SaaS

April 07, 2009

Patriot Act vs. EU Data Protection Directive: regulatory death-match in the Cloud

Rwatson_biopic Blogger: Richard Watson

I spent part of last week speaking to European clients about cloud and SaaS.  There's a real thirst here for a conversation about the challenges and risks of cloud and SaaS, free from hype and hysteria.  The architects and executives I spoke to are already fatigued with "SaaS and cloud being pushed non-stop by vendors and analysts" (sic). 

One universal concern about hosting data in external clouds is data privacy.  Heretofore, concerns of EU companies included the fact that storing personal data in "third countries" violated the EU's Data Protection Act.    Of far more of concern now is that local data regulations in the provider's jurisdiction (especially the US Patriot Act), could be prioritized over international Safe Harbor arrangements designed to broker the local and guest privacy regulations.

I think these fears are justified and the recent clarification by the European Commission in its "Frequently asked questions relating to transfers of personal data from the EU/EEA to third countries" does little to allay that substantive fear.   The EU confirmation does indeed clarify which "third countries" have adequate standards to comply with the EU Data Protection Act, thus opening the door for EU data to be stored in (you won't need two hands to count them) the US (with Safe Harbor), Switzerland, Canada, Argentina, Jersey, Guernsey and the Isle of Man.  US companies that have signed safe harbor agreements (including Amazon, Google, Microsoft, and IBM) are bound to comply with European data protection standards, but the relative prioritization with the Patriot Act has never been explicitly tested in court.  Therein lies the problem.  Could you risk your customers' data as the test case?

SafeHarborLogoCLoud

This interesting study by Galexia challenges the effectiveness of the compromise of Safe Harbor agreement. 

A further grey area that was raised at our cloud sessions was whether "strategic US business interests" might also be prioritized over Safe Harbor agreements.  I pointed out that an even more concrete concern should be accidental data leakage and inappropriate use through either carelessness or malpractice of providers' employees, not to mention poor isolation practices.  These issues are well-documented in Eric Maiwald's (subscriber only) "Considerations for Risk Management When Choosing Software as a Service".

The Cybersecurity Act of 2009 recently introduced in the US Senate gives European consumers more reasons to think twice before jumping into (especially private) cloud agreements with US based providers.  The measures in the Cybersecurity Act are at the same time potentially wide-reaching and vague, but include giving the US President a lot of power over the security of the Internet.

Despite the recent EU clarification, data privacy raises key questions for European cloud adopters.  How are the clouds looking over Canada ... or Switzerland?

Posted by at 02:12 PM in cloud, Richard Watson, SaaS | | Comments (2) | TrackBack (0)

|

April 06, 2009

Gearing up for Catalyst: San Diego, July 27-31

Blogger: Anne Thomas Manes

643

Wow. It's April already. Less than 3 months to Catalyst.

We've been sorting through the plethora of submitted proposals, and we've just about finalized the schedule for event. I'm sorry to report, though, that two of my favorite end-user case studies had to withdraw their submissions last week. Therefore I still have 2 open slots. If you have a great story to tell about SOA or business value metrics, I am once again accepting proposals for these two tracks. (Please send me an email: amanes AT burtongroup DOT com.)

All in all, I'm very excited about the schedule. We have 3 great cases studies lined up on SOA, and 2 for business value metrics. I'm also really excited about the line-up we have planned on Cloud Computing and SaaS. It's a conference you can't afford to miss. Check out the full agenda. Also check out the workshops. I'll be reprising my REST Easy workshop.

By the way, we have a super secret discount available to readers of this blog. We have place a couple of Easter Eggs on the Catalyst Web Site. You can reveal the discount code two ways:

  • Hover (but don't click) over the "San Diego" icon for 20 seconds
  • Click and hold on the Catalyst logo and then drag your mouse off and release  

Posted by at 02:39 PM in Anne Thomas Manes, burtongroupcatalyst09, cloud, SaaS, SOA | | Comments (0) | TrackBack (0)

|

January 14, 2009

This XaaS stuff is great, but, wait, what's the catch?

jmorgenthal_biopic Blogger: JP Morgenthal

It's really difficult to be objective about XaaS when it seems that no matter what technical argument you can make against it is ultimately trumped by cost.  Yet, look at the success of companies like NetSuite and Salesforce.com; how can you argue against the model with so many customers reaping value?

It's probably unfair to lump all "as-a-Service" offerings together in this way given that each has pros and cons that are distinct.  But, I've discussed the concept of business having a Neanderthal brain, and XaaS is a great example of that brain at work.  Great technical positions regarding trust, data ownership, availability issues are responded to with the equivalent of "I'm rubber, you're glue, anything you say bounces off of me and sticks to you!"  Even worse is the vendors playing the parental role in this childish repertoire scolding the technologists for even raising these issues; admonishing them for restraining progress and being blind to the eventuality of life in the cloud. The hard-sell, if ever I've heard one.

The good news is that none of the technical arguments cannot be overcome.  Indeed, most of them can be handled through service-level agreements, legal contracts and the rise of domain-specific XaaS environments.  Still, I believe, the ardent pushback to raising technical issues stems from the fact that XaaS providers have yet to solidify the business models underlying XaaS and fear rejections at this point that may shut off avenues of funding before they even get a chance to figure out how to deliver value and protect the consumer all at a reasonable cost factor that still delivers profitability.

In this CNet piece, "The cost of cloud adoption", the author does a great job of explaining the misconceptions regarding the underlying accounting principles of XaaS, without losing the value for business or the impact of running a large data center.  But, this blog posting applies primarily to IaaS (Infrastructure) more than PaaS (Platform) or SaaS (Software).  However, buying compute time is not a new concept.  It used to be the only way businesses could afford to own a computer.  Now, it's a realization that the cost of running a data center for even slightly above average utilization is not cost-effective.  Moreover, the ability to scale on demand is very useful in shops that see spikes related to specific business-oriented milestones, e.g. end of month reporting.

So, where's the catch?  Personally, I practically live out in the cloud now.  I can set up shop at pretty much any computer and get to my email, feeds (e.g. RSS, Twitter, etc.), social networks, instant messaging and business documents.  With the exception of my business documents, which are hosted by my company, I realize that I don't pay anything for all the other services; they are supported primarily by advertising revenue or venture funding.  In a recent dialogue with another analyst we both admitted, if these companies needed to charge to survive, would we pay for these services?  Both of us admitted we would not.  I suppose that means that I would revert to using desktop client applications and Microsoft Outlook as the primary means of communication.  Sadly, if this did occur, I believe many recently rekindled friendships on Facebook would once again dissipate; collateral damage of a bad economy.

While there is a major difference between my personal life in the clouds and business in the cloud, I do believe the one attribute they share is the response to failure by XaaS providers ability to thrive.  As I would be returned to using traditional desktop-oriented applications that I pay for once versus pay-by-use or pay-by-subscription, so would organizations that have made bets on the cloud be returned to alternative means of delivering IT functions.  This does not have to be devastating, but it certainly can be disruptive and, for some, terminal.  While fiscal responsibility is important to the lifeblood of business, betting on XaaS to save money now may mean paying more money in the future as you need to be rescued from a failing platform.

As my Uncle Louie liked to say, "There's no such thing as a free lunch ... unless you pull it out of the garbage can." ;-)

Posted by at 09:18 AM in cloud, laaS, PaaS, SaaS | | Comments (4) | TrackBack (0)

|

  • Burton Group Free Resources Stay Connected Stay Connected Stay Connected Stay Connected

Categories



Archives

More...

About

Blog powered by Typepad