Sunday, February 6, 2011

USA responds to the changing EU Data Privacy Directive, where's Asia?

Last week I blogged about that the EU Data Privacy Directive is going to be changed in response to the adoption and development of Cloud Computing.
IMHO, I thought the USA couldn't lag behind and I was not surprised that the NIST , the U.S. National Institute of Standards and Technology, has issued two new draft documents on cloud computing for public comment, including the first set of guidelines for managing security and privacy issues in cloud computing. Next to this, NIST has developed a Cloud Computing Collaboration site on the Web to enable two-way communication among the cloud community and NIST cloud research working groups.
So, it seems both USA and the EU are initiating efforts to guide the secure adoption of cloud computing by industry and consumer.
Now, I'm wondering about one thing, compared to Europe and the USA, what are the Asian countries doing to guide a secure adoption of cloud computing?
For a testpro like me it is very nice guidelines are being made for the 'Western' countries, but a lot of the 'cloud' is build in the 'East', so this I can't neglect.


Asia is not unified like Europe or the USA, so government guidelines here are not easily made for the many different countries forming Asia.
Private consortia like Asia Cloud Computing Association (see Europe's EuroCloud ) have been developed. But wat about the Asian governments, are they making unified guidelines for Cloud Computing?
John Galligan, Microsoft Asia Pacific's regional director for Internet policy, discusses this, with an emphasis on Singapore, on futuregov.asia and zdnet.asia.

Challenges there still are, one of the sentences made here I want to citate:

'One significant concern regarding cloud technology is the uncertainty over the location where data is stored and how strong data protection is to safeguard against criminal intent.'

This is also the case in the Western world, and as in the West, secure IT-auditing by the Asian governments and private sectors is necessary to test the security of their continuously innovating IT-infrastructure.

Galligan also says :"It's very interesting when people start to look at reliability, the level of redundancy and individual's access to the system, it can move decision makers to understand that maybe their current infrastructure is not as stable and secure as they think it is."

OK, it's a response from an employee of a private firm, but, IMHO, this is the single problem now with Cloud Computing, only with tackling these risks of reliability, redundancy and access, policy makers all over the world can be moved to adopt Secure Cloud Computing.

And that's a mutual challenge for all global parties involved in Cloud Computing: Business, IT-auditing, development and test!!

PS:
I'm no expert on Asian law, this example of cloud computing in Singapore does not have to be the case for other Asian countries, it only wants to illustrate an Asian response to Cloud Computing

No comments: