A good friend of mine, John Weigelt, National Technology Officer for Microsoft Canada had an interview with Mary Allen from http://itincanada.ca about cloud computing and what are points to know about the good ol’ US Patriot Act, Canadian PIPEDA and security/privacy in cloud environments. The article is a long one – 14 pages (I guess they are lookin’ to bump up their add revenue and page views) but it is now probably my top “Must Read” for understanding and decoding this online BS IT Pros are concerned about when it comes to looking at IT As a Service with Cloud Computing.
As Canadian IT Professionals, we have to stop hiding behind the US Patriot act as our safety blanket for preventing cloud technologies from being considered and adopted in our environment. Likewise – PIPEDA (Canadian privacy legislation) is a close second safety blanket that gets thrown in front of projects headed skywards all too often. Believe it or not – you have to know what your requirements are for ALL data – whether it’s in house or hosted in Canada or in a public cloud provider.
My advice to anyone reading this that dismisses “cloud” as hype, insecure, never-going-to-come-into-this-shop banter to stop and take a moment. Grab a coffee, click thru to this article and take the time to read each of the 14 pages (damn! I wish they had one ‘Print Ready’ article link) and take some notes. John’s got a way of cutting it down to terms and issues you can relate to and understand is great. Once you’ve read it and taken some notes – share it around your peers / managers and others and have a conversation about cloud services.
Be proactive, instead of reactive.
One of my favourite quotes from John on this one on the topic of getting past the “what government has access to my data” privacy issue and focus instead on overall security practices across your data no matter where it resides. (around page 7 and 8 if you are keeping track).
Another good analysis has been done by a privacy lawyer out in Nova Scotia, David Fraser, who presented at the Privacy Commission consultations. He argues that privacy legislation in Canada, the UK and the US is fundamentally similar so those provisions of access that the US government has are shared by Canadian authorities. As a result, the Canadian government has the ability to access information in much the same way the US government has. So one of the first tasks is to demystify the elephant in the room – the US Patriot Act.
What we need to do is to put this concern aside, and focus on the real issue which is safeguarding your information. (emphasis is mine) Today businesses protect their information in a certain manner – some are better at it than others but they do have an approach. As you begin to move your services outside your organizational boundaries – perhaps you have a hosted cloud from a Canadian hosting provider, perhaps you are going to an international, commercial cloud – you can’t toss your security challenges over the fence and hope that someone else will resolve them. What you need to consider is the security of that environment.
take the time. have a read. start the discussion. You won’t regret it.
Check out my about.me profile!