Cloud computing


4 May 2017

An ‘incredibly sophisticated’ phishing campaign using spoofed email addresses affected over a million users of Google’s Software as a Service (SoA) ‘Docs’ platform. By purporting to share a document for collaboration, the program requested access to the user’s email account. Google addressed the issue and released a statement and invited affected users to visit its security checkup page.

2 May 2017

Verizon announced it sold its cloud and managed hosting services to IBM, while continuing to work alongside on strategic initiatives. The transaction will be completed later this year.

20 Apr 2017

India’s Ministry of Electronics and Information Technology has issued three sets of guidelines on the adoption and procurement of cloud services, service level agreement for procuring cloud services and contractual terms related to cloud services. Part of its MeghRaj Policy, these guidelines define the technical, managerial and legal requirements for the adoption of cloud services by the Government. The guidelines' reliance on ISO standards, as well as the inclusion of a binding requirement for all cloud services providers to store governmental IT data within Indian territory have been met with both positive and negative reactions in the country.


Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection). At the same time, the fact that our data are stored with a third party - often in pieces and copies scattered around several jurisdictions - raises concerns for privacy. Security of the cloud is likely to be on a much higher level than of our own computers, but the risk from penetrating into a system of any cloud provider increases, since each cloud contains vast information about many citizens and companies.


The first wave of cloud computing started with the use of online mail servers (Gmail, Yahoo!), social media applications (Facebook, Twitter) and online applications (Wikis, blogs, Google docs). Apart from everyday applications, cloud computing is extensively used for business software. More and more of our digital assets are moving from our hard disks to the cloud. The main players in cloud computing are Google, Microsoft, Apple, Amazon, and Facebook, who either already have or plan to develop big server farms.

From hard disks to cloud computing

In the early days of computers, there were powerful mainframe computers and ‘dumb’ workstations. The power was in the centre. After that, for a long time, with PCs and Windows applications, computer power moved to the periphery. Will cloud computing close the circle? Are we going to have a few big central computers/server farms and billions of dumb units in the form of notebooks, monitors, and mobile phones? The answer to this and other questions will need time. Currently, we can identify a few Internet governance issues which are very likely to emerge in parallel with the development of cloud computing.

  • With more services delivered online, modern society will increase its dependence on the Internet. When the Internet went down in the past, damage was limited to the inability to send e-mails or browse the web. In the era of cloud computing, we may not even be able to write texts or perform calculations. This higher dependence on the Internet will imply higher pressure on its robustness and reliability.
  • With more of our personal data stored on clouds, the question of privacy and data protection will become central. Will we have control over our text files, e-mails, and other data? Could cloud operators use this data without our permission? Who will have access to our data?
  • With a growing volume of information assets going digital, countries may become uncomfortable with having national information assets outside their national ‘borders’. They may try to create national or regional clouds or make sure that existing clouds are managed with some degree of international supervision. Nationalisation of clouds could be further accelerated by the fact that all main operators in this field are based in the United States. Some argue that the current ICANN-centred debate may be replaced by an Internet governance debate on the regulation of cloud computing.
  • With a diverse set of operators of cloud computing, the question of standards is becoming very important. The adoption of common standards will ensure a smooth transfer of data among different clouds (e.g. from Google to Apple). One possibility that is being discussed is the adoption of open standards by the main players in cloud computing.

There are a number of working groups on cloud computing, such as The Open Group Cloud Computing Work Group, which includes some of the industry’s leading cloud providers and end-user organisations; and the Cloud Computing Strategy Working Group by the European Telecommunications Standards Institute (ETSI).

The governance of cloud computing is likely to emerge through the interplay of various actors and bodies. For example, the EU is concerned with privacy and data protection. The Safe Harbour agreement, which was meant to solve the problem of different privacy regimes in the USA and the EU, has been declared invalid by the European Court of Justice in October 2015. With more digital data crossing the Atlantic Ocean, the EU and the USA will have to address the question of protection of privacy according to EU regulation by US companies, the main operators in cloud computing. This issue came into sharper focus after the Snowden revelations of mass surveillance.  

Standards will most likely be developed through agreements among the main companies. Google has already started a strong push towards open standards by establishing the Data Liberation Front, aimed at ensuring a smooth transition of data between different clouds. These are the first building blocks that will address the question of the governance of cloud computing. Others are likely to emerge as solutions for concrete policy problems.




ITU-T Recommendation X.1601 Security Framework for Cloud Computing (2015)
Recommendation ITU-T Y.3600 'Big data – cloud computing based requirements and capabilities' (2015)

Other Instruments



Roundup of Cloud Computing Forecasts and Market Estimates, 2016 (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Governments and Cloud Computing: Roles, Approaches, and Policy Considerations (2014)
Cloud Innovation and the Law: Issues, Approaches, and Interplay (2014)
Cloud computing from EU Competition Law Perspective (2013)


Hosting and Cloud Study 2016: The Digital Revolution, Powered by Cloud (2016)
Blue Skies Ahead? The State of Cloud Adoption (2016)
IT Trends Report 2016: The Hybrid IT Evolution (2016)
Cloud Computing and Accessibility Considerations (draft) (2016)
2016 Global Encryption Trends Study (2016)
Cloud Readiness Index 2016

Other resources

Cloud Computing Guidelines for SMEs and Microenterprises (2016)
Practical Guide to Hybrid Cloud Computing (2016)
Cloud Computing Survey 2015 (2015)
Privacy Level Agreement [v2]: A Compliance Tool for Providing Cloud Services in the European Union (2015)
Practical Guide to Cloud Service Agreements (2015)
Security for Cloud Computing - Ten Steps to Ensure Success (2015)
Practical Guide to Cloud Computing (2014)
The Cloud Infographic


The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top