At the Enterprise Cloud Summit today at Interop, there were several examples given of constraints imposed by governments on where data and processes can reside. For example, Canadian government data cannot reside in the U.S. due to the Patriot Act. Similarly, the French government will not use Blackberry devices because at some point all emails route through the U.S. and also become visible to the Department of Homeland Security.
And it’s not just other countries. Even in the U.S. there are different constraints on NPPI (non-public personal information) at the state level. How can enterprises use cloud services where they have no control on the physical location of their data and processes in this patchwork of conflicting laws and regulations. Can a CIO risk regulatory or even criminal liability against their company in order to get the benefits of cloud computing?
It is possible that over time these constraints may seriously retard the growth of cloud computing on a global basis. At that point, is it possible that we may see a global treaty effort on cross-border privacy and infrastructure computing?