The phrase “invisible hand” was coined by Adam Smith in the book ‘The Wealth of Nations’.  The theory behind this very popular phrase are the social benefits to individual actions.  The invisible hand theory has evolved and was turned to public policy formulation as a strategic means for intending social benefit.   Balancing control, promoting business interest and ultimately attaining social benefits have been at the forefront of National Development objectives.

The invisible hand, in predominantly the Cloud private sector, has unleashed new possibilities and innovative services, delivering social benefits, creating new markets or disrupting existing industries.

In the public sector, security and privacy issues have always been perceived as the main roadblock to wider cloud adoption, with many governments imposing some form of control or restrictions to secure sensitive information stored in the cloud.  These roadblocks can be addressed, through effective legislation or policy that impose certain obligations on the Cloud Service Providers (CSPs).   Many CSPs have already established more favorable terms for consumers; ensuring customer information is not provided to third parties without consent; deleting customer information upon termination of the cloud contract; disclosing the physical location of customer hosted information and other compliance related conditions.  For a CSPs long term success, they must achieve high standards for information protection to boost consumer confidence and trust.

Almost 100 countries around the world have implemented Data Protection and Privacy laws.  These laws vary from Country to Country inside the GCC, with KSA recently issuing a public consultation on the proposed regulation of Cloud in the KingdomDLA Piper’s Data Protection Laws of the World Handbook provides insights into country-specific data protection legislation.  In Asia, the South Korean Government passed the world’s first cloud-specific law, with the stated aim of driving cloud adoption in Korea, taking both a balanced and controlled course.  The South Korean Cloud Act aims to promote the cloud market in Korea.  The Government views cloud computing essential to raising Korea’s global competitiveness whilst ensuring controls are in place to protect consumers and the public sector.  There are three component parts to the strategy behind the Cloud Act:

  1. Increase investment and support in the cloud market from both the government and private sector
  2. Permit and encourage the use of cloud services (including public cloud services) by the public sector
  3. Placing appropriate controls on Cloud Service Providers (CSPs)

A crucial objective of any cloud legal and policy framework, needs a balance of ‘control’ with ‘encouraging’ cloud adoption to accelerate innovation and gain competitive edge.

Balance Cloud Control with Encouraging Adoption

“By 2020, a Corporate ‘No-Cloud’ Policy Will Be as Rare as a ‘No-Internet’ Policy Is Today” (Gartner press release 22 June 2016). Many Organizations have already launched their Cloud First Policies and software vendors are building cloud-native applications.  The market for easily accessible and consumable services has become the de-facto, with many vendors cannibalizing their on-premise business in favor of cloud-based offerings.  The shift from ‘No Cloud’ to ‘Cloud First’ to ‘Cloud Only’ has started with the latter in the near distant future.

The public sector has an important role to play to protect it’s national security interests whilst promoting global competitiveness for its consumers.  The right balance between Control and National Development will provide a foundation for innovation and economic growth.