Page |1

Next Challenge for Governance the Cloud Computing

The internet has transformed the planet Earth

into a global village; where in cyberspace boundaries
have little meaning. However perimeterization of an
organizational data was always possible even in the
Internet environment and it was possible to create
De-Militarized Zone (DMZ) between the Internet
and organizations data. However with the adoption
of Cloud computing, even this hazy boundary is being
eroded. Thus the challenge ahead for a sovereign
state is how to adapt to new technological paradigm.
Cloud
concepts

computing
of

(Cloud)

information

is

handling

changing
in

the

the
same

revolutionary manner as the World Wide Web did to

Page |2

it about a decade ago. So what is this Cloud

Computing? It describes the use of collection of
services, applications, information, processing power
and storage

resources.

These components can be

rapidly provisioned, implemented and decommissioned

and scale up or down, providing for an on demand
utility-like model of allocation and consumption of
Computer based resources. It is hiring of various
hardware, operating system and application software
remotely from a very large pool from a Cloud Service
Provider (CSP). The word cloud emerged from the
initial diagrammatical representation of the Internet
as cloud. It changes the capital cost into a variable
cost.
Cloud

computing

describes

the

technologies

and

is

an

evolving

development

of

approaches

to

term

many

that

existing

computing

into

something different. Some of the existing technologies

orchestrated together to form a cloud include web
2.0, ubiquitous connectivity, virtualization, broadband
networking,
tenancy,

clustering,

service

utility

oriented

computing,

architecture

and

multi
out

sourcing. Cloud separates application and information

Page |3

resources from the underlying infrastructure, and the

mechanisms used to deliver them.
National Institute of Standards and Technology
(US) has published the working definition of the
Cloud, which is A model for enabling convenient,
on-demand

network

configurable

access

computing

to

resources

shared

pool

(e.g.

of

networks,

servers, storage, applications, and services) that can

rapidly

provisioned

and

released

with

minimal

management effort or service provider interaction.

According to NIST, Cloud services exhibit five
essential

characteristics

relation

to,

and

that

differences

demonstrate
from,

their

traditional

computing approaches: On-demand self-service, broad

network access, resource pooling, rapid elasticity and
measured service.
Though

there

are

many

flavors

of

services

provided by CSPs but primarily there are three

service models. Where only hardware such as Servers,
memory, storage space etc. are provided on demand
and user need to deploy its own Operating System
(OS) and applications (apps), such services are called

Page |4

Infrastructure

as

Service

(IaaS).

Incase

CSP

provides IaaS + Operating System than such a service

model is called Platform as a Service (PaaS). The
Software as a Service (SaaS) is the service model
where CSP provides complete package including apps.
The cloud can be deployed as a Private cloud by
a

group

of

companies

under

same

banner

or

government for internal purpose; or as Community

cloud

for

specific

community,

say

banking

community; or as Public cloud where anyone can buy

any

services

and

use;

and

in

Hybrid

cloud

environment private and public clouds are jointly used

in an efficient and secure mode.
In

ideal

situation,

cloud

provides

kind

of

security which can never be matched by any medium

size organization and at cost which can be as low as
10% of existing security cost. But the sense of loss
of data outside the perimeter of the organization
creates new challenges to cyber security. Challenges
are created because the data of the organization is
under CPSs control, which may be fragmented and

Page |5

stored /processed at various locations across the globe

unless service level agreement specifically bars it.
For a nation-state, the Cloud has created a new
area of legal risks which lacks any precedence or
established legal history. There will be difficulties in
establishing legal jurisdiction for gathering evidence
and enforcing any court order. Some of the challenges
for law enforcement in the Cloud will be:(a) How the evidence will be gathered from the
Cloud, in reliable and authentic manner, which can
be verified during the trial - may be few years
later?
(b) Who will be considered as custodian of data the
user who kept the data in the cloud or the CSP
who owns the data storage space?
(c) Indian Police, which is still cannot cope with
collecting

digital

evidence

from

desktops

in

accordance with the IT Act, let alone servers &

clusters, how will they collect the evidence from
the Cloud?
(d) Unlike first world countries where e-discovery and
cyber evidence related to privacy of an individual

Page |6

can be gathered only on a court order, in India

such orders are issued under sections 68 and 69
of IT Act by the executive. How such dramatic
differences will be resolved? Rule under section
69 have been issued but no one is following
them. Such attitude cannot help in cases with
international ramifications.
(e) What

happens

when

the

original

CSP

goes

bankrupt or taken over by a company from a

country having not so friendly relations with
India?
(f) What if criminals/ cyber terrorists use cloud for
perpetuating a crime in real world and then
release all resources back to the cloud? How such
evidence will be retrieved? (It is one of the cloud
management requirements that if a storage space
is vacated by one legitimate tenant of the cloud,
same to be forensically cleaned up immediately
otherwise

there

exist

possibility

of

data

leakage.)
Cloud Computing is a new paradigm which cannot
be wished away, nor an executive order that no one

Page |7

to use cloud, will be of help because not allowing own

companies / organization to use the Cloud will make
them far less efficient and will have adverse affect on
economy. It has been estimated that cloud provides
80 to 90 percent efficiency on IT spend and allow an
organization to focus on its core competence. Simile
could be, buying an aircraft to go from Delhi to New
York, (traditional computing) versus buying a ticket
from an airline for the journey (Cloud computing).
According

to

Gartner

survey

report,

cloud

computing service revenue in 2010 was estimated to

be around 41 billion. The US Government as well as
US industry is very aggressive on this technological
shift. China has already rolled out Sea of Cloud
Plan which will create 200 billion Yuan industrial
cloud server by 2015.
Some of the suggested recommendations at nationstate level are:
(a)

Government cannot afford to move at its

lethargic pace, not only security but the very
growth rate of India may be adversely impacted if

Page |8

this issue is not handled properly and timely

manner.
(b)

Government must aggressively launch Cyber

Security Awareness campaign.

(c) Frame all rules as envisaged under the IT Act.

(d)

Form a task force to advice and guide the

policy and law makers. The Task Force must
contain

those

who

understand

cloud

security

technological issues as well as national policy

matters.
(e)

Government

must

sign

Convention

of

Cybercrime without further delay.

(f) Train

Police,

Cyber

Forensic

experts,

Public

prosecutors, lawyers and judiciary, to understand

the complexity of investigation in the Cloud.
(g)

Involve

industry

and

private

players

in

capacity building.
(h)

Be a proactive partner in international fora

on Cyber Security.

(i)

And

appoint

an

Ombudsman

complaints of Cloud users and CSPs.

for

resolving

Page |9

The world is at the chasm of next disrupting

technological

breakthrough

which

will

make

the

national borders further meaningless. We can ignore

the CLOUD at our own peril. There will be no choice
expect adopting this new tool, therefore it will be
better to understand it and make new laws to
protect our interest, without attempting to contain
its adoption. Aligning with international community
will be a necessity, while getting into cocoon could be
dangerous.