The Integrated Approach to IT, Law, and Regulation

Atlantic Community

http://www.atlantic-community.org/-/the-integrated-approach-to-it-law-and-regulation

Olga Kolesnichenko & Gennady Smorodin

February 12, 2015

Cloud solutions are a major factor that could reduce infrastructure expenses and generate added value for countries and companies. Using an Integrated Approach we have opportunity to make Cloud technologies friendly and safe and to develop new opportunities for EU information storage and management while keeping the right balance between benefits and risks.

IT technologies move now to the Third Platform. Main features of the platform are specified by distributed computing and distributed location of IT resources known as Cloud technologies. Cloud solutions are a major factor that could reduce infrastructure expenses and generate added value for countries and companies. But also there are many risks in Cloud computing which should be considered by EU lawmakers. To leverage risks, secure Cloud services and get additional benefits an Integrated Approach should be applied. Three aspects of this approach must be considered.

Technological aspect

To share risk as the new concept of “Third Platform” – Hybrid Cloud – includes Clouds Orchestration and Data Lake. A Hybrid Cloud means using two types of Clouds (Public and Private) simultaneously as one Cloud. A Hybrid Cloud allows for keeping the balance between benefits and risks because the Public part provides the opportunity to use any IT service and Big Data, while the Private component protects data and services. Today the Cloud Orchestration can be used – a center of multiple Cloud automations. It allows one to create common Cloud architecture of many local Clouds. Different European nations’ Clouds can function in common architecture as an EU Cloud that can be the part of Trans-Atlantic Data Lake / Environment of Clouds.

Terminological aspect

It is important to separate the various kinds of “security” needs when considering Cloud computing issues.

Economic and financial security for a country means to follow IT structures that are bigger, faster, more flexible, more virtual, more energy efficient, and with more optimal relative cost of $ / IOPS (Input/Output Operations per Second). IT-assets or Data-assets will soon be equal to financial assets or even gold assets.

Security for data storage requires data protection, backup copy, and failover database.

Security for personal data – photos, videos, chat, credit card numbers, addresses, and personal information.

Classic Cybersecurity – Security for IT structure as a whole.

Social security – The Internet and open resources provide democracy as value, rule of law, human rights, social services, health care, and education.

Security of intellectual property – commercial interests in the field of scientific data, publications, books, movies, and music albums, for example.

Technology security means to acquire the advanced technology and education, IT specialists with advanced skills, data strategists and analysts, and so on.

Defence and intelligence security includes many issues related to IT in defence and intelligence sectors and counter terrorism measures such as air passenger data, the terrorist finance tracking data and many another issues.

All these dimensions of security should be factored into decision-making and Cloud computing policy discussions.

Organizational aspect

Cloud technology changes the regulatory philosophy in many ways, including our understanding of IT opportunity to solve any task. IT is creating a new philosophy of management in every sphere – government, industry, business, and the social sector. Technological progress “works” for the clients’ comfort. Therefore, lawmakers should involve IT-experts in the regulation process to elaborate on needed solutions and protections.

Each aspect gives us a new vision of information security. Using the Integrated Approach in whole we have an opportunity to make Cloud technologies friendly and safe and to develop new opportunities for EU information storage and management while keeping the right balance between benefits and risks.

Olga Kolesnichenko is the Editor in Chief of Security Analysis Bulletin, PhD, researcher of Big Data at Lomonosov Moscow State University, Department of Global Processes.

Gennady Smorodin is the Head of EMC Academic Alliance Russia & CIS, PhD, MBA, he coordinates projects in universities in 7 countries.

Download article here

The Integrated Approach to IT, Law, and Regulation – Your Opinion – Atlantic Community

Download Memo here

Memo 49