How will Europe address users’ trust in cloud computing?

13 August 2015

Author: OpenForum Europe

The latest data from Eurostat indicates that only one out of every five EU enterprises makes use of cloud computing services, despite the benefits of such services being widely underlined and the untapped potential of cloud computing being universally agreed.

Source: ETSI draft report “Identification of Cloud Computing users’ needs” (June 2015)

Several discrete barriers have been identified as impeding the desired further uptake of cloud computing. Ranking very high are security and privacy, followed by interoperability and portability. In less technical language, these high-ranking concerns directly impact the user’s trust. The user wants satisfactory answers to questions such as ‘Will my data remain private even after I move it to the cloud?’ or ‘Will I be able easily to retrieve data from the cloud service provider whenever I want, regardless of my reasons?’ or ‘Is it only myself who can access the data I stored in the cloud?

If services provided on the cloud are not trusted, it is most likely that the transition from on-premises to cloud hosting will not happen soon. To tackle these challenges, stakeholders have come up with different solutions which answer these problems to different degrees. Standards are being developed by industry in different settings to specify the acceptable way of implementing cloud computing solutions, Service Level Agreements (SLAs) are made available to clarify the expectations from the provider, and certifications are offered, in order to make it easier for the user to understand which cloud service provider is better suited for his needs, priorities and concerns when comparing the myriad of providers which exist out there.

Although standards are seen as able to positively address users’ concerns, the process of developing such standards is often challenging (which stakeholders should be involved?; what is the best timeline for a new standards to become available? etc.). Moreover, there are some issues which cannot be tackled with a new set of standards, and so for which an alternative solution has to be envisaged. In its report published in draft form for public comment this month, ETSI presents a useful identification of standards which are lacking as of speaking and which seem to be needed, e.g. “Security & Privacy Requirements specification”, “Negotiation for multiple providers”; and “Responding to SLA infringements”.

Besides standards, certification has also received a lot of attention since 2012. Although it seems that the majority of users (79%) agree that certification is a very useful way to improve confidence in cloud computing, it also seems that users are often not aware of different tools which enable them to find their way in the jungle of available certifications (e.g. the Cloud Certification Schemes List developed by ENISA). So they feel lost and discouraged, postponing that moment when they migrate to cloud. In addition, as appeared from a round table that we hosted in September last year, certification is not always a valid answer. OpenForum Academy’s follow-up White Paper underlines that sometimes certification is too costly for SMEs to use as a solution to gain users’ trust, and other times it risks being just a ‘rubber stamp’.

With the Commission’s public consultation coming in September 2015 (which will also cover the facilitation of cross-border data flow initiative), and with the plenary meeting of the Cloud Select Industry groups (Code of Conduct, Service Level Agreements, Certification) which should take place before the end of this year, there is still room for manoeuvre to improve the cloud computing environment in order to generate an increase in users’ trust and to ensure that this new digital technology is exponentially adopted.

* If you want to share your experience or opinion about how users’ trust should be addressed, feel encouraged to leave your comment below.