Cloud computing


According to Gartner, the global public cloud computing services market is projected to increase with 17.2% in 2016, reaching a value of $208.6 billion, compared to $178 billion in 2015. The highest increase is expected to come from the cloud system infrastructure services, projected to grow 42.8% this year. Gartner notes that organisations are saving 14% of their budgets as a result of using public cloud services, and this explains the market growth. While organisations increasingly recognise the benefits of cloud computing (cost savings, innovation, etc.), they also have concerns when it comes to adopting such technologies. Security and privacy seem to remain the main such concerns.

Microsoft has announced the launch of its first cloud computing data centers in the United Kingdom. The new centers are intended to facilitate the provision of cloud services to UK entities that handle sensitive data (public authorities, banks, utility providers, etc). As Reuters reports, such entities have so far been reluctant to use cloud services due to regulatory and data protection and security reasons. Microsoft is confident that the local storage of data and the applicability of the national jurisdiction would help address such concerns.

G20 leaders convened for their annual summit on 4-5 September, in Hangzhou, China. The communique released at the end of the summit, as well as the adopted Blueprint on Innovative Growth, emphasise the role of the digital economy and the new industrial revolution (characterised by emerging technologies such as the Internet of Things, cloud computing, and virtual reality) as main contributors to a sustainable, balanced, and inclusive growth and development. In order to encourage sustainable progress in these two areas, G20 commits to a series of policies and actions covering several digital policy issues: bridging the digital divide; leveraging the opportunities and coping with the challenges brought by emerging technologies; fostering favourable conditions for achieving trust and security in the digital environment, while ensuring respect for privacy and personal data protection; protecting and enforcing intellectual property rights; improving training and skills for science, technology and innovation. For more details, read Diplo's blog post.


Cloud computing could be described as the shift from storing data on hard disks on our computers to servers in the clouds (i.e., huge server farms). Cloud computing offers ubiquitous access to all our data and services from any device anywhere around the world (where there is Internet connection). At the same time, the fact that our data are stored with a third party - often in pieces and copies scattered around several jurisdictions - raises concerns for privacy. Security of the cloud is likely to be on a much higher level than of our own computers, but the risk from penetrating into a system of any cloud provider increases, since each cloud contains vast information about many citizens and companies.


The first wave of cloud computing started with the use of online mail servers (Gmail, Yahoo!), social media applications (Facebook, Twitter) and online applications (Wikis, blogs, Google docs). Apart from everyday applications, cloud computing is extensively used for business software. More and more of our digital assets are moving from our hard disks to the cloud. The main players in cloud computing are Google, Microsoft, Apple, Amazon, and Facebook, who either already have or plan to develop big server farms.

From hard disks to cloud computing

In the early days of computers, there were powerful mainframe computers and ‘dumb’ workstations. The power was in the centre. After that, for a long time, with PCs and Windows applications, computer power moved to the periphery. Will cloud computing close the circle? Are we going to have a few big central computers/server farms and billions of dumb units in the form of notebooks, monitors, and mobile phones? The answer to this and other questions will need time. Currently, we can identify a few Internet governance issues which are very likely to emerge in parallel with the development of cloud computing.

  • With more services delivered online, modern society will increase its dependence on the Internet. When the Internet went down in the past, damage was limited to the inability to send e-mails or browse the web. In the era of cloud computing, we may not even be able to write texts or perform calculations. This higher dependence on the Internet will imply higher pressure on its robustness and reliability.
  • With more of our personal data stored on clouds, the question of privacy and data protection will become central. Will we have control over our text files, e-mails, and other data? Could cloud operators use this data without our permission? Who will have access to our data?
  • With a growing volume of information assets going digital, countries may become uncomfortable with having national information assets outside their national ‘borders’. They may try to create national or regional clouds or make sure that existing clouds are managed with some degree of international supervision. Nationalisation of clouds could be further accelerated by the fact that all main operators in this field are based in the United States. Some argue that the current ICANN-centred debate may be replaced by an Internet governance debate on the regulation of cloud computing.
  • With a diverse set of operators of cloud computing, the question of standards is becoming very important. The adoption of common standards will ensure a smooth transfer of data among different clouds (e.g. from Google to Apple). One possibility that is being discussed is the adoption of open standards by the main players in cloud computing.

There are a number of working groups on cloud computing, such as The Open Group Cloud Computing Work Group, which includes some of the industry’s leading cloud providers and end-user organisations; and the Cloud Computing Strategy Working Group by the European Telecommunications Standards Institute (ETSI).

The governance of cloud computing is likely to emerge through the interplay of various actors and bodies. For example, the EU is concerned with privacy and data protection. The Safe Harbour agreement, which was meant to solve the problem of different privacy regimes in the USA and the EU, has been declared invalid by the European Court of Justice in October 2015. With more digital data crossing the Atlantic Ocean, the EU and the USA will have to address the question of protection of privacy according to EU regulation by US companies, the main operators in cloud computing. This issue came into sharper focus after the Snowden revelations of mass surveillance.  

Standards will most likely be developed through agreements among the main companies. Google has already started a strong push towards open standards by establishing the Data Liberation Front, aimed at ensuring a smooth transition of data between different clouds. These are the first building blocks that will address the question of the governance of cloud computing. Others are likely to emerge as solutions for concrete policy problems.




The ITU Telecommunication Standardization Sector (ITU-T) develops international standards (called recommendations) covering information and communications technologies. Standards are developed on a consensus-based approach, by study groups composed of representatives of ITU members (both member states and companies). These groups focus on a wide range of topics: operational issues, economic and policy issues, broadband networks, Internet protocol based networks, future networks and cloud computing, multimedia, security, the Internet of Things and smart cities, and performance and quality of service. The World Telecommunication Standardization Assembly (WTSA), held every four years, defines the next period of study for the ITU-T.


The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud manag


The Council dedicates its activities to addressing cloud computing interoperability issues such as cloud management, reference architecture, hybrid clouds, and security and compliance issues. Deliverables of its work range from cloud reference architectures (e.g. Cloud Customer Architecture for Big Data and Analytics and Cloud Customer Architecture for e-Commerce), practical guides (e.g. Practical Guide to Hybrid Cloud Computing and Practical Guide to Platform-as-a-Service), cloud service agreements, and other resources on cloud security, and industry and related cloud technologies. The Council also organises various webinars and in situ events focused on issues such as cloud data residency, cloud architectures for the Internet of Things, and blockchain technologies.


The Alliance focuses its activities on issues related to cloud computing security.


The Alliance focuses its activities on issues related to cloud computing security. These include research, education and awareness raising, certification, events, and products. In 2010, it launched the first cloud security user certification, and it also operates the Security, Trust & Assurance Registry cloud security provider certification programme. Over 30 working groups focus on issues such as big data, blockchain and distributed ledger, cloud data governance, cloud trust, security as a service, top threats, incident management and forensic, etc. The Alliance has also several initiatives and projects, such as the Cloud Accountability Project and the Best Practices for Cyber Incident Exchange initiative.


The Consortium works on creating an open and interoperable framework for


The Consortium works on creating an open and interoperable framework for fog computing – an architecture that distributes resources and services along the continuum from cloud to devices. Several committees and working groups focus on technical work (building operational models and testbeds for fog computing), contributing to the development of standards within relevant standardisation organisations, promoting innovation, and contributing to educating both the industry and the market on the advantaged of fog computing. In February 2016, the Consortium published the OpenFog Reference Architecture, containing details on the eight pillars in an OpenFog architecture: security, scalability, openness, autonomy, programmability, RAS (reliability, availability, and serviceability), agility, and hierarchy.


More and more standards and guidelines developed by ISO cover issues related to data and information security,


More and more standards and guidelines developed by ISO cover issues related to data and information security, and cybersecurity. One example is the 27000 family of standards, which cover aspects related to information security management systems and are used by organisations to keep information assets (e.g. financial data, intellectual property, employees’ information) secure. Standards 27031 and 27035, for example, are specifically designed to help organisations to effectively respond, diffuse and recover from cyber-attacks. Cybersecurity is also tackled in the framework of standards on technologies such as the Internet of Things, smart community infrastructures, medical devices, localisation and tracking systems, and future networks.


The World Wide Web (WWW) was developed


The World Wide Web (WWW) was developed at CERN, in 1989, by Tim Berners-Lee. The aim was to allow for automatic information-sharing between universities and research institutes around the world. The first website was also created at CERN, dedicated to the WWW project itself. In 1992, the first readily accessible browser for the WWW was launched. In 1993, the WWW software was put in the public domain and made freely available, thus allowing the web to further develop. The HyperText Markup Language (HTML) and the HyperText Transfer Protocol (HTTP) were developed at CERN as well, based on a proposal from Berners-Lee.



ITU-T Recommendation X.1601 Security Framework for Cloud Computing (2015)
Recommendation ITU-T Y.3600 'Big data – cloud computing based requirements and capabilities' (2015)

Other Instruments



Roundup of Cloud Computing Forecasts and Market Estimates, 2016 (2016)
2016 Data Threat Report (2016)


Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)


Cloudy with a Conflict of Laws - How Cloud Computing Has Disrupted the Mutual Legal Assistance Treaty System and Why It Matters (2016)
Governments and Cloud Computing: Roles, Approaches, and Policy Considerations (2014)
Cloud Innovation and the Law: Issues, Approaches, and Interplay (2014)
Cloud computing from EU Competition Law Perspective (2013)


Hosting and Cloud Study 2016: The Digital Revolution, Powered by Cloud (2016)
Blue Skies Ahead? The State of Cloud Adoption (2016)
IT Trends Report 2016: The Hybrid IT Evolution (2016)
Cloud Computing and Accessibility Considerations (draft) (2016)
2016 Global Encryption Trends Study (2016)
Cloud Readiness Index 2016

GIP event reports

Looking Ahead: What to Expect in the Cyber Realm (2017)

Other resources

Cloud Computing Guidelines for SMEs and Microenterprises (2016)
Practical Guide to Hybrid Cloud Computing (2016)
Cloud Computing Survey 2015 (2015)
Privacy Level Agreement [v2]: A Compliance Tool for Providing Cloud Services in the European Union (2015)
Practical Guide to Cloud Service Agreements (2015)
Security for Cloud Computing - Ten Steps to Ensure Success (2015)
Practical Guide to Cloud Computing (2014)
The Cloud Infographic


Session reports

Click on the ( + ) sign to expand each day.

The GIP Digital Watch observatory is provided by

in partnership with

and members of the GIP Steering Committee


GIP Digital Watch is operated by

Scroll to Top