I presented to a great audience of access and privacy professionals today at the 2009 Ontario Access and Privacy Workshop. My slides are below.
To give this presentation I had to answer for myself whether outsourcing to the cloud is the same as any other data processing outsourcing. I settled on, “not quite” and argued outsourcing to the cloud is different because (1) it will usually be a cross-border outsourcing, which comes with a special set of considerations (especially for government) and (2) the cloud service provider’s business model may not be flexible enough to allow for it to meet an organization’s need to satisfy specific data security requirements.
I’m not a cloud basher. I’ve argued here that one of the legal concerns about outsourcing to the cloud is poorly founded and also have have concerns that the cross-border data transfer issue is a bugaboo. However, outsourcing to the cloud does seem to be a bit of a different game then entering a one-to-one business relationship with a “normal” data processor. Just some thoughts, which I’d invite comment on below.