This speech was delivered at the GAP Congress on Regulatory Affairs: "Opportunities for Business" on 26 September 2008.
I would like to introduce to you an emerging IT paradigm, cloud computing. Use of Cloud computing in business is new; it's transformative and carries important implications for our business regulatory environment.
The cloud computing paradigm will have enormous impacts on data privacy and data security. We need to establish a regulatory framework for the use of cloud computing in Australian businesses. This framework needs to find a balance between the appealing productivity gains from this new technology and the risks inherent in its use.
We are already seeing concerns within the Australian context over the use of information technology on the web in general. There are clear risks. For example, in August, the Australian Law Reform Commission (ALRC) made recommendations about "Rewriting Australian Privacy Law for the Information Age"; specifically, one of the recommendations is the "implementation of technology-neutral privacy principles, which should be supported by a technology-aware regulatory framework." One of these recommendations is that "an agency or organization that transfers personal information outside the country remains accountable for it, except in certain specified circumstances. "
But there is more than personal privacy at stake. In fact, I would maintain that cloud computing can bring thunderstorms for the unwary.
In this talk, I will make the case that Australia needs to establish a broader range of controls in order to allow Australian business to best leverage this new computing paradigm, the cloud, while avoiding its pitfalls.
I am now going to:
- Establish exactly what we mean by the cloud and how it differs from most computing today
- I'll explain why this evolution has distinct benefits for Australian business as well as risks
- I'll explain how this evolution represents opportunity for the Australian IT market
- And finally I'll also make several regulatory recommendations
So, what is the cloud?
"The Big Switch" by Nicholas Carr is a fascinating read on the subject. The book talks about a new approach to computing where computing resources are provided much like a utility, available on demand and paid by usage.
None of this, however, is completely new. In a sense, we continue to re-visit the past in how we use computing resources. The cloud computing paradigm is but the latest phase of the internet and is directly comparable to the heyday of the mainframe.
Some of the old-timers amongst us may recall the mainframe days. In the 1970's IBM championed this concept called "time sharing". The mainframe computer provided many users simultaneous access to shared, common computing resources and applications for variable fees that were dependent upon usage and the resources consumed.
In many ways, cloud computing is a return to those days, but with some important differences. For example, with cloud computing, your application is unlikely to be running as a slice on a single mainframe device. Instead it will most likely be running simultaneously on many commodity devices. Furthermore, the actual physical location of these devices is likely to be unknown to the user of the application.
So computing power, such as CPU, Memory and Storage, becomes a homogenized, utility service to be consumed much like we consume electricity today.
For example, the source of your electricity (which power station) is not important - put the plug in the socket and your appliance just works! And you pay, only for what you use. Cloud computing is the same notion, but for computing power.
That's all nice theoretically, but what is really happening? Are people really using this today?
Cloud computing is being adopted in the real world
Let's start with some household names - Google - Amazon. Google has a cloud offering called the ‘Application Engine'. Amazon has a very well regarded offering called the ‘Elastic Compute Cloud'. In addition to these well known names, there is a raft (hundreds) of specialist providers offering cloud computing to consumers, SMB, and enterprise.
Over the past year in our region, IBM has provided cloud-computing services to clients such as China Telecom, Wuxi Municipal Government of China, the Ministry of Science and Technology of Vietnam, and others.
Singapore plans to establish itself as a digital media entertainment (DME) capital, offering innovative content, services and technologies to the rest of the world. In keeping with that vision, the Infocomm Development Authority of Singapore announced the establishment of a Singapore Centre of Excellence (cloud computing test bed) in collaboration with Yahoo Research, HP Labs and Intel Corporation.
Closer to home, the NSW Department of Education has revealed it will replace one of the world's largest installations of Microsoft Exchange with 1.3 million Google mail accounts. This is a great example of Australian adoption of cloud based offerings.
So why are businesses and organizations doing this?
There are several clear advantages of cloud computing for businesses - namely, lower computing costs, increased flexibility, resilience and instant scalability.
I've talked about the example of the NSW Department of Education - for them, cost was an important driver. The cloud makes leading-edge technology available at a far lower cost than businesses pay for on-premise computing solutions.
This is also true for smaller organizations. Instead of making do with an under-resourced IT department, smaller companies can now access enterprise-class technology with low up-front costs, high resiliency and easy scalability.
Ideally, the cloud gives you all the functionality, but none of the headaches of running an IT infrastructure in-house. You pay based on how much computing you use. Of course this is an idealized statement, but the goal and the intent is exactly that the cloud becomes an effort free computing resource.
The cloud enables rapid innovation and rapid scale. In the context of the Australian business landscape, it will allow Australian startups to achieve global scale quickly and with minimal growth pains.
A clear challenge for Australian business has traditionally been how to access global markets. An example of a startup that has achieved global scale on a shoestring budget is a photo sharing website called SmugMug. With 30 staff, and using cloud based infrastructure they have attracted over 300 thousand paying customers all over the world with over 400 million photographs without owning any of their own infrastructure.
I have now introduced cloud computing and touched on the benefits of using cloud computing.
But, as I described earlier, we need to establish a regulatory framework for the use of cloud computing by Australian businesses. This framework needs to find a balance between productivity and risk.
Let's talk about the risks.
So, what's the catch? Despite the potential of cloud computing, some government and enterprise IT departments are hesitant to move to the cloud. Concerns over security, control, management and integration loom large.
For example, consider the ongoing privacy issue with personal information accumulated by Google and other web companies about our interests, our buying habits, where we live, who we talk to, and so on. This will continue to be a concern for privacy advocates.
Now, imagine the business equivalent, in the near future, where cloud providers have the same level of information about Australian companies and their customers. Furthermore, these cloud providers are likely to be international and using computers in multiple jurisdictions, thus exposing users of these cloud services to regional regulatory differences.
Uncontrolled use of the Cloud will expose Australian businesses to their information being inspected by unknown third parties.
Some real world examples of how these issues are affecting cloud users
Canada "has a policy of not allowing public sector IT projects to use US-based hosting services because of concerns over data protection." The USA Patriot Act states that the FBI and other agencies can review "content stored on any computer, even if it is being hosted on behalf of another sovereign state." The UK has similar authority laid out in its Regulation of Investigatory Powers Act, which allows the police or secret services to demand access to databases and servers.
France also bans government ministers from using Blackberrys "since the messages sent by the popular devices are routinely stored on servers sitting in data centers in the US and the UK."
It is also interesting to note that SWIFT, a bank-transfer consortium, has announced plans to build a data centre in neutral Switzerland, so that data collected in Europe will not be stored in an American facility, where it could be subpoenaed by the United States government.
What this means is that the regulation of intermediaries is no longer effective. We used to regulate intermediaries at these transactional bottlenecks-banks, cable companies, phone companies and the like-to limit how they could use their transactional data. This has just become much more complicated in the cloud computing paradigm.
This is an issue we must solve.
There are moves underway. In the United States, policy makers have begun discussing how to best extend existing regulatory and compliance measures to address these cloud computing issues. Relevant acts include Sarbanes-Oxley (SOX), PCI DSS, HIPAA, and SP 1386.
Australia also needs a regulatory response to these new issues.
On balance, what should be our response on behalf of Australian businesses?
I've talked about both positive and negative implications from cloud computing. Do we want Australian companies to be able to participate in the productivity gains that this cloud paradigm offers?
My view is that Australian companies should be able to benefit from lower IT costs by leveraging cloud computing, but it is important that we put regulations in place to ensure data security.
There is one other area that I want to touch on that is enabled by cloud computing.
Cloud Computing Enabled Innovation
Cloud computing also represents direct opportunity for Australia
With this massive shift in computing capability and the associated reduction in costs we can expect to see an innovation storm as new organizations compete to offer software hosted in ‘the cloud'; much like the dot-com boom we experienced in the late 90's.
For example, Analysts at Merrill Lynch (now known as Bank of America) forecast that by 2011 the cloud computing market could amount to $160 billion, including $95 billion in business and productivity applications (email, office, CRM, etc.) and $65bn in online advertising.
We're in the initial phases of a new technology cycle of innovation and growth.
Should Australian businesses participate? Yes, we certainly should
Cloud computing allows geographically remote market players, like Australian organizations, to operate on a level playing field. By delivering services over the internet, all participants avoid distance penalties. This is a clear difference from many other areas of possible Australian business innovation where distance from markets can be a limitation.
Furthermore, this is an area in which new businesses can rapidly establish viability, or not, for a relatively low cost of entry. So called, fast failing.
My conclusion is that we certainly want to find ways to encourage innovation in this sector. There are many ways that government can assist with growth incentives. Obvious candidates include Startup grants, tax breaks for investors, government as a customer, research initiatives.
So I've talked about Cloud computing. I have talked about advantages for Australian businesses from cloud computing and risks to Australian business from cloud computing. I've also talked about the opportunities represented in this new ‘innovation storm' for Australian business.
Recommendations
I'd like to make two recommendations to ensure we can embrace the cloud computing paradigm:
1. To establish a review committee to track and review regulatory measures being put in place by OECD member countries like the EU and the US. This committee can work with government to evolve appropriate Australian regulatory frameworks for cloud computing vendors.
2. That we also investigate ways to encourage new ventures that leverage cloud computing. This may be via earmarked startup funding for new Australian companies.
This last recommendation is in alignment with the recent Cutler innovation report in which Australia was encouraged to better utilize global innovation as a way to grow productivity. The Cloud is a great example of innovation from the global community that drives improvement in productivity as well as a raft of secondary innovation.
I recommend a regulatory strategy to encourage Australian businesses to leverage the Cloud.
With more that 25 years experience in research and development of operating systems and multi-user technologies, Martin Duursma is the CTO Office Chair for Citrix Systems, Inc. & Vice President of the Citrix Advanced Products Group. Martin Duursma holds a Bachelor of Computer Science and Bachelor of Electrical Engineering degree and is a member of the IEEE (The Institute of Electrical and Electronics Engineers).
________________________________________
Martin Duursma was a keynote speaker at the GAP Congress on Regulatory Affairs, held in Parliament House of Victoria on 26 September 2008 in Melbourne.
To read keynote presentations by other speakers, go to our 'Regulation as a Business Opportunity' discussion forum.
_________________________________________
RECOMMENDED BLOG:
Printer friendly version