Clouds above the borderlines

Infrastructure as a service (IaaS) has emerged as a popular storage solution in both the private and the business sector. The ability to have a secure backup and to access your files from everywhere is priceless. On the note of security, cloud file versioning has recently been recommended as a solution combat ransomware. (Marshall, 2016)

Infrastructure describes the servers and the hardware part of an office. Dropbox Business models get “as much storage space as needed”. (Dropbox, 2016) IaaS often allows businesses to only pay for the number of logins and amount of storage space as needed, this is typically called pay-as-you-go cloud computing. (Rouse, 2015)

IaaS also covers virtualization. Virtual computing allows users to connect to a virtual desktop and performing all their tasks there. Benefits include backup, access from anywhere, less maintenance of client machines and the processing power on the virtual side can be scalable and shared between users. (Shelly and Frydenberg, 2010, pp. 235 – 238)


Illustration of virtualisation. (Portnoy, 2012)

The future of cloud computing

I believe that the popularity will increase even more among private citizens and companies. However, I also predict that some businesses will continue to be offline or create their own solutions to achieve many of the same benefits but with more control on their own and within local regulations.

Reasons for hosting your own infrastructure, why and how:

1) Physical and virtual security: Should the physical location of the servers be compromised or there would be an accident at the server location, this would affect many customers at the same time. (Dinesh, 2015) The one-to-many also counts for virtual scenarios: A cloud provider got affected by ransomware through an e-mail on their customer’s virtual computers. The ransomware encrypted not only that business’ files but it disrupted operations for other customers on the same server. (Krebs, 2016)

2) Data ownership: While IaaS providers state that they do not claim ownership, Dropbox mentions that they might disclose your files to third parties if they have “good faith” to believe it necessary. (McCorry, 2014) This has led to “Warrant Canaries” to let the users know if the government has asked for access to their services. (Anon., 2015) Reddit had such a canary, which was recently “killed”, causing a large privacy debate on the internet. (BBC, 2016) As the owner, should you not be the one to decide who should be able to access your data?

3) Regulations: Not all data is allowed by local government to be stored in the cloud, to be accessible from the internet or to be stored outside the country. (The Norwegian Goverment, 2015) Norway has focused on this and our banks are not allowed to use cloud services. (The Norwegian Government, 2016) Considering Edward Snowdon’s leaks, this puts the regulations in perspective. (Bates, 2015)

Speaking of Snowden, the NSA are moving to the cloud but they are making their own version, so technically it might not be IaaS any longer when it’s not a service from a third party. (Bates, 2015) Alternatively, store offline data in large data houses.

European storage laws vs US:

You ask if a European enterprise located in Europe can store personal citizen EU data in the US – the simple answer, if there indeed is such a one, seems to be “no”.

If data is stored in the US, or if using a US company to be handling stored data, the data comes under the US Patriot Act. Both Amazon web services and Microsoft have acknowledged that they will follow the US’ governments requests to hand over data stored in European data centers in the cloud. (Baillie, 2012) The European governments also request access on occasion, but far from all of these are actuated after rounds in European courts. (Baker, 2015)

In other words, any US requirements to hand over data immediately is a breach of European laws. In addition, US laws forbid information of such data exchange to be known, while European laws demand notification of such acts. (Baillie, 2012) These laws don’t play well together.

Oracle (Zetlin, n.d.) characterizes these labyrinths as the most challeging aspects of international business today, as a company has to comply not only with regional domestic laws but European laws as well. And of course considering the location of the storage of data and handling data if considering US providers.

The EU privacy directives allows for some export of customer data if consent is clearly given, howeever employees can not give this for feat that they might be doing this under pressure of management or others that hold an interest in the subject. (Zetlin, n.d.) If a company is located in Spain, Germany, France and Norway, the juristiction of every country needs to comply with the company policies. If nothing else, programmers and IT security are often envisioned to be the jobs of the future: lawyers with IT speciality seems to be a fairly safe future choice to educated into.





Anon. (2015) 500.000 users – and a Canary [Online] Available from: (Accessed: 24.09.2016).

Baillie, P. (2012) Can European Firms Legally Use U.S. Clouds To Store Data?[Online] Forbes. Available from: (Accessed: 28.09.2016).

Baker, J. (2015) Cheers Ireland! That sorts our Safe Harbour issues out – Dropbox [Online] Available from: (Accessed: 26.09.2016).

Zetlin, M. (n.d.) Data without borders [Online] Oracle. Available from: (Accessed: 28.09.2016).

Bates, P. (2015) The NSA Is Storing Its Data In The Cloud. But Is It Secure?[Online] Available from: (Accessed: 24.09.2016).

BBC. (2016) What is a warrant canary? – BBC News [Online] Available from: (Accessed: 24.09.2016).

Dinesh. (2015) Disadvantages of Virtualization, What’s Your Opinion?[Online] Available from: (Accessed: 24.09.2016).

Dropbox. (2016) Do more with Dropbox Business [Online] Available from: (Accessed: 24.09.2016).

Krebs, B. (2016) Krebs on Security – Ransomware a Threat to Cloud Services, Too (Accessed: 24.10.2016).

Marshall, P. (2016) ‘News isn’t good on retrieving files encrypted by Zepto’ The Seattle Times, September 9, 2016, Available from: (Accessed: 24.09.2016).

McCorry, D. G. (2014) ‘With Cloud Technology, Who Owns Your Data [article]’ EBSCO. (1), TY: GEN; ID: Accession Number: hein.journals.fecourtl8.10; Item Citaton: Federal Courts Law Review, Vol. 8, Issue 1 (2014), pp. 125-146, McCorry, Dena G., 8 Fed. Cts. L. Rev. 125 (2014); Accession Number: hein.journals.fecourtl8.10; Publication Type: periodical; Source: Federal Courts Law Review; Language: English; Publication Date: 20140101. pp.125.

Portnoy, M. (2012) Virtualization essentials. [electronic book]. Indianapolis, IN : John Wiley & Sons, Inc., 2012. [EBSCO].

Rouse, M. (2015) What is pay-as-you-go cloud computing (PAYG cloud computing)? – Definition from [Online] Available from: (Accessed: 24.09.2016).

Shelly, G. B. and Frydenberg, M. (2010) Web 2.0: concepts and applications. Cengage Learning. pp.312.

The Norwegian Goverment. (2015) ‘Kartlegging av hindringer i regelverk for bruk av skytjenester / Mapping of obstacles in regulations governing the use of cloud services (Own translation from Norwegian)’, Available from: Regjeringen. (Accessed: 24.09.2016). pp.1-48.

The Norwegian Government. (2016) ‘Cloud Computing Strategy for Norway’, [Strategy]. Online. H-2365E Available from: Norwegian Ministry of Local Government Strategy and Modernisation. (Accessed: 24.09.2016). Online