Cloud computing and location of data

Disclaimer: I'm not a lawyer so this is not legal advice, and these views do not represent my employer's views either.

One of the big elephants in the room with cloud computing is the location of data. People are naturally worried about whether their data is accessible by others or not. Some providers will tell you the location of the data, some will not. There are also the issues of the Patriot Act and safe harbour when interaction with technology providers across the Atlantic.

The Patriot Act requires a US based corporation to hand over data to the government and they do not have to disclose it to the end customer either if they are service provider. As far as I can understand you are not protected any further even if the data is in the EU or another region. The defining requirement is whether they are a US based company.

One thing that is mentioned often is safe harbour. Basically what safe harbour means is that the US based provider will adhere to the same standards as the EU requires. This is because US data protection is basically non-existent. The safe harbour provisions does NOT mean your data will reside in the EU, it just means that it will be protected to the same standard as the EU.


Of course none of this matters if you work for a global corporation headquartered in the USA anyway as then you are required to hand data over to the government if requested under the Patriot Act as I read it. The difference is, whether you know whether the government is accessing your data. The government could request your data from you, but may not need to if they go to your cloud supplier who is also a US based corporation.

It is common sense that if you have sensitive data that you encrypt it, whether you store it in the cloud or on premises. This is especially important for data such as customer or employee data that would cause damage - either real financial loss or damage to reputation.

I believe that there will be a rise in cloud encryption services e.g. GPG type plugins for Gmail. Already Amazon has a service for S3 called Server-Side Encryption. With this service you give your private keys to Amazon to seamlessly encrypt/decrypt data on the fly. However what this means is that Amazon could give your encrypted data to the US government without your knowledge even the Patriot Act. As such in my mind the only reason that anybody would use this would be for low value data and I would not consider an encryption service for email where the vendor controls the private keys.

One aspect that people do often overlook is not so much government regulations, but their own rules. What do your customer policies say, and what do your own staff policies say. For example your HR policy may say that all personnel data will be stored in UK, or your customer terms and conditions might say that all data will be stored in the EU. Many cloud services might not be based in the EU and there are very, very few in the UK. There can also be obscure regulations specific to your industry e.g. in a previous role the code master had to be in the UK as cryptographic code was considered a weapon and needed an export license.

It should be noted that complying with privacy regulations by storing data in the EU does not mean that it cannot be taken under the Patriot Act. In these cases it is assumed that the US Government is the evil one, but I have no less reason to suspect that the UK or any other government is any less nefarious.

My conclusion is that it is safe to store data in the cloud if a company adheres to safe harbour, and is probably better than most companies own data protection. If however you are worried about your data falling into government hands then you need to look into it very carefully. The only really safe way to protect your data from governments is to encrypt your data in the cloud with your own encryption keys.

Useful reference articles:
ZDNet Article: How the USA Patriot Act can be used to access EU data
Wikipedia article on the Patriot Act
Wikipedia article on safe harbor
Ars Technica article on Patriot Act and cloud providers

Future of mobile apps

Interesting article about HTML5 being the future of apps on mobile. Having worked in the smartphone industry I totally agree. Just like not many apps are used on the PC / Mac anymore but mostly web browser I believe the same thing will happen on tablet / smartphone.

The key obstacle to PC moving to web was the horsepower and fast links. If you think about the smartphone and mobile networks you could consider them to be like the PC and dialup internet 5 years ago. Given Moores law and 4G networks the mobile will go the same way I believe.

The other key part is offline storage in HTML5 so that applications can retain data/state. Already the financial times have switched to HTML5 based app so that they can avoid the 'Apple Tax'

Slides from Cloud Computing World Forum

My slides from Cloud Computing World Forum today are up at http://www.next-genit.co.uk/events-1

It was a good event and some pretty good speakers in general and lots of interesting and smart people around. If you're in London it's still on tomorrow.

Slides from today's presentation

My slides "Evolution of cloud computing" from today are up at http://www.next-genit.co.uk/events-1

It was a great little summit over in Newport, Wales - thanks to the organisers.

Why the Google Chromebook will succeed

I'm excited about the Google Chromebook and I believe it will do very well. Not 80% market share well, but perhaps around 20% and Apple seems to do very well with a similar market share.

Why do I think this is a game changer? Isn't a notebook that only works on the Internet doomed?

I don't think so for a few reasons. Firstly it will work offline. Google Docs will be working offline soon. The operating system (ChromeOS) will also store files locally. This includes things like Google Music and I'm sure others such as Spotify/DropBox will add support once it becomes popular.

Secondly it will work seamlessly with Google Mail/Google Apps. More and more organisations and individuals are going down this path and remember all those people with Android phones (now #1 smartphone) also have a Google account. So now you'll have a notebook with optional 3G that you can use for email, docs etc even offline. I often use my Android phone instead of my iPad or Mac or PC already when travelling as it just works so much nicer. I'm also at a point where with the combination of DropBox and Google Apps/Mail I can easily switch machines when I want and I'm sure more people will head down this route in the future.

For both companies and individuals these combinations of things will drive down the cost. For businesses these are machines that don't need to be managed very much at all, and for individuals the notebook will keep working without being touched.

Citrix and VMWare are also supporting virtual desktops on Google Chromebook so this will work very well for businesses that haven't yet converted everything to the browser (which is the best strategy).

And of course there is the 8 second boot so you can play Angry Birds quickly.

As a postscript ff you want to come to work for a cool media company that uses this sort of technology then have a look here.

Motorola Atrix and Motorola Xoom thughts

I had a quick play today with the Motorola Xoom (iPad competitor) and Motorola Atrix (smartphone that doubles up as a netbook).

I must say that I was impressed with both of them, although the Xoom was the more impressive of the two. The Xoom seems a credible competitor to the iPad and the Honeycomb version of Android looks very polished and works on tablets well. The speed of it seemed faster than the original iPad and around the same as the iPad 2. All the software on it that I used seemed quite nice. I did like the ability to customise the home screens more than on the Apple.

Of course the key to the success for many people will be what apps come out for it. I personally believe in 5 years that apps for cellphones will be irrelevant, just like they are on a PC today as mobile platforms and web browsers become more powerful. That still leaves a few years in between though. The other key to success will be whether the battery lasts like the iPad and I couldn't test this.

The Motrola Atrix is a device that also docks to your TV and a netbook type thing. The TV side seems to just work but was quite surprised to find that it was only 480p. The king in the multimedia/goog video area still seems to be the Nokia N8. (I could write a whole post on Android vs Symbian and may yet do so..). As an Android phone it just seems like any other Android phone to be honest.

The netbook side of thing only makes sense to me if you don't have a separate device already so probably appeals to the developing world, except it will be far too expensive.

To see comprehensive reviews look at the Ars Technica review of the Xoom here and the Atrix here.

Amazon move deeply into PaaS

Amazon have announced today Elastic Beanstalk.

I have been wondering how long until Amazon do PaaS in depth and now they have. As a techie, I like their approach too. You can either leave it just as a service that runs your applications e.g. Java or you can tune each individual component.

Amazon are continuing to go up the stack and this is probably enough to convince more people to use them now.