A red tape-wrapped rant at Europe's flawed cloud thinking

I was interested to see Thierry Breton, CEO of Atos and a former French government  IT minister, use the VMworld conference in Barcelona to back the European Commission's controversial plans for a pan-European Cloud strategy.

It's a topic that Phil Wainewright will be touching on this week following the Euro Cloud gathering in Luxembourg.

As regular readers will know, I'm incredibly sceptical about the value of these efforts from the Commission, fearing as I do that the ongoing PRISM scandal is being exploited to support a political agenda in Europe.

Breton however reckons:

“We believe as Europeans that it is time to build a single market for Cloud. We are trying to adopt the same regulation across Europe. It is not about protectionism – it is the exact opposite.”

On that last point, he and I must beg to differ, I'm afraid.

But it is worth looking a bit closer at what the Commission actually means by 'secure Cloud Computing' given that it's the data privacy and security concerns that are being bandied around as one of the main justifications for needing to put a European Cloud policy in place.

That's the subject of a new briefing note from the Commission's Digital Agenda unit which is driving the push for the proposed legislative changes.

I'm going to quote selectively (and yes, opportunistically) from a longer document, so it's worth reading the whole thing.

But these are the (sorry) highlights for me.

Brace yourselves

Here we go.

PRISM is immediately cited as a potential threat to cloud adoption rates in Europe, but the briefing note goes on at once to argue that this problem can be turned into:

a Europe-wide opportunity: for companies operating in Europe to offer the trusted cloud services that more and more users are demanding globally.

But it insists:

The Commission is strongly against a “Fortress Europe” approach to cloud computing. We need instead a single market for cloud computing…The fundamental principle at stake is the need to look beyond borders when it comes to cloud computing. Separate initiatives or a Fortress Europe approach is not going to work.

OK, on that point I find myself in complete agreement. Good start. Make the most of it - I suspect it's not going to last. Equally I suspect you don't really mean that bit about Fortress Europe. But let's move on for now.

Back to PRISM and what the Commission regards as the two main issues to be addressed:

Firstly, a reluctance to use cloud computing by European citizens, businesses and public administrations. Users already had some reservations over security and confidentiality of information in the cloud; but PRISM aggravated this situation. Trust in cloud computing is suffering, which risks depressing the rate of cloud uptake and Europe lagging behind in cloud computing adoption.

Hmmm, armageddon pedling gets off to a good start. Carry on:

Secondly, the revelations on PRISM have led to calls for national or regional cloud computing initiatives. Such fragmentation or segmentation of the cloud computing market along national or regional lines could unfortunately hold back the development of cloud computing in Europe. National or regional computer provisioning is the traditional position for most national administrations and there are national rules that prevent some specific kinds of data (in particular public sector data) from being transferred across borders, even inside the EU.

However, national level initiatives in particular where the software systems are adapted to local circumstances will not achieve a scale of roll out that would unlock the full economic benefits of cloud computing. A larger market will increase competition and value for money, and reduce costs. It would also open up new opportunities for European cloud providers, which are at the moment far from being market leaders. A fragmented market for cloud computing will be a set-back for the digital single market, for a connected continent, and  for customers and suppliers alike.

Ah, we're on some familiar territory here. This is a variation on the rather patronising dismissal of national government cloud computing strategies, such as the UK's G-Cloud, which we heard from Digital Agenda Commissioner Neelie Kroes earlier in the year when she first clambered on the PRISM bandwagon.

Needless to say I reject this as nonsense. The notion that national strategies can't work as well just because they haven't  been passed through a series of committees in Brussels is a manifestation of a troubling Eurocratic centralist push.

As it publishes its fourth supplier framework, G-Cloud is working perfectly well. It suits the UK market, it's doing a good job and it's not transgressing any existing European legislation. There's much still to be done, but the Government Digital Service knows that.

So leave them alone to get on with it!

Moving on

I'm getting irritated now, so let's move on:

The potential economies of scale of a truly-functioning EU-wide single market for cloud computing where the barriers to free data flow around the EU are substantially reduced would be a massive boost to competitiveness. That is why Europe must establish a fully functioning internal market for cloud computing.

Well, OK, fine. All fine in theory, nothing much to disagree with there. Go on:

Finally, a wide adoption of cloud computing by the public sector would drive cloud adoption since the public sector is the largest IT procurer in Europe it can set the right framework for Europe's cloud business to get ahead That is why Public Sector in Europe should positions itself as an early adopter of cloud computing.

Well, exactly. And that's exactly why programmes like G-Cloud and the UK's Cloud First policy for central government departments are so important. And heaven alone knows how, but they've managed to put them in place without anyone regulating the process from Brussels. Who knew such things could even be possible without an edict from the Commission?!?

Now we're into wider trust issues and what is now articulated as the Commission's ambition to create the world’s most secure and trusted region for cloud computing:

To restore trust, more transparency on government access to data, for example, for reasons of law enforcement and national security is needed, including commitments on what constitutes legitimate government access to data and transparency about what access requests have been made. This is not to deny that intelligence and security services have a legitimate need for such access to defend society, it is merely to lay out a governance framework for such access, particularly where it is cross-border.

OK, sounds reasonable enough, but here comes the centralism sting to follow through:

We have to look beyond borders when it comes to cloud computing. Separate initiatives or a Fortress Europe approach is not going to work...We need to think across borders if we are to prevent fragmentation of the market and avoid the need for regulatory reform of the cloud industry as we have recently proposed for telecoms.

This has to be a combined effort. The adoption of secure cloud services in Europe is not going to happen overnight through independent actions undertaken by individual stakeholders…member States and the private sector should work together to share their own best-of-breed solutions. The European Cloud Platform is a platform for this.

Road to hell

Oh, we're just never going to agree on this, are we? I'll leave it to Phil to go into more detail about his thoughts on all this and content myself with repeating my fear that this road to hell may well be paved with good intentions, but it's still a road to hell.

By all means set some common expectations and some 'hands off' guidlines but within those, let the national governments get on with the job in a way that best suits the mass adoption of cloud computing in their borders.

Start micro-managing, start laying down the law in pursuit of Euro-conformity and the end result will be lack of investment in Europe by US providers who are still the main force in the cloud industry no matter how long and hard vested interests in Brussels gripe about a basic market realities.

If it's easier to invest in AsiaPac than it is in mainland Europe, what do you think is going to happen?

There's a real danger of two speed global cloud market here: the US and other investment-friendly regions and Europe, skulking behind lowest common denominator draconian regulations and trying to jury-rig a cloud economy by making it difficult for outsiders.

Still, it will look awfully pretty once its wrapped up in all that red tape.