Forrester has been putting out really interesting reports on cloud computing lately. I discussed one of them in a recent post entitled "Cloud Computing: Whose Crystal Ball is Correct," which addressed the topic of private clouds. In that post, I examined Forrester's James Staten's point that implementing private cloud computing requires far more than buying vSphere and a few add-on modules-it requires standardization, process re-engineering, and organizational alignment.
This week brought another excellent report from Forrester, "Compliance with Cloud: Caveat Emptor," written by Dr. Chenxi Wang, exploring the challenges raised by the collision between data compliance requirements and cloud computing real-world offerings.
As Dr. Wang notes, most data compliance laws and regulation are written with an assumption that the liable party controls the infrastructure data is stored on as well as the placement decision about where that storage is located. Practically none of the laws and regulations recognize that a service provider may hold the data on behalf of the liable organization. Therefore, most compliance situations assign all of the responsibility to the user of a cloud computing environment despite the manifest fact that much of the control of the data is out of the hands of the user.
Several things about Dr. Wang's analysis stood out to me:
1.It may be easier to learn where an IaaS provider's data centers (and therefore, data storage location) are than for an SaaS provider. Google is identified in the report as not being able to state, definitively, where one's data is hosted or that its location will be restricted to any given region. Obviously, any opaqueness about location causes a real problem for users to ascertain if they are in compliance with applicable laws and regulations.
To Continue Reading: Click Here
By: Bernard Golden