The cloud computing model depends on the free flow of data: savings that can be achieved through economies of scale require load sharing across end user departments and branch locations in the case of private clouds, and in public offerings, rely on data sharing across regional boundaries. And in cloud environments, the more balance of load there is across variables of time, application type and vertical seasonality, the greater the potential benefit.
But while end user perceptions of the IT- as- a-service delivery approach may be positive as a whole, broader adoption continues to be hampered by concern over security, an issue that has been flagged by potential users as the number one hurdle that must be overcome. Security fears appear to reside in two prevalent views of the cloud which argue that sharing entails a loss of segregation and control over data, and that common data pools may be more vulnerable to threats; and that differences in Canadian and the US privacy/security legislation mean that data should properly reside within its own jurisdiction. Potential Canadian consumers of cloud services, for example, may have concern over the legal implications of the US Patriot Act, which provides government with broader rights to subpoena personal information than does PIPEDA, Canadian legislation that many argue offers relatively stronger privacy protection.
But how do these perceptions of cloud security and privacy stack up against the reality of cloud service delivery? To explore this question, IT in Canada spoke with John Weigelt, cloud policy expert and national technology officer at Microsoft Canada. In discussion with customers, Weigelt has also encountered concern over cloud security, and is keen to dispel some of the “myths” about the cloud. An abbreviated version of a very extensive conversation, which put “lightning rod” issues such as data sovereignty, into proper context follows.