Inside Supply Management Magazine

Cloud Computing and Data Sensitivity Concerns

April 13, 2016

By Timothy P. O’Toole and John C. Eustice

Supply management companies around the globe are looking to cloud computing as a way to store data. But because servers are located worldwide and because of the sensitive or confidential nature of some of the information stored in those servers, governments, including the United States, are becoming increasingly concerned about export controls regulations.

The U.S. Department of State, Department of Commerce and the Treasury’s Office of Foreign Assets Control have come up with new proposed regulations and rules regarding cloud-computing storage that likely will affect supply chain managers. We detail these proposed changes and their potential effects in an article called “Changing Winds of Export Controls in the Cloud” in the April issue of Inside Supply Management magazine.

In addition to knowing how these changes will affect you, it’s important to know how cloud computing is defined. Cloud computing refers to an array of data storage and processing options. Generally, companies use cloud computing as an efficient means to store their electronic data and communications, allowing for on-demand access to a shared pool of configurable computing resources (networks, servers, storage, applications, and services), often across borders. This cross-border feature of the cloud can lead to trouble and uncertainty when viewed in combination with export laws.

Cloud services may be sold as software (such as Gmail, Google Docs), as a platform (such as Microsoft Azure and Google App Engine), as an infrastructure (IBM and Amazon, for example), or as some combination thereof. More importantly, cloud services may be deployed via a private cloud, a public cloud or as a hybrid.

Companies contracting for cloud services are doing so largely for cost savings, but they must balance their business goals with the need to remain compliant with laws and regulations, including those in the area of export controls. This is particularly true given that the strength of cloud computing is drawn from the flexibility of moving data to create space and speed — often across servers located on multiple continents.

Institute for Supply Management® (ISM®) members can learn more about the proposed changes to United States export controls law and actions you can take to stay ahead of the curve in the April Inside Supply Management® magazine.

Timothy P. O’Toole and John C. Eustice are members at the law firm, Miller & Chevalier Chartered in Washington D.C.