|Image courtesy Micky Aldridge, Flicker.com, used under a a Creative Commons license|
Cloud computing essentially lets users store files and applications on a providers' computers instead of hosting them on-site. This typically decreases costs and allows for the files and applications to be accessed anywhere via the Internet.
Individuals living in the European Union are protected by stringent data privacy laws. Entities collecting personal data must collect only the data they need for business purposes, protect it from misuse, and take special precautions when transferring data outside the EU. Since the NSA's PRISM project has come to light, officials are concerned that the major US cloud providers might not be able to protect data belonging to EU citizens within the confines of the law. Should EU firms shy away from US providers, those providers could stand to lose millions of dollars in potential profits.
With cloud computing revenues expected to top $100 billion in the EU by 2020, data privacy is a major concern. EU companies are likely to look at private or hybrid cloud solutions in order to be complaint with privacy laws. European Commission Vice President Neelie Kroes acknowledged the possibility of an EU-only cloud, but setting standards across 28 countries would have its own difficulties.
What does this mean for strategic sourcing? In an RFx process, it is important to ask appropriately detailed questions. Perhaps one cloud-based provider will not be sufficient in a multi-national firm. Any firm considering sourcing a cloud solution must carefully examine the bidders. It would also be advantageous to have a project stakeholder with extensive knowledge of the legal idiosyncrasies inherent in cloud computing.
As news coverage of the PRISM project grows, there will be increased effects on technology companies in the US. The depth of those effects remains to be seen.