Cloud has been touted as the path to easing IT operations and data storage, but increasingly stringent and region-specific data regulations are hampering its easy adoption.
Sensitive data in Germany, for example, such as that created from financial transactions, has to be stored in data centres within the country's borders.
Then there are concerns about the control and access that some countries have over the data stored in data centres within their borders, even if the information is owned by a company from another country.
The problems have grown to the extent that Macquarie University in Australia recently abandoned Gmail, citing decisions by Google to move the university's data from facilities in Europe to the US.
The move would have put the university's data under the control of US regulations, about which it was not happy owing to concerns about information security.
Macquarie opted instead for email delivered through Microsoft's Office 365 suite supported by the Azure cloud platform hosted in local data centres.
Google makes no promises to Google Apps customers about where their data will be hosted, meaning that those who wish to store sensitive data in specific areas need to use another service.
Tony Baer, principal analyst at Ovum, told V3 that data movement is likely to be restricted legally or by a cloud user's preference in the foreseeable future.
"The general trend in the long run is for data to stay within the borders of legal/national jurisdictions, not only to observe emerging and existing regulations regarding data movement, but to minimise regulatory compliance complexity for scenarios where data from multiple jurisdictions would otherwise flow to some neutral offshore site," he said.
This makes decisions like Macquarie University's more likely to take place.
No port in the data storm
The EU Court of Justice recently declared the EU-US Safe Harbour framework invalid, thereby preventing the transfer of data from European data centres to those in the US, so cloud coverage and the location of the data centres supporting it is about to become more important.
Elaine Fletcher, director at law firm DWF, explained that the ruling will muddy the waters for companies providing cloud platforms and their customers.
"This ruling creates a great deal of uncertainty for almost any business that transfers data, particularly where this involves a cloud-based [service]," she said.
"But organisations must act swiftly to show they are taking the security of data they hold on customers and their data protection rights seriously and proactively identify how far their current contracts with customers go on this. There are alternative options available to them, but these may be harder to implement."
The Safe Harbour ruling could see cloud service providers establish regional or national data centres, as seen with NetSuite's opening of two facilities in the EU to offer services to regulated sectors in the Eurozone.
The same can be said for Salesforce, which recently expanded its presence in the EU with a new data centre while Box is using IBM's reach with its SoftLayer platform to offer data hosting within Europe.
Building safe harbours
This trend is likely to increase. Laurent Lachal, senior analyst at Ovum, echoed his colleague's views, but noted that stringent data regulations will galvanise more cloud vendors to offer services tailored to local regions.
However, he told V3 that they will face evolving data regulations as exemplified by the EU's stance on transferring data to the US, which will have the knock-on effect of making prospective customers more cautious about moving regulated data into the cloud.
Lachal explained that regulations and customer demands will have an effect on large and small cloud vendors in how they provide services and where their data centres are located.
"The largest are still building their international presence. Amazon Web Services [AWS] recently announced that it will create a data centre in India. Azure is already available there, and it will end up with a global infrastructure," he said. "Smaller providers will focus on specific areas/vertical domains."
There is an argument that larger cloud vendors have too big a footprint to adhere to the different data regulations in the counties in which they provide services.
But Lachal does not believe this will happen. "The idea that having a global infrastructure puts large providers at a disadvantage regarding data movements is wrong," he said.
"I know for a fact that AWS regions are designed in such a way that data cannot flow between them unless customers specifically organise for it to do so. I expect this to be the case for other providers."
It would appear that evolving data regulations are an opportunity and a curse for cloud providers.
Those with a large reach, such as Microsoft, Google and AWS, will find opportunities by using their scale to target new countries and transnational regions, yet will need to provide services than can be tailored to local data laws and consumer demands.
Smaller firms have the opportunity to beat the cloud giants to the mark by focusing services on certain nations. But they will have to move quickly as the likes of AWS and Azure are expanding rapidly.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone