Cloud Computing, Data Privacy Rules, and Data Security
New data privacy regulations in both the EU and US could impose additional security management and privacy protection standards for cloud computing. And for IT managers at midsize firms the new rules could end up being a good thing.
Yes, the new rules will mean more work for IT, in learning and applying them. And no one really likes having to follow regulations imposed from outside. But especially when it comes to the cloud, the privacy that firms will be called on to protect could include their own.
As Ellen Messmer reports at InfoWorld, expanded data privacy protections are on their way from the European Union (EU), and in the US as well. And the impact of these new rules will be felt particularly in cloud computing.
Currently Europe still operates under a welter of national regulations, based on general EU guidelines developed some years ago. A new set of unified rules was developed and released this year, though it may be a couple of years more before they become law. These new European rules will reaffirm an established trend: European data privacy standards are considerably stronger and more consumer-oriented than in the United States.
This could be bad news for marketers, restricting "behavioral targeting." But for IT, a single set of rules simplifies compliance.
And--especially in the wake of the 2012 election results--new and more privacy-oriented standards could come to the US as well. One important cloud privacy and security measure is already scheduled to take effect. Cloud service providers serving federal agencies will have to demonstrate that they meet standards set by the CloudRAMP program.
Cloud Privacy in the Mirror
For the IT community at midsize firms, regulatory compliance can have an upside as well as a downside. They have to be complied with. But they often codify industry best practice or at least set a known baseline for what needs to be done.
And for midsize firms that have gone into the cloud, or are thinking of doing so, there is something else to think about. Storing data in the cloud is, by definition, allowing it off the company premises. Even a private cloud amounts to a (virtually) reserved area in the cloud vendor's data centers.
Which means that the data protected by the new EU and US data privacy rules could be your own, or at least your company's. New rules for cloud vendors mean new protections for cloud customers. Which is something for IT managers at midsize firms to think about.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.