New Zealand has joined the ranks of an increasing number of governments that have issued warnings for businesses thinking about cloud computing.
The NZ Inland Revenue Department, which is responsible for taxation, issued an alert earlier this week reminding businesses that by law, the agency must keep tax records in the country. With cloud computing, however, the data might be stored just about anywhere on the planet.
There's no issue with keeping backups of records overseas, the alert continued; yet the law says primary copies of accounts need to be kept in New Zealand, seemingly so they are instantly accessible to tax inspectors.
This should mean there's no problem with businesses using backup services such as Mozy, which store data in the cloud. However, there potentially would be a problem with a business relying solely on a service such as Google Docs. Depending on what's included in the definition of accountancy data, software-as-a-service (SaaS) outfits such as Salesforce.com might also be ruled out.
In reality cloud providers use data centres as close as possible to their clients, although larger countries fare better than smaller ones. In the United States there are various data centres across the country, for example, although for many European states the data centre lies beyond national boundaries.
European users of Amazon Simple Storage Service (S3) will find their data is stored in Ireland. Those in the Asia Pacific area will find their data stored in Singapore. New Zealand users of S3 will probably find their data stored in Singapore too.
The New Zealand warning follows one by the Australian Prudential Regulation Authority in November, warning that the rush to the cloud is "not being subjected to the usual rigor of existing outsourcing and risk management framework". The Irish Department of Finance issued a similar warning in February.
It's not clear what's at fault in New Zealand's case: Is the law simply out of date, or is cloud computing threatening to tear down international boundaries in a way that governments find objectionable? It's a curious fact that the countries issuing these warnings are smaller rather than larger. Could this be a misplaced desire to protect national interests?
Whatever the case, it's yet more proof that - from a business perspective - cloud computing raises concerns beyond the mere logistics of making a switch. Cloud service providers are no doubt waiting for such issues to be worked out during implementation, but this could prove litigiously expensive for organizations using their services - and lead to damaged reputations, should the authorities attempt to make an example out of them.
One solution to the location problem is for cloud providers to run data centers in every country. While this might be a realistic prospect once (and if) the cloud gathers enough users, at the moment it's highly unlikely. And with countries that are physically close to each other - such as the United Kingdom and Ireland, or Belgium and France - it's always going to be unlikely.
With issues such as this, the ever-present risk of a standoff with no clear winner is arising. Nobody will move into the cloud until everybody else has.
Above all, cloud companies need to be far more reassuring about non-logistical issues--and even start to know what they are. It shouldn't come as a surprise for a business, when it joins the cloud, to find that it's contravening local laws.