Data Sovereignty, Data Provider or Data Regulation

Before Cloud Computing implementing a system was easy as you always knew where your data resided so you could easily ensure that your requirements aligned with the relevant regulation. Over the last few years however this has started to blur as regulation has changed, not all elements (including encryption keys, back up or disaster recover etc) were located in the same jurisdiction and increasing interference by governmental bodies.  The last quarter has however seen even more challenges with different legislation launching.

  • On 25th May 2018 the EU GDPR regulation came into force which is designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
  • On 21 March 2018 President Donald Trump signed a $1.3 trillion government spending bill, which included the CLOUD Act.

The CLOUD Act is a far-reaching, privacy-upending piece of legislation that will:

  1. Enable foreign police to collect and wiretap people’s communications from U.S. companies, without obtaining a U.S. warrant.
  2. Allow foreign nations to demand personal data stored in the United States, without prior review by a judge.
  3. Allow the U.S. president to enter “executive agreements” that empower police in foreign nations that have weaker privacy laws than the United States to seize data in the United States while ignoring U.S. privacy laws.
  4. Allow foreign police to collect someone’s data without notifying them about it.
  5. Empower U.S. police to grab any data, regardless if it’s a U.S. person’s or not, no matter where it is stored.

Even though the Cloud Act offers bi lateral powers to both the United States and Foreign nations to demand personal data its also means that no data is free from scrutiny globally if it is from a  US company.

With all these changes and whatever will follow will enterprises resign to the fact that Cloud Data like AWS, Azure, Google Cloud etc can be assessed by the authorities without warrants or will a new bread of company emerge that is registered in the jurisdiction its data is in to prevent global data retrieval or will there be more focus on everyone holding their own private encryption keys?

Advertisements

Fail Fast but have an exit plan just in case you don’t

In our data and regulatory driven world Innovation may be an essential element to disrupt the marketplace however how many failures should you expect before you find that unicorn and how do you account for these failures?

As more and more products migrate to the internet with SAAS and Cloud offerings becoming the fastest way to Innovate and “test and learn” one of the most important considerations in addition to does the proposition “work” is how do you exit (even if it is a success). As most Cloud offerings use proprietary software its not always in the interest of the supplier to make the breakup easy with the hope that you persist with the trial and continue your adoption however depending on your industry the extraction and preservation of the data or transactions history is probably the biggest consideration to a swift exit.

Therefore in addition to considering your success criteria in 2017 why not add another step and plan your exit from day 1. Most products allow you to extract a certain level of data however if your usage exceeds the basic; a retrospective archive is extremely problematic once you pass this threshold. Knowing how you will exit will not only help you if you “fail fast” but it will help drive your operational support procedures if the Innovation is a success as you will always have the sufficient level of data to exit in the future.

exit

 

 

Is it time to ask, “Where exactly was my data stored” ?

Screen Shot 2015-10-07 at 13.35.23

As the urge to hoard becomes less and everyone becomes more comfortable using web services in the cloud to run applications and store data how confident are you as to where your data is and could it be viewed without your knowledge? Financial Services have always worried about which jurisdiction the hosting servers came under and whether they were covered under regulation plus enterprises are now beginning to ensure that there is data governance and ownership for all their data. However how often should you review this?

This week the European Court of Justice has ruled that the 15 year old deal between the US and Europe (The Safe Harbour Agreement) was invalid meaning that many Businesses will now be scrambling around to put replacement measures in place to ensure that correct privacy rights are in place plus asking “did we ever use a service that was covered by Safe Harbour in the last 15 years?”

Interestingly, the ruling was not brought about by a Business but an Austrian law student against Facebook following the Snowden NSA surveillance revelations. Does anyone really know when they download an App from Apple or Androids App Store where this data is being stored? Do organisations know where the live and DR servers are located for every cloud provider, hosting company or SAAS product just in case privacy laws change? Should we? As more and more technology moves to the cloud maybe providers will offer transparency as to where data is being stored so choices can be made however as IT becomes a Global commodity there certainly will not be data centres in ever jurisdiction on the planet any time soon so in the meantime just keep a note where you kept that data as you may need to review it sooner or later.

Digital Convergence is key but where is all our Data?

exit

Since the inception of the internet back in 1991 we have all been on a journey to digitise our lives. In the early days (Dial up started in 1992 in the UK) you could go off and make a cup of tea whilst your email downloaded however the transition from paper had started. Things got a lot faster in 2000 when broadband arrived however you were still very constrained by how much you could afford to spend on a PC and your knowledge of the Internet. Everything changed however over the next decade as numerous products launched e.g. iTunes, YouTube, MySpace, Facebook, Flickr, LinkedIn, Instagram to name but a few; hardware became immensely cheaper and thoughts of cybercrime didn’t even enter our minds. In the 15 years since it is unbelievable to think how far we have come and of course where it will go, however just a scary thought can you even count have many sites have you signed up for with a handful of email addresses and provided all of your personal details? (Hopefully you don’t use the same passwords for your Banking as you do on social sites). As technology both in the enterprise and the consumer space becomes cheaper and everything moves to the cloud it is extremely important to think about your data (especially what you are giving out, to whom and how you will get it deleted). As a greater number of the established players buy up competitors it does mean you are required to sign up for less to get greater coverage however that does mean they will all have more visibility of your data. Apart from the normal considerations when you sign up for a Cloud Service i.e. Usability, Security, Jurisdiction etc., I bet the one thing you do not consider is how can I leave (This is naturally what they hope for too as the more cloud services are used the harder it is to leave unless you have a plan from day 1 as the data becomes too intertwined to extract).
I have had a few instances recently where it has taken months to exit cloud providers due to data removal, plus some recent cyber events like the hacking of Ashley Madison have highlighted that even companies who charge to remove your data sometimes still don’t actually remove it. Therefore as we all move more and more of our data to the cloud don’t forget to keep your eye on your data so as “Digital Convergence” becomes the next buzz word you will know where everything is and have suitable plans to ensure you can close everything down before you migrate to bigger and better things. Your reputation may just depend on it.

The Era of the Personal Cloud

For years the enterprise has strived to obtain a “Single View of the Customer” however in the consumer space users have been satisfied having the majority of their data dispersed around the web.  From a personal finance perspective the rise of PFM offered the chance to view all of your finances in one place however until now due to the increase in cloud storage providers a consumer has had their personal information in various data centres around the world.  The need for change was reinforced last year at the Gartner Symposium/ITxpo 2013 in Orlando where one of their predictions was the forthcoming “era of the personal cloud”.

The push for more personal cloud technologies will lead to a shift toward services and away from devices. The type of device one has will be less important, as the personal cloud takes over some of the role that the device has traditionally had with multiple devices accessing the personal cloud” Gartner

This prediction may however be starting to come true.  This month a new Android Application was launched by CloudGOO which allows you to aggregate all of your storage under one roof.  This offering is not unlike other platforms however the USP compared to products like Jolicloud is that it attempts to combine all of your cloud storage under one roof.   CloudGOO allows you to see all of your cloud drives including Google Drive, OneDrive (previously SkyDrive), Dropbox, Box, SugarSync, and Amazon’s Cloud Drive. To get started you just connect your accounts and the app tells you how much storage you have available on each plus how much is already used in total. You can then fine-tune your settings to specify which file types (e.g. photos, videos, documents, etc.) you want to back up, and whether those files should be backed only over Wi-Fi.  Based on this information you can even allow CloudGOO to decide which storage it backs up your media to.

Even though this app is the first of its type you can see that this will revolutionise the area of personal cloud and imagine if in the future encryption of uploaded files was offered or a facility to create a duplicate backup across 2 providers for extra security, everyone sign up in a flash.

Cloud Storage

Technology Predictions verses Business Strategy

PredictionsAs we step into 2014 the predictions for the next 12 months have already started to emerge and it seems that the traditional media set has expanded to now include television with technology predictions coming from analysts to futurologists. Even though I have heard from a number of excellent futurologists over the years the term now seems to have expanded to include anyone who is aware of new technologies and worryingly I even saw a self proposed corporate futurologist on a television programme over Christmas basing predictions on the current consumer technology available.

Wikipedia Definition

Futurists or futurologists are scientists and social scientists whose specialty is to attempt to systematically explore predictions and possibilities about the future

Technology is important however it is only an enabler. For most trends to become pervasive a number of other complementary technologies and cultural shifts need to take place. If we look at the iPad as an example, was the IPad itself the technology which changed consumers behaviors away from Laptops to Tablets or was it the App Store Concept? Both were important advances in their own right however it was only when they were combined that the real change was made which has continued to grow.

The same is true for the enterprise, with the advent of cloud the ability to purchase software without the need for home grown development or hosting has meant that delivery cycles and costs have reduced (although this has been at the expense of using vanilla products). The Cloud has therefore enabled Corporates to become more agile however it has never been more important to have an exploitation strategy within its Business Case which not only includes how the products are used but also how your data interacts, is stored plus how you would exit.

Today’s technology choices are immense however technology is only an enabler it is important to ensure that it addresses the needs of the organisation and satisfies the ever changing socioeconomic needs of consumer. Therefore as new trends emerge it is paramount to ensure that the technology actually addresses your strategic direction and requirements and are not just a vanilla offering which satisfies short term perceived consumer trends.

What is your limit with regards to sharing information on line?

HeartBeatOver the last few years we have all embraced the World Wide Web and in turn had to change our engrained beliefs about sharing our personal information.  At first it was just your name, address and email details to enable you to buy things, then with the advent of Social we all started to share a bit more of our soul (hopefully only to select groups) with pictures and views.  Even though in the back of everyone’s mind still lurked security concerns due to the long list  of hacking scandals, the hope that from going from simple short passwords to longer complex ones would secure your data effectively.  However at the end of the day if you were compromised, usually updating your password and getting a new credit card would suffice.

With recent advances in technology though and the constant need to digitise is this all about to change?

In the last month alone we have seen Barclays launching a Cloud Based Document Management System so you can store copies of all your important documents like your driving licence and passport.  Apple released the iPhone 5S with a fingerprint scanner and a new start-up called Nymi announced an authentication device which uses your own unique cardiac rhythm.  Even Nissan announced it was working on a smart watch that monitors you and the car and would eventually capture your heartbeat and brainwaves.  In addition to these Microsoft has also launched a Healthvault to enable you to organise your family’s health information.

What is wrong with this you may ask? 

Although all of these technologies sound fantastic and I myself would love to use them all, the big question is how much do you trust the supplier?  Do you know them, do they run their own computers or outsource everything, what happened if they were compromised and your information got out? Up to now if your password was compromised you could just choose another one, but what would happen if Information like your fingerprints or cardiac rhythm which is unique to you was compromised? We worry now about having someone stealing our identity by using basic information, what would happen if they had information so personal that it would never change during your whole lifetime, once your extremely personal information is out there it can’t be altered, it is 100% you and someone else may have it? 

I am sure most companies will stay ahead of the game and ensure everyone’s data is secure, however how much of your personal information would you trust with a stranger?  Would you choose to be an early adopter or laggard with these advances?

Think Local, Act Global

Think Local, Act GlobalEvery year a number of buzz words and catchphrases do the rounds and most make you cringe when you hear them however “Think Local, Act Global” really resonates as one which not only is sensible it also addresses some of the issues being faced by the enterprise in these austere times.

Over the last few years most companies have reviewed their loss making divisions and have started to address or devolve.  However there will come a time in the future when expansion will once again become the norm so ensuring that all decisions now “Think Local, Act Global” is essential. 

 Every organisation must ensure that every decision made suits the immediate need but will also be acceptable financially and culturally if it is rolled out globally.  In the IT space Cloud technologies are becoming more acceptable however user based pricing is becoming the norm rather than processor.  This is great at a local level however at scale the costs may become unacceptable.  Therefore all strategic functions must not only decide on the domains for the organisation but now be more aware of global implications of selection.

 By adopting “Think Local, Act Global” not only will be decisions be made that are acceptable to the users it will also ensure that organisations are fit for the future.

Innovation should not only disrupt but also challenge current beliefs

Innovation is an interesting field as it encompasses “change” in all areas, albeit most people only sight “disruption” as its main component. It would be nice to think that every person involved in Innovation only dealt with creating the latest new craze however for most incremental change is their bread and butter.

From a business as usual perspective one of the most important elements to understand when embarking on change is the cultural beliefs and expectations both from within the organisation and of the consumers, as these tend to change over the years and should encourage product updates. One product line which should have changed as cultural expectations shifted over the years is the personal computing market.

One of the biggest drivers which have changed the consumer’s personal computing needs is the advent of “cloud app stores” and the belief that the internet is now a safer place to transact where downloading applications and making purchases is acceptable. Prior to this most consumers needed to have a Laptop or Desktop “fully loaded” with a minimum spec of software so that they could complete a full range of activities from surfing the web to creating documents and any further software would need to be purchased and loaded by the user.

With the advent of the “cloud app stores” many entry level devices have launched onto the market with basic computing features which can be updated with paid apps to bring the user towards the previous “fully loaded” computer. In this decade “Less is Certainly More”. 

One thing that still surprises me is that even though the personal computing market is offering services which most casual Internet users no longer need most reporters continue to focus on its demise. Should we not be reporting that PC sales have only plunged 14%?

“Personal computer sales plunged 14 percent in the first three months of the year, the biggest decline in two decades of keeping records, as tablets continue to gain in popularity and buyers appear to be avoiding Microsoft Corp’s new Windows 8 system, according to a leading tech tracking firm”

The Personal Computing market is no different from any other Product Line which at first offered a product in which “one size had to fit all” however those days are gone and personalisation is the key. Real innovators recognise Cultural changes in society and introduce or update products that may cannibalise existing lines but still retain customer spend.

It is better to innovate a product line than loose it to your competitors.

Will Cloud Computing become as pervasive as Electricity?

Electrification was once called “the most important engineering achievement of the 20th century” by the National Academy of Engineering, and following a number of commercial uses all with different technologies and standards the technology converged and became commonplace in households (In large cities to begin with) during the 1920s.

In my view this evolution is not that dissimilar from the adoption of Cloud Services; before the inception of Broadband most institutions had little option but to build and run their own systems or get a partners to host. But post Broadband the ability to transmit data at fast speeds has seen the emergence of SAAS, PAAS, IAAS etc. which is evolving how enterprises procure technology and fix costs.

Even in the consumer space the use of the cloud is becoming more and more popular, especially if we think the new Apple operating system IOS5 includes iCloud and in the first 3 days of launching the Apple iPhone 4s 4million units were sold.

So if the enterprise and consumer are drifting into more and more cloud solutions could cloud Computing become a utility (Like Electricity) which we all subscribe to and get a monthly bill for usage??