Cloud computing


Microsoft has has announced the opening of its first datacenters at two locations in Africa: Cape Town and Johannesburg , South Africa. The new datacenters on the continent will make Microsoft Azure cloud services available to benefit organizations with increased computing sources and connectivity.

The new cloud regions in South Africa will ensure that Africa is fully connected to Microsoft’s global cloud infrastructure which will increase business opportunities, help accelerate new global investment, and improve access to cloud and Internet services across Africa.

Gartner predicts a 21.4% growth of the public cloud market, leading to a total $186.4 billion by the end of the year. While the largest investment is in software as a service (SaaS) at the moment, the analysis predicts a much higher revenue for Infrastructure as a Service (IaaS) in the next three years. The high concentration on the IaaS market is expected to grow, with the top 10 players accounting for 70% of the market by 2021.


The Clarifying Lawful Overseas Use of Data (CLOUD) Act was signed into law on 22 March by President Donald Trump. The new legislation amends the 1986 Stored Communications Act to allow federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of where in the world the data is stored. The CLOUD Act allows for requesting any data on U.S. citizens stored on any server they own or operate when an warrant exists and it introduces expedited procedures for ‘executive agreements’ with foreign governments. While many companies expressed their support for the law in a joint letter on 6 February, civil society groups and human rights organizations warned on 12 March that the CLOUD Act ‘undermines privacy and important democratic safeguards’.

Apple is set to begin hosting Chinese iCloud accounts in China, raising fears about human rights, as state authorities gain easier access to data stored in the cloud, according to Reuters. The article reports that 'Human rights activists say they fear the authorities could use that power to track down dissidents.' Apple issued a statement saying that this is necessary to comply with new Chinese laws requiring that cloud services for Chinese citizens be stored in China, by Chinese companies, noting 'While we advocated against iCloud being subject to these laws, we were ultimately unsuccessful.' Apple said that iCoud keys stored in China will not give access to data stored in other countries, but privacy lawyers say protection for Chinese customers will suffer. 

Cloud environment of Tesla, the carmaker, was exploited by an attacker to mine cryptocurrencies, RedLock security firm reports in its study “Cloud Security Intelligence (CSI)”. The unsecured Kubernetes console - an open source system used for operation of application containers, virtualised software and cloud-based services - exposed access credentials to Tesla’s Amazon Web Service (AWS) cloud environment, which allowed attackers to inject cryptocurrency mining scripts as well as to reach out to sensitive data such as vehicle telemetry. The study suggests that the unauthorized use of computing power to mine cryptocurrency - known as cryptojacking - is becoming an increasing threat for cloud environments, such as those of Amazon, Microsoft and Google.

Apple partnered with Guizhou-Cloud Big Data, a Chinese state-owned company, to build Apple’s first data-storage center in China. The iCloud content of Apple ID users registered in China will be sent to and managed by Guizhou-Cloud Big Data starting in March. Apple’s new terms and conditions agreement with China reveals that all personal information and files of Chinese customers stored on the iCloud will be shared with the Guizhou-Cloud Big Data and could be further accesed and scrutinised the Chinese authorities.

Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection). At the same time, the fact that our data are stored with a third party - often in pieces and copies scattered around several jurisdictions - raises concerns for privacy. Security of the cloud is likely to be on a much higher level than of our own computers, but the risk from penetrating into a system of any cloud provider increases, since each cloud contains vast information about many citizens and companies.


The first wave of cloud computing started with the use of online mail servers (Gmail, Yahoo!), social media applications (Facebook, Twitter) and online applications (Wikis, blogs, Google docs). Apart from everyday applications, cloud computing is extensively used for business software. More and more of our digital assets are moving from our hard disks to the cloud. The main players in cloud computing are Google, Microsoft, Apple, Amazon, and Facebook, who either already have or plan to develop big server farms.

From hard disks to cloud computing

In the early days of computers, there were powerful mainframe computers and ‘dumb’ workstations. The power was in the centre. After that, for a long time, with PCs and Windows applications, computer power moved to the periphery. Will cloud computing close the circle? Are we going to have a few big central computers/server farms and billions of dumb units in the form of notebooks, monitors, and mobile phones? The answer to this and other questions will need time. Currently, we can identify a few Internet governance issues which are very likely to emerge in parallel with the development of cloud computing.

  • With more services delivered online, modern society will increase its dependence on the Internet. When the Internet went down in the past, damage was limited to the inability to send e-mails or browse the web. In the era of cloud computing, we may not even be able to write texts or perform calculations. This higher dependence on the Internet will imply higher pressure on its robustness and reliability.
  • With more of our personal data stored on clouds, the question of privacy and data protection will become central. Will we have control over our text files, e-mails, and other data? Could cloud operators use this data without our permission? Who will have access to our data?
  • With a growing volume of information assets going digital, countries may become uncomfortable with having national information assets outside their national ‘borders’. They may try to create national or regional clouds or make sure that existing clouds are managed with some degree of international supervision. Nationalisation of clouds could be further accelerated by the fact that all main operators in this field are based in the United States. Some argue that the current ICANN-centred debate may be replaced by an Internet governance debate on the regulation of cloud computing.
  • With a diverse set of operators of cloud computing, the question of standards is becoming very important. The adoption of common standards will ensure a smooth transfer of data among different clouds (e.g. from Google to Apple). One possibility that is being discussed is the adoption of open standards by the main players in cloud computing.

There are a number of working groups on cloud computing, such as The Open Group Cloud Computing Work Group, which includes some of the industry’s leading cloud providers and end-user organisations; and the Cloud Computing Strategy Working Group by the European Telecommunications Standards Institute (ETSI).

The governance of cloud computing is likely to emerge through the interplay of various actors and bodies. For example, the EU is concerned with privacy and data protection. The Safe Harbour agreement, which was meant to solve the problem of different privacy regimes in the USA and the EU, has been declared invalid by the European Court of Justice in October 2015. With more digital data crossing the Atlantic Ocean, the EU and the USA will have to address the question of protection of privacy according to EU regulation by US companies, the main operators in cloud computing. This issue came into sharper focus after the Snowden revelations of mass surveillance.  

Standards will most likely be developed through agreements among the main companies. Google has already started a strong push towards open standards by establishing the Data Liberation Front, aimed at ensuring a smooth transition of data between different clouds. These are the first building blocks that will address the question of the governance of cloud computing. Others are likely to emerge as solutions for concrete policy problems.




The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud manag


The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud management, reference architecture, hybrid clouds, and security and compliance issues. Deliverables of its work range from cloud reference architectures (e.g. Cloud Customer Architecture for Big Data and Analytics and Cloud Customer Architecture for e-Commerce), practical guides (e.g. Practical Guide to Hybrid Cloud Computing and Practical Guide to Platform-as-a-Service), cloud service agreements, and other resources on cloud security, and industry and related cloud technologies. The Council also organises various webinars and in situ events focused on issues such as cloud data residency, cloud architectures for the Internet of Things, and blockchain technologies.


The Alliance focuses its activities on issues related to cloud computing security.


The Alliance focuses its activities on issues related to cloud computing security. These include research, education and awareness raising, certification, events, and products. In 2010, it launched the first cloud security user certification, and it also operates the Security, Trust & Assurance Registry cloud security provider certification programme. Over 30 working groups focus on issues such as big data, blockchain and distributed ledger, cloud data governance, cloud trust, security as a service, top threats, incident management and forensic, etc. The Alliance has also several initiatives and projects, such as the Cloud Accountability Project and the Best Practices for Cyber Incident Exchange initiative.


The Consortium works on creating an open and interoperable framework for


The Consortium works on creating an open and interoperable framework for fog computing – an architecture that distributes resources and services along the continuum from cloud to devices. Several committees and working groups focus on technical work (building operational models and testbeds for fog computing), contributing to the development of standards within relevant standardisation organisations, promoting innovation, and contributing to educating both the industry and the market on the advantaged of fog computing. In February 2016, the Consortium published the OpenFog Reference Architecture, containing details on the eight pillars in an OpenFog architecture: security, scalability, openness, autonomy, programmability, RAS (reliability, availability, and serviceability), agility, and hierarchy.


More and more standards and guidelines developed by ISO cover issues related to data and information security,


More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.


The World Wide Web (WWW) was developed


The World Wide Web (WWW) was developed at CERN, in 1989, by Tim Berners-Lee. The aim was to allow for automatic information-sharing between universities and research institutes around the world. The first website was also created at CERN, dedicated to the WWW project itself. In 1992, the first readily accessible browser for the WWW was launched. In 1993, the WWW software was put in the public domain and made freely available, thus allowing the web to further develop. The HyperText Markup Language (HTML) and the HyperText Transfer Protocol (HTTP) were developed at CERN as well, based on a proposal from Berners-Lee.


Resolutions & Declarations


ITU-T Recommendation X.1601 Security Framework for Cloud Computing (2015)
Recommendation ITU-T Y.3600 'Big data – cloud computing based requirements and capabilities' (2015)

Other Instruments



Roundup of Cloud Computing Forecasts and Market Estimates, 2016 (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Governments and Cloud Computing: Roles, Approaches, and Policy Considerations (2014)
Cloud Innovation and the Law: Issues, Approaches, and Interplay (2014)
Cloud computing from EU Competition Law Perspective (2013)


Hosting and Cloud Study 2016: The Digital Revolution, Powered by Cloud (2016)
Blue Skies Ahead? The State of Cloud Adoption (2016)
IT Trends Report 2016: The Hybrid IT Evolution (2016)
Cloud Computing and Accessibility Considerations (draft) (2016)
2016 Global Encryption Trends Study (2016)
Cloud Readiness Index 2016

GIP event reports

Looking Ahead: What to Expect in the Cyber Realm (2017)

Other resources

Cloud Computing Guidelines for SMEs and Microenterprises (2016)
Practical Guide to Hybrid Cloud Computing (2016)
Cloud Computing Survey 2015 (2015)
Privacy Level Agreement [v2]: A Compliance Tool for Providing Cloud Services in the European Union (2015)
Practical Guide to Cloud Service Agreements (2015)
Security for Cloud Computing - Ten Steps to Ensure Success (2015)
Practical Guide to Cloud Computing (2014)
The Cloud Infographic


The GIP Digital Watch observatory is provided by



and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top