While financial services and banking firms are increasingly looking to cloud computing services to enhance their businesses, actual take-up is being hampered by legal uncertainties and conflict between the EU and the US over data privacy.
Banking and other financial services firms had been expected by industry observers to be among the most likely to use cloud computing. Advocates of cloud say it can allow these companies to reduce overhead costs, make IT costs more flexible and enable new business models.
Gartner, a major IT research and advisory firm, recently conducted a survey which found that 44% of financial services firms' Chief Information Officers in Europe expected more than half of their transactions would be supported by cloud infrastructure by 2015.
However, Peter Redshaw, Gartner's managing vice president, was sceptical that this would be achieved given existing trends. "The current levels of usage are very low, less than 5%. … [To reach 50% by 2015] is a very rapid rise and there is no indication that this sort of transformation is happening yet," he said.
Radshaw argued that while several issues posed obstacles to the pick-up of cloud computing, the most important was legal uncertainty, saying: "That is the one that [financial services firms] give 90% of their attention to: the regulatory obstacle."
MEPs reaffirm data privacy
Meanwhile in Brussels, EU lawmakers appear keener than ever to protect people's privacy online, including on cloud services.
The European People's Party (EPP), the largest group in the European Parliament, issued a Strategy Paper on internet regulation on Thursday (1 December), which reaffirms the principle that EU privacy standards must apply to all data collected within the EU, even if it is stored on servers elsewhere.
While noting "the promising economic and commercial prospects of the cloud" the paper says: "Either EU jurisdiction must be extended to all data collected within the EU or via international agreements which allow the EU to control that its standards are kept in third countries."
The paper is intended to inform the Commission's new proposals on data protection expected for early 2012.
An EPP source close to the issue said the use of cloud would be excluded in the absence of such protection. "We need to ensure that the confidentiality of the data that banks and insurance companies use is guaranteed and therefore they cannot use cloud computing [outside of Europe]. They have an interest in a clear regulatory framework to develop their new business models," he said.
This could put the EU on a collision course with the US as American legislation, notably related to counter-terrorism, mandates government access to data stored on US soil. Joe McNamee of European Digital Rights (EDRI), an online privacy watchdog, said: "The Patriot Act and FAISA demand access to data without giving information to the data subject. So you can end up in unfortunate conflicts of law and ethics if you move data to the US."
The Parliament has been assertive on issues of privacy in the past. In February 2010, it voted to reject the so-called SWIFT agreement to share financial data between the EU and the US, only ratifying a renegotiated deal the following July.
From savings to security
While security issues represent a major obstacle to the adoption of cloud computing, some firms are also looking to them as a business opportunity.
ITpreneurs is a Dutch company specialised in IT training, including relative to cloud computing and the banking sector. While they mostly work with other IT firms, last year they trained over 2,500 staff for banks ING and ABN AMRO in the use of cloud computing, with the aim of reducing manpower needs and server costs.
Laurens Gunneweg, product manager with ITpreneurs, claimed there was a shift in priorities with regard to cloud, saying: "[in 2010] it was more about the economies of scale and the changing ways of working in the organisations. I think now things are changing … security is the major issue in cloud computing."
"That's why we want to work with security specialists to create a global certificate for data protection," he said, referring to a possible certification scheme being work on by the Cloud Credential Council.