Earlier this month The Information Technology & Innovation Foundation (ITIF) published a prediction that the U.S. cloud computing industry stands to lose up to $35 billion by 2016 thanks to the National Security Agency (NSA) PRISM project, leaked to the media in June. We think this estimate is too low and could be as high as $180 billion or a 25% hit to overall IT service provider revenues in that same timeframe. That is, if you believe the assumption that government spying is more a concern than the business benefits of going cloud.
Having read through the thoughtful analysis by Daniel Castro at ITIF, we commend him and this think tank on their reasoning and cost estimates. However the analysis really limited the impact to the actions of non-US corporations. The high-end figure, assumes US-based cloud computing providers would lose 20% of the potential revenues available from the foreign market. However we believe there are two additional impacts that would further be felt from this revelation:
1. US customers would also bypass US cloud providers for their international and overseas business - costing these cloud providers up to 20% of this business as well.
2. Non-US cloud providers will lose as much as 20% of their available overseas and domestic opportunities due to other governments taking similar actions.
Let's examine these two cases in a bit more detail.
Notes from the TechAmerica Europe seminar in Brussels, March 27, 2013
This may not be the most timely event write-up ever produced, but in light of all the discussions I’ve had on the same themes during the past few weeks, I thought I’d share my notes anyway.
The purpose of the event was to peel away some of the hype layers around the “big data” discussion, and — from a European perspective — take a look at the opportunities as well as challenges brought by the increasing amounts of data that is available, and the technologies that enable its exploitation. As was to be expected, an ever-present subtext was the potential of having laws and regulations put in place which — while well-intentioned — can ultimately stifle innovation and even act against consumer interests. And speaking of innovation: Another theme running through several of the discussions was the seeming lack of technology-driven innovation in Europe, in particular when considered in the context of an economic environment in dire need of every stimulus it can get.
The scene was set by John Boswell, senior VP, chief legal officer, and corporate secretary at SAS, who provided a neat summary of the technology developments (cheap storage, unprecedented access to compute power, pervasive connectivity) giving rise to countless opportunities related to the availability, sharing and exploitation of ever-increasing amounts of data. He also outlined the threats posed to companies, governments, and individuals by those who with more sinister intent when it comes to data exploitation, be it for ideological, financial, or political reasons. Clearly, those threats require mitigation, but John also made the point that “regulatory overlays” can also hinder progress, through limiting or even preventing altogether the free flow of data.
As data flows between countries with disparate data protection laws, firms need to ensure the safety of their customer and employee data through regulatory compliance and due diligence. However, multinational organizations often find global data privacy laws exceedingly challenging. To help our clients address these challenges, Forrester developed a research and planning tool called the Data Privacy Heat Map (try the demo version here). Originally published in 2010, the tool leverages in-depth analyses of the privacy-related laws and cultures of 54 countries around the world, helping our clients better strategize their own global privacy and data protection approaches.
Regulation in the data privacy arena is far from static. In the year since we last updated the heat map, we have seen many changes to how countries around the world view and enforce data privacy. Forrester has tracked and rated each of these 54 countries across seven different metrics directly within the tool. Among them, seven countries had their ratings change over the past year. Some of the most significant changes corporations are concerned with involve:
New national omnibus data privacy laws spanning private and/or public industry. Data privacy regulation, when looked at globally, forms a spectrum of maturity beginning with spotty industry or situation-specific laws all the way to omnibus frameworks. As you might expect, responsible corporations prefer to engage in business practices where the data privacy laws are clearly-defined and transparent. For instance, countries such as Brazil and China are in the process of moving towards potential omnibus laws which will replace a multitude of sectoral and situation-based laws. Other countries, such as Colombia and Singapore, have recently passed far-reaching omnibus laws, also replacing a patchwork of prior sectoral laws.
Reflections from the 10th Safer Internet Day Conference in Berlin, February 5th 2013
Earlier this month, I had the pleasure of speaking at the Safer Internet Day Conference in Berlin, organized by the Federal Ministry of Consumer Protection, Food and Agriculture and BITKOM, the German Association for Information Technology, Telecommunication and New Media. The conference title, ‘Big Data – Gold Mine or Dynamite?’ set the scene; after my little introductory speech on what big data really means and why this is a relevant topic for all of us (industry, consumers, and government), the follow-up presentations pretty much focused either on the ‘gold mine’ or the ‘dynamite’ aspect. To come straight to the point: I was very surprised, if not slightly shocked at how deep a gap became visible between the industry on the one side and the government (mainly the data protection authorities) on the other side.
While industry representatives, spearheaded by the BITKOM president Prof. Dieter Kempf and speakers from IBM, IMS Health, SAS, and others, highlighted interesting showcases and future opportunities for big data, Peter Schaar, the Federal Commissioner for Data Protection, seemed to be on a crusade to protect ‘innocent citizens’ from the ‘baddies’ in the industry.
Yesterday, I realized I have a criminal side. Of course, I know that I have a bit of a history for speeding. And I’ve had my share of parking fines. But until yesterday afternoon, I didn't think I had ever violated someone else's property rights. Now I know that I have – and I do it quite regularly as well.
The data protection laws talk about data. Data is defined as every type of information in a machine (device). When I’m talking and you’re listening, there’s no data. When I’m talking and you record my voice or take a picture, there’s data.
Last month, Ed and I spent a couple days in Paris with Orange's management team for their annual analyst event. Overall I was impressed with Orange’s innovation in business service offerings as well as their extensive global reach. Many of the large telecoms (Verizon, AT&T, Sprint, etc.) have had to and very much want to expand their business offerings. The telecoms clearly see platform-as-a-service as the natural extension of their core telecom business. Just selling bandwidth is no longer sufficient for these companies, which is in fact now a commodity business. Orange is no exception. This evolution in the telecom business model has been successful due to the industry’s ability to:
Offer endpoint and network security optimization solutions coherent with their existing bandwidth business. With their unique vantage point over the network, the telecoms are ideally placed to deliver “clean pipe” Internet service by stopping outside network threats before they reach their customers’ endpoints. For instance, Orange’s DDoS protection service can leverage their large global footprint and control over the infrastructure to gather intelligence and exercise defensive measures farther up the stack than most of their non-telecom competitors.
Recently I attended one of the day-long events in Munich that Google offers as part of its atmosphere on tour road show that visits 24 cities globally in 2012. The event series is aimed at enterprise customers and aims to get them interested in Google’s enterprise solutions, including Google Apps, search, analytics and mapping services, as well as the Chrome Book and Chrome Box devices.
Google Enterprise as a division has been around for some time, but it is only fairly recently that Google started to push the enterprise solutions more actively into the market through marketing initiatives. The cloud-delivery model clearly plays a central role for Google’s enterprise pitch (my colleague Stefan Ried also held a presentation on the potential of cloud computing at the event).
Still, the event itself was a touch light on details and remained pretty high level throughout. Whilst nobody expects Google to communicate a detailed five-year plan, it would have been useful to get more insights into Google’s vision for the enterprise and how it intends to cater to these needs. Thankfully, prior to the official event, Google shared some valuable details of this vision with us. The four main themes that stuck out for us are: