Would you like to get involved in a business that will be worth over $240 billion by 2020?
With minimal further investment would you like to capitalise on your current investment and see guaranteed returns for 15 years?
So this blog may be opening like the “too good to be true” pitch of a Nigerian spammer. The reality is, the opportunity is real!
So let me explain, on Friday evening I spoke in Trinity on “Cyber Privacy” with the Data Protection Commissioner as guests of the Digital Rights Forum. During the debate I mentioned, the concept of Ireland being a “Cloud Data Haven” and I have received quite a few queries for clarification and further details. Hopefully this blog will expand on the concept and maybe even fuel the idea!
Last October in my blog “Look to the Cloud for Ireland’s Future” I listed a number of ideas I had put forward to the Government. The first point was in relation to the “operating environment” for cloud based
This was followed up at the ICTTF Cloud Security GRC event in December with a presentation titled “Ireland’s Opportunities in the Cloud”
Video Ref: http://youtu.be/18PK5ahZMj0
So what did I mean?
I believe Ireland just create the worlds first Cloud Compliance Haven”!
What is a Cloud Compliance Haven?
Ok, firstly let me explain the problem.
All data stored on the internet is subject to certain laws, regulations and business requirements depending on many factors including the type of data and how it was obtained. The reality is, there are over 400 different data security standards around the world, which comprise of over 10,000 overlapping and often conflicting controls.
This is a massive challenge and overhead for businesses. To put it in perspective one such standard brought in after the Enron affair is called Sarbanes Oxley (SOX Compliance) and affects companies listed on the US Stock Exchange. Analysts estimate that the cost of complying with just this one standard could be as high as 1% of turnover. Remember most companies have to comply with scores of standards.
Now take into consideration that such companies wish to trade globally and have to comply with local regional laws and regulations that often conflict with over arching compliance regulations.
Fact: Every organisation in the world has to comply with some form of data security standards.
Fact: Every commercial company in the world will transition to cloud based technology.
So this compliance thing is a costly headache?
Not just a headache, Directors can be sent to jail if they do not fully comply with certain laws and regulations not to mention the eye watering fines for breaches.
So now let me explain what I mean by a “Cloud Compliance Haven”. A cloud compliance haven would be a territory that organisations can operate from in a harmonised compliance environment.
There is still lot’s of confusion about which laws take priority over data and which regulations apply. My idea is that Ireland can become a harmonised environment for companies to operate from. This is possible and we could create an environment very attractive for all cloud based companies as we significantly reduce the costs associated with meeting compliance.
Let me give you an example. After 9-11 Bush brought in the US Patriot Act. This US Law effectively makes it very easy for law enforcement in the US to “access” data. It has scared many companies from outside into not choosing to use US based companies. With recent attacks from groups such as Anonymous and Lulzsec we saw “collateral damage” as US Federal Agents seized equipment from data centres.
I have used phrases like “Ireland needs to pick a fight with the US over the Patriot Act”, let me explain the purpose behind my inflammatory remarks. Perception is reality and companies want to know their data will not be “handed over” to a foreign nation upon request of a low level federal agent.
There is an opportunity for Ireland to honour the providence of the data and of course cooperate with international law enforcement but inline with our own stringent procedures. In other words not a blanket NO but certainly NOT a blanket YES. If the data is hosted in Ireland it should be protected and subject to Irish law including any international lawful interception requests for the benefit of society. At the moment, any company operating in Ireland (or Europe) that has an US parent company must hand over any data requested by the US Feds.
Let me give you another example. The EU has very good privacy legislation and it is enumerated in the Human Rights Act. Did you know it is illegal for any of this data to be sent to the US without special procedure being in place? The US is on a “black list” of countries for data exchange. However, countries such as Bolivia are on a “white list”.
So this compliance issue is a two way street between the US and Europe.
So now imagine being able to use the services of a hosting company or CSP that automatically ticked the compliances boxes. An environment supported by local legislation and resources that helped transition cloud based service providers into the “Compliance Haven”.
What it is NOT!
It is NOT a data haven with no rules or enforcement. It is the opposite!
So Why is Ireland Suited to Implement The World’s First Cloud Compliance Haven?
Many reasons and I have touched upon a lot of them in previous postings.
So what’s this about guaranteed returns for 15 years?
The major ICT players in the world know the cloud is the future. They are investing billions in developing and acquiring intellectual property in the cloud. They all want to own it! or at least the patent on an essential cog or two! Part of my International work includes working with these companies and developing appropriate strategies. I have spent the last 12 months flying around the globe visiting locations to be used for significant part of the global “Cloud Infrastructure”. Massive $200+m investments. Any related contracts, reflect the commitment these companies have to the cloud and are generally in the region of 15 years.
In assessing the security of these entities, it becomes very transparent that there is usually just one or two factors behind the reasons these companies selected to build their data centres in these locations. It is always apparent to this Irish man that if the “Cloud Compliance Haven” were a reality, it would be a no brainer for Ireland to get this business.
So How do we build a “Cloud Compliance Haven”?
I would be glad to help. Take this blog as an open letter to anyone interested in pursuing this goal.
Feel free to add your thoughts and comments to the blog.