The Wikileaks Amazon saga spotlights clouds Achilles heal, data sovereignty

Disclaimer : This is not a post on the right or wrong of Wikileaks, this is about the implications on public cloud computing.

Last weeks events around Wikileaks and Amazon are a startling reminder of just how different the public cloud computing model is when it comes to data law and responsibilities.

As i’ve highlighted in the title, to me this clearly shows one of the Achilles heals of cloud computing. Some don’t agree, but those some are mainly based in the USA. See some quotes below

“It’s USA-centric because it’s analyzing a USA-centric issue: U.S. govt cables, a US data host, and US law jurisdiction over that co”

My perspective is international.  Here’s how I see it (and this is high level).

  • An international organisation chose a US ’tied’ cloud provider to be their IaaS service provider
  • Some folks in the government took a disliking to their activities (in this case the content) and reportedly leant on the cloud provider
  • The cloud provider stopped providing service.

Now I acknowledge that this is an extreme case, but at its most basic level the same could be true of any international organisation. For example

  • I create a company that has a product that attacks a core US industry that has millions or workers and lots of revenue and tax income (Finance, automotive, pharmaceutical, IT, whatever), I choose a US based IaaS provider (because its large and costs the least)
  • The industry feels the pinch and lobbies the hell out of the senate (or the house) to do something about it because lots of jobs are on the line etc etc
  • The government intervenes, protecting its national interest (and that happens all the time) and has my company terminated from the cloud provider
  • It is also possible that they might go after the data (which incidentally violates my national data protection rules ). What then happens to my IP?

I’m not trying to scare monger here. What I am trying to do is point out a few salient facts about the international dimension of cloud computing. Specifically:

1)      Cloud computing is an international phenomenon, so many users will take services from a cloud provider who is governed by different laws, politics and sentiment.

2)      These users of cloud services operate under different data rules, and what may be legal or commercial or private in their nation could collide with the cloud providers  national laws

3)      The political machinations of the hosts government whims can have major impacts on the user, industry and trade

4)      The concerns voiced over data sovereignty over the last few years are actually valid

To me the Wikileaks case is a clear pointer to greater concerns about data sovereignty within the cloud community and a continued drive towards regionalisation of cloud.