WASHINGTON—Policymakers are being urged to shift their focus from the nationality of cloud service providers to technical and legal criteria when assessing trustworthiness in the cloud, according to a new report from the Information Technology and Innovation Foundation (ITIF).
The report emphasizes the importance of using objective measures related to data privacy and cybersecurity rather than making judgments based on the country of origin of cloud service providers. Nigel Cory, ITIF’s associate director of trade policy, stressed the significance of cooperation in ensuring cloud trustworthiness, stating, “Cooperation on trusted cloud is foundational to both cybersecurity best practices and technology’s growing role in foreign affairs.”
ITIF's report provides guidance on how policymakers can evaluate the trustworthiness of cloud services, highlighting the need for a flexible and risk-based approach. The report suggests using international technical standards to establish common definitions and criteria for assessing cloud trustworthiness, taking into account factors such as industry sector, data sensitivity, and countries involved.
Among the recommendations outlined in the report is the importance of assessing the independence of judiciaries and rule-of-law regimes in countries to evaluate risks associated with government access to data. It also advocates for transparency in government requests for data and the consideration of international agreements as legal and geopolitical criteria when assessing a cloud provider’s trustworthiness.
Furthermore, the report calls for the development of common criteria and enhanced transparency to determine the relationship between cloud firms and their home countries' governments. It also suggests cooperation with local cybersecurity authorities to demonstrate trustworthiness and proposes the establishment of a dedicated workstream on trusted cloud criteria led by G7 countries.
Nigel Cory emphasized the need for collaborative efforts among policymakers to establish specific technical and legal criteria for assessing cloud providers, stating, “If policymakers want to build global data and technology governance based on their shared values and interests, then they should work together to establish specific technical and legal criteria to assess cloud providers in a holistic way.”
In conclusion, the ITIF report underscores the importance of a unified approach to evaluating cloud trustworthiness based on objective technical and legal criteria rather than nationality, in order to strengthen global data and technology governance.
