What’s the cloud?
If you can answer without resorting to paraphrases, tautologies (the cloud is the cloud is the cloud), or definitions that complicate matters more than they simplify them, congratulations: you probably don’t need to read this article.
But if you’ve been using this word for years without really getting what it was about and would like to know more, that’s the place for you.
In this article, we’ll do our best to clarify a concept that remains elusive some fifteen years after it started circulating.
And we’ll do that with a specific reader in mind: someone who has a professional interest in data sovereignty and privacy law, but who’s not tech-savvy. If you’re a DPO who knows all about the GDPR and nothing about the intricacies of the web, you might like it.
On the other hand, if you are tech-savvy and hate when the profanes banalize sophisticated concepts… continue at your own risk.
Cloud Computing for Dummies: Webmail as an Example of Cloud Service
Wikipedia defines cloud computing as «the on-demand availability of computer system resources, especially data storage (cloud storage) and computing power, without direct active management by the user.»
We know: it’s the type of definition that makes most people roll their eyes hard enough to see their brains… but Wiki is not entirely at fault here.
The fact is that even experts can’t quite agree on what “cloud computing” (or “cloud,” for short) means. The concept, after all, is not a legal one, and as you already know, if you’ve spent any time researching it, different sources offer different definitions.
So instead of offering a definition that is bound to be incomplete, we’ll try to describe what the cloud is and how it works by making examples drawn from your everyday life – starting with an activity you do at least 55 times per day: checking emails.
Where Are Your Emails Stored?
It might not fit your definition of “cloud,” but webmail is usually a cloud-based service. One of the most used cloud services, to be exact. Providers such as Gmail, Outlook, and Yahoo offer their services through cloud technology.
And that’s great because we can start better understanding how the cloud works by reflecting on a simple enough fact. With webmail services, we can access our inbox from any device of our choice – provided we have an active internet connection. We just have to click “login,” and we’ll see years’ worth of emails.
But where are those emails stored?
Unlike other files – say, the PDF documents you keep on your desktop – they clearly aren’t stored on your computer, as you a) can access them from whichever device you choose but b) need an active internet connection.
Some email providers offer you the possibility to download your inbox and access it offline, true. But that doesn’t mean your emails are stored primarily on your computer (indeed, you’d still need an internet connection to see the ones that keep coming).
Downloading your emails is like making a photocopy: you have a copy of that piece of information, but the original is somewhere else. Where?
You’d be excused for thinking the answer is “on the internet.” A lot of people, including some who should know better, conflate the notions of “internet” and “cloud” (when we shall see in a moment that they refer to different, though interconnected, concepts).
Yet, the truth is that the internet is a means of communication, not a place. You can (and you do, every day of your life) use the internet to access information, but you cannot store the information “online.” But if your emails are not stored on your computer and are not on the internet, where are they stored?
Cloud Computing for Dummies: The Cloud is a Computer, After All
The elementary, geeks-don’t-come-for-us kind of answer is that your emails are stored in a computer (or rather, in several computers, spread across various countries and a couple of continents. But to keep things simple, let’s pretend it’s just one).
This kind of computer, usually called a “server” – doesn’t look like your laptop. It doesn’t have a keyboard or a monitor (and it’s way more powerful than a personal computer because it has to process much more information).
But even though a server it’s not what people like us usually associate with the word “computer,” it’s a computer nonetheless. It’s made of metal and plastic, and it occupies a physical space; it has hardware and microchips and wires connecting it to the electricity and a fan to keep it cool.
And crucially, it has computer data storage.
That’s where your digital data – in this case, the data relating to your email inbox – is kept.
When you log into your email account, you send an input to the server, basically saying, “Hey dude, I want to access my emails.” And the server serves you the information you’ve required.
The Cloud is not Cloud-like
That’s pretty much how all cloud computing operates: you get a service (in our example, webmail) through the internet with minimal need for additional software to be installed on your computer.
In other words, cloud computing is a service delivery model where you receive services such as webmail, data storage (think Google Drive or Dropbox), or software without having to care about the infrastructure. For example, you don’t have to worry about buying the servers, finding space in a data center, etc.
If the concept is still unclear, think about electricity. You can get power by owning a power unit and buying the fuel to run it (and that, in our metaphor, would qualify as an “on-premise” solution). Or you can get the same service (electricity) delivered to you on-demand through the electrical grid without worrying about building and maintaining infrastructures.
But – and we stress this because it critically impacts data sovereignty – this infrastructure exists. Despite its name, the cloud is not cloud-like at all. It’s not immaterial. Behind the internet, there’s always a physical infrastructure, and that’s where your data ends up.
Ps. This is also a good place to mention that “cloud” is not synonymous with “internet.” As we’ve just seen, cloud computing is a service delivery model. The internet is the medium through which the delivery happens.
Pps. If you’re wondering how the name “cloud” came to be, the MIT Technology Review has an interesting article. The name has been around for a while, but until the mid-2000, it was used to refer to the internet as a whole – not to the offer of services through the internet. It’s interesting to note that when the new meaning started to surface, someone thought it was just a buzzword.
Cloud Computing for Dummies: The Cloud is Someone Else’s Computer…
Having established that somewhere over the clouds, there are servers with hard disks and memory and that our information gets stored there every time we use a cloud-based service, the next logical question to ask is: “who owns them“? Who owns the physical object where our data is kept?
It’s a tricky question, not because it’s hard to answer but because the actual answer is of relative importance.
We didn’t ask about it, so you could find out that, usually, the service provider owns the infrastructure (for example, the servers used to run Gmail are Google’s). That’s the most frequent case, especially when tech giants are concerned, but it’s not a given (some service providers might rent the servers), and it’s not the point.
The point is that whoever owns the infrastructure where your info is stored you are not that entity. Whether you are an individual, a company, or an organization, you rely on someone else’s infrastructure by using cloud-based services.
That’s a primary feature of cloud computing – and it’s also where things get complicated and possibly very tricky. Because if this lack of ownership is not balanced out, it makes it borderline impossible to comply with data protection regulations like the GDPR.
… Where You Store a Lot of Personal Data
Let’s get back to what we’ve said before about emails: your conversations are not conjured out of thin air every time you click “login.” Instead, they are stored in servers.
You might not realize it, but emails might be full of personal data (hey, an email address might be personal data as defined by the GDPR).
And unless you’re using it for purely personal reasons (i.e., to send birthday wishes to a friend), you might fall under the material scope of a data protection law, requiring you to process such personal data in accordance with strict guidelines.
But how can you do that when you’ve had such personal data locked away in servers, you do not own and whose location you ignore?
Take the GDPR as a reference. How can you guarantee that no extra-EU data transfer happens if you don’t know where the servers are located?
How can you guarantee data erasure if the data is no longer yours to dispose of because you had it stored on a third-party’s computer?
How can you ensure that this third party (who ends up acting as your data processor) offers the same level of data protection you must offer?
The answer is simple: in a good number of cases, you can’t. Many software and apps, including trendy ones like Gmail, Telegram, Whatsapp, and Zoom, were conceived in a way that doesn’t allow you, as a data controller, to be fully compliant with the GDPR or other data regulations.
And not because they “steal” personal data or lack security protocols – but because by using these services, you sign away your data sovereignty. And data sovereignty is a prerequisite for GDPR compliance.
You might think that we are being too dramatic or the world has gone crazy.
Do data controllers have to give up on cloud-based technology entirely if they want to avoid massive sanctions?
Luckily, the answer is “nope.” Not all clouds are created equal.
There’s a difference between private and public clouds and cloud-based, privacy-compliant solutions exist.
Start asking yourself if your business case requires private cloud services.
If the answer is yes, keep your eyes peeled. Local clouds‘ importance is accelerating, due to the increasing efforts to retain data control and gain digital sovereignty. You might need to consider moving to them.