Fears that data held by US cloud vendors is unsafe - following the exposure of the US's Prism mass surveillance programme – have led the European Commission to call for an alternative ‘secure' pan-European cloud industry to be built up. But the rallying cry has met with a frosty reception from British cloud vendors.
Brussels launched its drive to create an EC-wide cloud market last week, saying the industry should adopt “high standards of data protection and data privacy” because “the spread of cloud could slow in the light of recent revelations about Prism and other surveillance programmes”.
But Andy Burton, founder of the UK Cloud Industry Forum vendor group, responded by saying: "I would take exception to the EC statement that trust in cloud has suffered because of the Prism issue earlier in the year. Our research has shown a completely opposite view - that trust in cloud provision has grown over the past 12 months.”
And UK-based Gartner EMEA research director, Tiny Haynes, agreed: “I think that a lot of what we're seeing with Prism is a lot of noise.”
The EC's call to action came after its own European Cloud Partnership Steering Board (ECPSB) - made up of 20 leading figures from the European cloud industry – raised the alarm in July. The Board expressed “serious concern about the effect of Prism on the adoption of cloud computing in Europe” and called for “urgent action to address those concerns”.
But Gartner's Haynes insists that while individuals and businesses are moving slowly into the cloud, it is not because of this particular security issue. “I don't think that Prism is really causing anybody to slow, because people are not exactly jumping into cloud at the moment. To say ‘We are Europe and they are North America' - it doesn't really address what cloud is actually about.”
In its call to action, the EC accepts that “the adoption of secure cloud services in Europe is not going to happen overnight” and says it will require joint efforts by Member States and the private sector. It advises that “the cloud industry should also deliver and invest in innovative security solutions” and argues “trust can be restored with more transparency and the use of high standards”.
Andy Burton agreed with this part of the plan, saying: "The Commission is spot on when it talks about the importance of transparency and high standards, although the Cloud Industry Forum would caution against any heavy involvement of regulatory and legislative bodies in building cloud standards.”
Gartner's Haynes agreed cloud users are concerned about data sovereignty (cloud providers storing data in the country of origin), particularly in France and Germany and to a lesser extent the UK.