts to expand access to broadband connectivity, a vital precondition for broad adoption of cloud-based services and applications.
Patriot Act a 'Red Herring'
From the perspective of the BSA, which represents the interests of leading software and hardware providers such as Microsoft, Apple and Intel, the concerns about protectionism are not confined to emerging nations. European Union member states generally scored highly for their cloud-friendly policies, but Holleyman notes that some of those nations, such as Germany and France, have been trialing policies that would favor domestic providers of cloud technologies over foreign competitors.
"Lawmakers in the EU, I believe, are effectively putting their thumbs on the scales," he says. In particular, a controversy has arisen in Europe over the authorities of the U.S. Patriot Act, with some businesses and government officials warning that American companies could be compelled to furnish U.S. authorities with data stored overseas without seeking consent from the owner or providing advance notice. Holleyman called the Patriot Act stir a "red herring," arguing that that law is no more invasive than the statutes other nations have in place governing data requests from law enforcement authorities.
"That cannot be used to tilt the landscape in favor of domestic incumbents," he says.
The BSA is also wary of a new proposed set of privacy regulations pending in the European Union, measures the organization has branded "prescriptive mandates" that would unnecessarily restrict the ways that companies collect and store data while saddling them with a set of "onerous compliance obligations."
That effort would not only strengthen the privacy requirements for companies operating in Europe, but it would also go a long way toward harmonizing the policies among EU member states, where privacy regulation varies widely today.
In that sense, the BSA applauded the spirit in which the EU privacy proposal was offered. Indeed, a major thrust of the new report is the importance for nations with advanced IT sectors to work together to formulate a common legal framework for cloud computing. "We don't need every country always to be identical," Holleyman acknowledges, though he urged nations with the most mature legal and regulatory systems such as Japan and the United States to spearhead an effort to develop a more cohesive global policy framework.
Cloud Snapshot in Time
Holleyman emphasizes that the BSA's scorecard is only a snapshot, and that the rankings could see wide swings as countries advance various policy initiatives that either encourage cloud providers to enter the market or drive them away.
"Cybersecurity, privacy, issues like that are extremely important for governments to look at and we have to have an environment in the cloud that protects privacy and strengthens cybersecurity," Holleyman says, while reiterating the warning against policies that promote "incumbency" and digital "protectionism."
"At the heart of this message around the study is that the cloud will never scale to reach its full potential if it is placed behind a series of walls," he says.
Kenneth Corbin is a Washington, D.C.-based writer who covers government and regulatory issues for CIO.com.