Security and privacy considerations represent a global caution to cloud adoption. The Cloud Security Alliance (CSA) leads and contributes internationally to communities and governments, establishing security principles, best practices and frameworks that help secure the cloud eco-system. The CSA Canadian Chapter has been formed to address Canada’s unique security and privacy considerations, leading to the realization of innovation and economic benefits.

EU in the cloud

The September 2012 European Commission Report on Unleashing the Potential of Cloud Computing in Europe highlighted the significant economic business case for cloud computing. They anticipate an overall positive cumulative impact on GDP of €957 billion and 3.8 million jobs by 2020.

The EU also recognized that security and privacy considerations are a major concern, addressing these risks with the creation of activities such as ENISA (European Union Agency for Information and Network Security), whose many guides help foster appropriate secured cloud usage.

"Forming the Canadian Chapter of the Cloud Security Alliance helps clarify and accelerate secured cloud computing approaches and frameworks for Canada, while promoting a secure and privacy-respecting cloud eco-system that will ultimately benefit all Canadians."

Europe has initiated a funding program to stimulate adoption of cloud computing under the EuroCloud umbrella. The program’s goal is to establish cloud computing as an economic advantage for the region.

UK in the cloud

In 2009, the UK Government G-Cloud CloudStore Catalog was announced, to ease provisioning for the “Digital Britain”. The 662 initial expressions of interest became 458 catalog listings by November 2012. The less than £5 million initiative has realized an estimated £340 million in savings by March 2013. In 2014 the CloudStore catalog contains over 13000 services from over 1200 suppliers.

The UK also realizes the importance of security, privacy and trust. The CESG (National Technical Authority for Information Assurance) developed frameworks and certifications based upon ISO/IEC 27000 Information Security Management Systems.

USA in the cloud

In the United States, Cloud First was initiated in 2010 from the White House CIOs office to save money, as well as improve agility, innovation, and time-to-market. A major consideration was the optimization of IT resources consumed by the U.S. government.

The policy has touted $5 billion in savings per year (7 percent of IT costs), not to mention significantly lower energy consumption. Savings continue to rise, enabling more innovation and trust in the cloud ecosystem. The Federal Risk and Authorization Management Program (FedRAMP) was created as a means to expedite qualification of cloud suppliers. Although it has had challenges regarding the speed and complexity of obtaining accreditation, it is still considered the leading example of such a government program. The 25-point plan included under Cloud First identified several security considerations, which the National Institute of Standards and Technology (NIST) is addressing by maturing cloud security practices, largely based on the CSA models, guides, and matrices.

Australia in the cloud

Australia has been very active in cloud computing for over five years. This includes the tremendous networking and infrastructure development and governments establishing appropriate cloud policies. The major cloud services providers now host solutions in Australia. The Australian Government has a Strategic Direction Paper outlining cloud computing policies, where the Australia Department of Finance and Deregulation encourages and fosters appropriate cloud deployment.

Canada in the cloud

Outside of Canada, cloud adoption has continued to accelerate; cost savings are now secondary to innovation, openness, and interoperability of the cloud.

In Canada, security is generally perceived as the largest inhibitor to cloud adoption. Other concerns relate to the U.S. Patriot Act and data sovereignty considerations.

"In reality, the cloud ecosystem now offers secure, cost-effectie solutions that can directly impact the Canadian economy"

Canadian federal government and several of Canada’s provinces adopted strict policies prohibiting export of personally identifiable information (PII) outside of Canadian borders. This reflects Canada’s relatively strong respect for citizen privacy.

Canada has tremendous opportunities. The privacy instruments developed in Canada by Ontario's Information and Privacy Commissioner Dr. Ann Cavoukian, and the Office of the Privacy Commissioner of Canada, are extremely well respected and used extensively internationally.

Looking ahead

The Canadian ICT (Information Communication Technology) industry is more risk adverse than its U.S. counterparts. As technology evolves, frameworks, tools, and solutions for security and privacy concerns become available — many of which are developed and offered right here in Canada. In reality, the cloud eco-system now offers secure, cost-effective solutions that can directly and indirectly impact the Canadian economy.

Some key questions below that are consistently raised:

How much positive economic impact would be realized in Canada with broad-based adoption of cloud services? Should Canada take a page out the EU book and quantify the benefits?

How can Canada leverage cloud computing to drive innovation and rejuvenate its technology sector? What role should the government play and what should the role of the Canadian private sector be?

What would a business case for creating a national cloud platform look like? Should it serve federal, provincial, and municipal government? Can it add value to small business in Canada by reducing barriers to adoption of more advanced, scalable and elastic IT technologies? Could it create a more secure environment for a community of critical infrastructure providers?

What government policy levers are most effective at protecting sensitive data and the Canadian public’s privacy? What policy climate will result in the greatest economic benefits for Canada?

How can the Cloud Security Alliance help?

Forming the Canadian Chapter of the Cloud Security Alliance helps clarify and accelerate secured cloud computing approaches and frameworks for Canada, while promoting a secure and privacy-respecting cloud eco-system that will ultimately benefit all Canadians.