Communications service provider (CSP) investment in cloud has grown by double digits over the last few years and is expected to generate upwards of $3bn in revenue for telecoms vendors by 2022. However, the recently passed CLOUD Act in the US will bring some uncertainty for CSPs and cloud vendors as CIOs attempt to understand “who owns the data.”
Who owns the data?
In the age of cybersecurity attacks on large organizations, and the misuse of customer information such as that seen in the recent Facebook-Cambridge Analytica scandal, CSPs are particularly vigilant when it comes to protecting customer data, and it is this wariness that has made the telecoms industry a laggard in the uptake of cloud technology. In recent years, however, through the success of cloud providers like Salesforce.com, AWS, and Microsoft Azure, CSPs have slowly warmed to the idea of putting business-critical systems containing customer-sensitive information into the cloud.
According to Ovum’s recent ICT Enterprise Insights survey, 69% of CSPs plan to invest in cloud technology in 2018, and Ovum predicts that cloud revenues for the telecoms industry will top $3.17bn by 2022. However, just as CSP investment into cloud technology is beginning to show some significant growth, the industry is facing new hurdles when it comes to protecting customer data.
The Clarifying Lawful Overseas Use of Data – or “CLOUD” – Act, which was passed in late March 2018, requires any company storing data in the cloud to turn over said data to the US government upon request (if that company is in any way subject to US jurisdiction). What constitutes “a business subject to US jurisdiction” is what could spell trouble for the telecoms industry. According to the law, any corporation that operates in the US, or serves customers in the US, could be subject to the CLOUD Act. Additionally, businesses based in the US but with data centers stored outside of the country, must also comply with the CLOUD Act. This means that CSPs using a cloud provider that is subject to the CLOUD Act, could be forced to hand over data to the US, regardless of whether or not they themselves do business in the US.
This development is significant for a number of reasons. According to Ovum’s ICT Enterprise Insights survey, nearly 85% of CSPs plan to use a major US-based cloud vendor (i.e. AWS, IBM, Google, Microsoft Azure, or Oracle) in 2018. This means that the majority of CSPs worldwide, would be required to comply with this new law. As a result, vendors should expect a slight pullback in cloud investment from CSPs as CIOs figure out “who owns the data.”
While CSPs will likely invest in cloud technology for systems that do not store customer-sensitive information (like order-to-activation systems, analytics solutions, and service-provisioning tools), vendors can address CIOs’ cloud concerns by aligning product roadmaps for on-premises and cloud products, and through offering bimodal architectures for systems that manage customer-sensitive information such as billing and CRM systems. This will enable CSPs to make the transition to cloud on their own terms and put vendors in a more favorable position to win business despite these new and unfavorable regulatory conditions.
Chantel Cary, Senior Analyst, Telecoms Operations and IT