It’s time to stop talking about ‘the cloud’ and wake up to sovereign realities, says Chris Middleton. What does this mean for UC&C in ‘the cloud’?
Some people still think of the cloud as a benign fog of code, up there in the ether, floating across national borders and somehow uniting all humanity. But the reality is ‘the cloud’ is built on land, primarily in the US, under national laws regarding data hosting, transfer, and security. Arguably, ‘the cloud’ was largely a myth concocted by American software companies in order to persuade you to place your data in the US – and pay for the privilege.
So it really is time to get real and stop saying, ‘My data’s in the cloud’ and start saying, ‘My data’s in an industrial park in Wisconsin’. When that moment of realisation takes place, the cloud debate will become more sensible and transparent, and businesses will begin asking the right strategic and operational questions about security, transparency, data transfer, and privacy.
The evidence is that people are starting to wake up and recognise sovereign realities, not least because of incoming European data regulations – how the Brexit might affect those is another matter – and because of the ongoing war of words between the EU and the US over data regulation.
In two years’ time, Europe’s General Data Protection Regulation (GDPR) will come into force, while the US Safe Harbor data transfer agreement ended last year. Most people agree that its replacement, Privacy Shield, isn’t working. In a recent blog entry, the Wall Street Journal says that these regulatory changes are persuading more and more companies that localised data is “a must”, with one commentator even describing the notion of centralised data in the cloud as “a nightmare”.
Storing your data locally rather than accessing it remotely in the cloud via an API call has other benefits, particularly in the age of big data analytics: having a connection to a local database is massively beneficial when it comes to interrogating that data and integrating it with other applications.
All of these points are particularly relevant to Unified Communications and Collaboration (UC&C), as organisations increasingly swap out their on-premise systems and move their comms into the cloud, with solutions coalescing around the business desire for enhanced enterprise collaboration.
So for any enterprise that is moving into the cloud just as some organisations are starting to wake up to the problems of hosted services, what can cloud UC vendors offer them by way of reassurance?
Donald McLaughlin is Director of Collaboration, UK & Ireland, for Cisco. He says: “People understand that there are significant security implications, and I think that there’s an obligation on all the cloud providers to recognise them and build our products to cater for that. The obligation we have as a large IT company is to make sure that we protect people’s investment, but also give them a journey to get there and make sure we get there as smoothly as possible.”
Peter Quinlan, Tata Communications’ Vice President of Product Strategy and Management, UCaaS Services, agrees that it’s “hugely important” to think about the real meaning of cloud hosting, transfer, and security, and its local – rather than global – implications.
“As the regulatory environment emerges country by country, it becomes even more important. It takes a lot of heavy infrastructure to keep the cloud ‘afloat’. The cloud is cables, it’s servers, it’s data centres. The cloud is actually a lot of technological infrastructure and it’s pretty complicated. So ultimately people are going to have to look for partners that can help them address those challenges. It’s not something that you can build on your own.”
Steve Kokinos, CEO of cloud UC&C specialist Fuze, adds: “IT people need to care about these things a lot. It’s about understanding quality, security, and data privacy. All of those things need to be addressed by the cloud provider, and by IT departments, at enterprise level. But from an end-user standpoint, they don’t care how any of it works, only that they’re getting the experience they want.”
The user experience is an important consideration once you start thinking about the cloud as hardware built on land rather than code floating in an imaginary ether. Tata’s Quinlan explains: “As organisations start to get into this game, they definitely do need help. It’s not just the regulatory perspective, but if they’re going to capture the return on their investment in collaboration, how do the applications perform? And do they give a suitable user experience, on a global basis, both inside and outside the company?
“It’s not something that you want to try to address as an enterprise on a standalone basis, because you’re increasingly connected into a global economy, supplier ecosystem, and customer ecosystem. But you’ve got partners and cloud applications to help you do it.”
As previously mentioned, the regulatory environment is increasingly complex too, as the standoff between the US and Europe continues over data regulation: evidence that the cloud data war is being fought on land, not in the air.
The US and Europe have very different ideas about data sovereignty, hosting, transfer, privacy, and security; Safe Harbor is legally unsafe, Europe’s GDPR is incoming, and the European Commission is forcing US providers onto the back foot over issues such as privacy and the Right to be Forgotten. Add into the mix the possible exit of the UK from Europe and the immediate future for IT leaders, data managers, and responsible owners is something of a nightmare.
Andrew Sinclair is General Manager, Skype for Business Product Marketing at Microsoft, a position that gives him oversight of both the business and consumer portfolio and the ways in which they’re coming together. He says: “This is a critical question. The cloud has reached a level of maturity where everyone really has to think about data sovereignty, security, and privacy. And for smaller companies, that’s a real challenge and the way we help is by building that into the infrastructure, that compliance – what I call the ‘alphabet soup’ of compliance, making sure we have data centres in the right places.
“We’re already giving our customers the ability to host their data and to locate their platform [in the right place]. It’s not just our collaboration suite that does this, but across Azure too. So as companies are building their own applications on Azure, you still have to think about compliance, data sovereignty, privacy, and security, and these things have to be part of a strategy and part of the culture of the company.”
Encryption is a part of this debate too, and it’s a political hot potato – in the UK, where the government is critical of it and IT suppliers have little choice but to comply with Whitehall’s surveillance plans, and in the US, where the FBI recently paid $1.4 million to a hacker to break the iPhone’s security.
However, it’s clear that most IT suppliers fundamentally disgree with surveillance programmes in which they find themselves in the front line of enforcement. In a sense, governments are not only declaring war on terrorists and abusers, but also on IT companies’ business models and product security.
As previously reported on UCInsight, if trade deal TTIP is approved, then it will add yet another dimension to the debate: the possibility of US technology companies suing the British government if they suffer financial loss or reputational damage by being forced to weaken the security of their products.
Many of those suppliers are now actively pushing customers towards encrypted services, suggesting that they’re only paying lip service to government aims. BlackBerry’s Priv phone puts encrypted comms into customers’ hands, German platform Tutanota allows end-to-end email encryption, and even hacker collective Anonymous has said it plans to launch a social platform that gathers no data about its users, putting complete transparency and power over private data back into users’ hands.
It would be foolish to dismiss any of these developments as irrelevant to the enterprise: the public is becoming increasingly aware that it has given away far too much in return for very little, when it comes to handing their data over to private companies (let alone the government).
But how will trends like this play out in the cloud and UC&C spaces?
Of the UK government’s surveillance plans, Microsoft’s Sinclair says: “That’s going to be very difficult for all involved. It’s going to be difficult for users, for the IT industry, and for government. And I don’t have the answer.
“We’re just going to have to see how this plays out. There will be a lot of consultation within the industry, with governments, and with users. We’re going to have to work out where the happy medium is. I certainly don’t know where it is. But my hope is that there’s a solution that works for everyone and we’ll iterate our way towards it.”
Tata’s Sinclair is equally nonplussed and diplomatic – as the IT sector often is when faced with ideologues and mandarins. He says: “It has yet to play out. We’re in the early days of this, in the trade-offs between liberty and security, but that’s inevitable in an organised society. You can set that needle in different places. And on that continuum, you will see societies making their own decisions based on their respective values.”
But a world in which Cisco might have to make its products less secure would be a nightmare for the company, wouldn’t it, not to mention for the infrastructure of the internet? Cisco’s McLaughlin remains upbeat. He says: “The technology’s mature enough that we’ll find a way around all these thorny issues over time. We have to understand what the issues might be and have a good dialogue with government to make sure that we can try to get round it.
“It’s about having a sensible dialogue to get the balance right, as there are so many benefits to be gained from cloud-based deployments of technology. […] That’s where all the innovation’s taking place, that’s where there’s a vibrant developer community, and a lot of extremely smart people. We will find a solution to these problems.”
This debate is at least revealing the fault-lines in ‘the cloud’ – or rather in the land-based battles that 20 years of marketing fog have helped to obscure – and just how deep they may become. Customer organisations can’t go it alone, say suppliers. And yet those same suppliers are manifestly in the dark about how to navigate the political complexities of the modern world they’ve helped to create.
The fantasy of ‘the cloud’ is at least beginning to dissipate, and we can finally see that it hid some stark realities about international land-based politics. Put another way: we’ve fallen back to earth with a resounding thump.
And now that the clouds are parting, IT leaders should teach themselves a new skill: stop saying ‘my data/apps/platform is in the cloud’, and start telling the truth. Say ‘my data’s in an industrial park in Wisconsin/Washington/California/Poland’ (or wherever it may be), and then ask yourself the sensible questions that naturally follow. Such as, ‘What does that mean for my business? For my data, and my ability to analyse it and integrate it? And for security, transparency, transfer, privacy, lock-in, and availability?’.
Only then will businesses get their heads out of ‘the cloud’ and start living in the real world.
Earlier versions of parts of this report were first published on Diginomica.