The Lighter Side Of The Cloud – Gaming
The Lighter Side Of The Cloud – Best Friend
The Lighter Side Of The Cloud: Intelligence

Making Cloud Adoption In China A Reality (In Spite of Data Privacy and State “Secret” Laws)

Making Cloud Adoption in China a Reality (In Spite of Data Privacy and State “Secret” Laws)

Cloud computing has become a hot growth area in China, driven by both large-scale government initiatives and private investment. However, as alluring as the cloud is in China, for foreign firms trying to do business there, the uncertain legal environment can create a number of serious challenges.

Comprehensive, national regulations on data privacy remain in the draft stage, so for now, data privacy rules are “vague” and are often at the mercy of government interpretation. The legal framework for cloud services is flexible to the point of being unpredictable, especially since the Chinese government may claim national security as a rationale for almost any measure pertaining to data security and the internet/cloud. Sound intimidating? It can be, but “forewarned is forearmed,” so here are two key areas we all need to consider before jumping into the cloud in China.

Data Privacy Laws

No single national data privacy law exists in China, but working group recommendations are making their way through the national process. For example, the Ministry of Industry and Information Technology has issued a draft Information Security Technology – Guide of Personal Information Protection. But, until any recommendations become national law (and to some degree thereafter), there are over 200 local/provincial laws and sector-based regulations for businesses to navigate.

For example, take the Banking Law. Last year, People’s Bank of China (PBOC) issued the “Notice to Urge Banking Financial Institutions to Protect Personal Financial Information,” forbidding banks from storing or processing financial information obtained in China outside of the country. And financial information is defined as/includes: personal identity information, personal property information, personal account information, personal credit information, personal financial transaction information, derivative information; and other personal information acquired or stored in the process of developing business relationships with individuals. Basically, everything!

The good news at least is we’re getting closer to a national law. There is a convergence of new and revised privacy law provisions around the APEC privacy principles, a step in the right direction. But one area where significant differences still exist is in cross-border requirements. This issue, in particular, has proven to be a thorny challenge in other regions around the globe and it will undoubtedly continue to be a hot topic in China. When sensitive data flows across borders (as in the case of a China-based organization using a Western cloud service provider), questions such as “Where is my data located, both in production and in disaster recovery scenarios?” “Individuals with what citizenship have access to my data for hygiene and maintenance?” “Whose jurisdiction and laws apply to data traversing Chinese borders?” etc., complicate any cloud adoption strategy.

Dealing With “State Secrets”

Another key issue to consider is China’s focus on protecting “state secrets.” Chinese authorities are extremely concerned by the types of data transferred via the internet/cloud and the potential threats such transfers may cause to State security.

The Chinese State framework was revised by two important pieces of regulation:

  • Production, reproduction, access, dissemination and transfer of data out of China that may disclose state secrets are strictly forbidden.
  • Chinese authorities have broad discretion to determine the scope of State secrets

And consequences of violations can be significant: individuals employed by foreign companies in China have been known to actually be imprisoned. To further complicate secrecy matters, if data is suddenly considered a secret, that ruling is retroactive to all existing data: information currently stored in the cloud is now potentially in violation of the law.

So where does this leave us? Up a global business “creek” without a single, compliant paddle? Actually, there are in fact lifelines. Tokenization lets enterprises take advantage of the cloud and remain within jurisdictional/regulatory guidelines by ensuring that specified data stays resident, within control of a company’s home-based infrastructure. With tokenization, what travels to the cloud are random tokens as opposed to actual data – so information is undecipherable should it be hacked or improperly accessed. This allows companies to adopt cloud applications and uphold data privacy and compliance rules – even if there are 200 laws to consider. And employees accessing the protected cloud data can enjoy cloud application functionality and the same user experience on tokenized data as with the standard cloud SaaS application.

The key is to do your homework before diving into the Chinese cloud landscape. Because, while it’s clear that in order to keep pace with an ever-changing global economy, businesses have to keep pace with China, it’s also clear this is going to be a marathon – not a sprint.

By David Canellos

David Canellos is the CEO of PerspecSys, a leading provider of cloud data residency and security solutions for the enterprise.

Follow Us!

CloudTweaks

Established in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information. Most of the excellent CloudTweaks articles are provided by our own paid writers, with a small percentage provided by guest authors from around the globe, including CEOs, CIOs, Technology bloggers and Cloud enthusiasts. Our goal is to continue to build a growing community offering the best in-depth articles, interviews, event listings, whitepapers, infographics and much more...
Follow Us!

Sorry, comments are closed for this post.

Support

Recent

Beyond Gaming: Three Practical Applications For Oculus Rift

Beyond Gaming: Three Practical Applications For Oculus Rift

Three Practical Applications For Oculus Rift  Since the announcement of the Oculus Rift in 2012 gamers and game developers alike have been frenzied trying to both get their hands on the unit or build their own proprietary VR machine. The VR gold rush has since lead to the announcement of Project Morpheus from Sony and…

The Lighter Side Of The Cloud – Due Diligence

The Lighter Side Of The Cloud – Due Diligence

By David Fletcher Please support our comics by sharing, licensing or visiting our cloud sponsors (Below). Your support goes a long way in allowing us to continue to produce our lighthearted comics each week.   About Latest Posts Follow Us!CloudTweaksEstablished in 2009, CloudTweaks.com is recognized as one of the leading authorities in cloud computing information.…

Popular

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup

Cloud Computing Services Perfect For Your Startup Chances are if you’re working for a startup or smaller company, you don’t have a robust IT department. You’d be lucky to even have a couple IT specialists. It’s not that smaller companies are ignoring the value and importance of IT, but with limited resources, they can’t afford…

Cloud Infographic – The Future (IoT)

Cloud Infographic – The Future (IoT)

The Future (IoT) By the year 2020, it is being predicted that 40 to 80 billion connected devices will be in use. The Internet of Things or IoT will transform your business and home in many truly unbelievable ways. The types of products and services that we can expect to see in the next decade…

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth

5 Ways The Internet of Things Will Drive Cloud Growth The Internet of Things is the latest term to describe the interconnectivity of all our devices and home appliances. The goal of the internet of things is to create universal applications that are connected to all of the lights, TVs, door locks, air conditioning, and…

2014 Future Of Cloud Computing Survey Results

2014 Future Of Cloud Computing Survey Results

Engine Yard Joins North Bridge Venture Partners, Gigaom Research and Industry Collaborators to Unveil 2014 Future of Cloud Computing Survey Results SAN FRANCISCO, CA–(Marketwired – Jun 25, 2014) – Engine Yard, the leading cloud application management platform, today announced its role as a collaborator in releasing the results of the fourth annual Future of Cloud Computing Survey,…

Cloud Infographic: Corporate IT Security Stats

Cloud Infographic: Corporate IT Security Stats

Cloud Infographic: Corporate IT Security Stats Each week on CloudTweaks we provide a few shoutouts to companies who provide engaging and interesting infographics that reflect our readers interests.  In this case, we have an excellent infographic provided by the team at arellia.com which takes a closer look at cyber-security and some of the biggest malware threats…

Sponsored Posts

From C:\Prompt To CYOD – The Timely Shift To Desktop as a Service

From C:\Prompt To CYOD – The Timely Shift To Desktop as a Service

The Timely Shift to Desktop as a Service There may be some colleagues lurking within any given workforce who remember what a C:\> prompt meant. Much like the ring from Middle Earth, it had the power to make things happen. Desktop computers at that time were large grey beasts, with their only wired connection being…

Cloud Logo Sponsors

hp Logo CityCloud-PoweredByOpenstack-Bluesquare_logo_100x100-01
cisco_logo_100x100 vmware citrix100
Site 24x7


Contributor Spotlight

Established in 2009, CloudTweaks is recognized as one of the leading influencers in cloud computing, big data and internet of things (IoT) information. Our goal is to continue to build our growing information portal, by providing the best in-depth articles, interviews, event listings, whitepapers, infographics and much more.

Branded Content Programs

Advertising