Is the tech industry scaring off cloud customers?

Who, in the face of complicated global jurisdictional stand-offs, secret trade negotiations, invalidated international agreements and an endless stream of hackings, could blame businesses for deciding the cloud is too scary and too hard? 

It might be ok for your music playlists, but wide-scale business adoption? No way.

Anyone doing due diligence on moving their business data into the cloud in the past month would no doubt have noticed all these screaming headlines.

First, Microsoft goes to court hoping it will be third-time lucky in its efforts to prevent US law enforcement from forcing it to give the personal data of a foreign citizen it is storing on an Irish server to US domestic investigators.

As Microsoft’s own lawyer so colorfully put it: "we would go crazy if China did this to us".

The US court's decision is being keenly watched by many other countries in the world, based on the effect it will have on traditional geographic borders.

Then, last week some of Australia’s biggest retailers and one of the most respected telcos in the world revealed personal customer information had been hacked.

And, just days later, the European courts declared a data transfer agreement between the EU and the US invalid because the US cannot meet the necessary standards for privacy protection.

This, just after Australia, the US and 10 other Pacific countries declare a deal for a secret trade agreement that removes the requirement for data be kept within the jurisdictions of the member states complete.

And it’s not like any of these issues are new. Debate about the reach and appropriateness of the US Patriot Act, for example, raged for years.

Presented with all these risks by their CIO, who could blame a CEO or board for keeping their data safely in a server in a cupboard in the back of the office?

But the truth is, that approach is the equivalent of keeping cash stuffed under the mattress, hoping the family chihuahua provides security.

The promise of the cloud is the possibility of business and social transformation: truly scalable, agile, efficient, environmentally sound computing services for now, and future capabilities like the internet of things.

The industry has spent plenty of time proselytising the benefits, but has been too quick to wave away the reality that issues of safety, national security, privacy, tax fairness and law enforcement would inevitably arise and need to be addressed in a balanced way.

It is no longer sustainable.

US companies that blithely dismissed concerns about the Patriot Act as a beat-up now find themselves in court alongside Microsoft trying to stop US law enforcement reaching into their servers around the world. How can they reconcile that dichotomy when asked by their customers?

Cloud has now reached a level of maturity where these issues will become more common before they are resolved.

The industry needs to face up to this and step up. It needs to act in the interests of customers by providing greater choice, transparency and disclosure.

The events of the past month underline the soundness of the advice of the Australian Signals Directorate to guide government agencies when they go through the process of deciding what cloud service to use.

The first question to ask is where the data is going to be stored. If it is overseas, what are the laws that apply in that jurisdiction around privacy and breaches, and how easy is it to seek redress in the event of a problem?

People are pretty good at matching their appetite for risk against the products on offer when they have sufficient information to make an informed choice.

Few people are so risk averse that they keep their money under the bed, but they have the awareness to choose where to invest their dollars because of information the investment advice industry is required by law to provide.

The cloud industry cannot wait for regulation.

It should start by offering products that either guarantee to keep data onshore (or at least the option to), and provide clear guidance about where data will go if it is sent offshore, and what laws will apply. Transparency from vendors is key.

Waving away concerns about the location of data as something people should “get over” is no longer good enough.

Leadership means signing on to breach notification obligations, disclosing where data is kept, and offering a range of security features that adequately match the data protection needs of the users.

Aidan Tudehope is the managing director of hosting and government for cloud provider Macquarie Telecom