A timely call for a secure yet open cloud | Opensource.com
A timely call for a secure yet open cloud
In mid-November, the open source/open standards advocacy group, Open Forum Europe (OFE), released an "Open Cloud Declaration," which identifies ten principles to help policy makers, industry, and other stakeholders find "a global and open approach to Cloud technologies and solutions."
It is not a coincidence, of course, that the Open Cloud Declaration was released during the same week that officials from the European Commission were meeting at a summit in Berlin to discuss data protection and cloud computing policy. These leaders (as well as policy makers in other countries, such as Brazil) are weighing their reactions in response to the ongoing revelations regarding data collection by the U.S. National Security Administration (NSA).
The OFE Declaration acknowledges the obvious—that uptake of cloud computing is dependent upon trust—but in equal measure cautions against a counter-productive over-reaction.
The Declaration begins:
We recognise that for Cloud to succeed, its customers need to have confidence in it. Similarly, the benefits of Cloud and its efficiencies of scope and scale can only be realized in a regulatory environment that supports responsible global information flows.
The principles contained in the Declaration call on all stakeholders—government, industry, and international institutions—to adhere to global standards and open and transparent procedures when building cloud offerings as well as cloud policy. It calls specifically on industry to build trust through the provision of appropriate privacy and security protections.
And, in an effort to temper the calls for putting up virtual trade barriers, the final principle calls on governments to "refrain from restricting choice of cloud solutions through mandatory requirements such as location of data centres, specific contract terms, unique certification requirements or codes."
In essence, the Declaration says that the growth and promise of cloud computing can be irreparably undermined by hasty regulatory actions such as putting up virtual walls around regions, countries, or markets (via excessive restrictions on data flows and server location) that may not, in fact, provide the sought after protection.
To its credit, OFE is rolling up its sleeves and taking on the job of addressing these tough issues. The Declaration released in November is described as "Version 1." OFE is inviting interested organizations to not only sign on to the Declaration, but to join the effort to further refine it (by working on Versions 2 and beyond) and encourage the adoption of its principles.
All who are interested in an open and growing cloud are encouraged to take part. You can reach OFE here.