A recent article on ReadWriteWeb reminded me of one of the more annoying sources of noise about cloud computing – the double standards of US government agencies and companies around cloud data residency. On the one hand US government agencies complain that other countries are discriminating against its cloud service providers by raising legitimate concerns about data privacy in the US, while at the same time as making Google create special government clouds which keep all data in the US.
In a similar vein, US-based cloud providers (such as Microsoft and Google) claim that data residency is not an issue when talking to customers in other countries. When they talk to US customers, however, it is a very different story. Their sales pitch is based around the customer not having to worry about data residency because all of their services are hosted in the US.
At the root of this double standard are the legitimate concerns of cloud customers around US national security legislation, and weak US privacy law, which means that they would prefer locally based providers, or providers in countries which have appropriate levels of legal protection. The US, on the other hand, pursues a purely self-interested agenda around US economic interests.
This is a bigger issue for smaller countries, such as New Zealand, which are unlikely to have major cloud hosting facilities present. The benefits of cloud computing are such that potential customers in these countries really do want to take advantage of cloud computing, but these concerns are holding them back. Until these issues are addressed, either these potential customers will lag in their adoption of cloud services, or they will be faced with the costs of additional security controls.