Toward Cloud Governance
Carnegie is in the early stages of an ambitious multi-year project to study the governance challenges associated with cloud computing and its growing role in digital transformation. This project recognizes that the cloud offers huge benefits for individuals, organizations, and national economies through greater IT convenience, flexibility, and cost savings. However, the risks of a major disruption affecting cloud services will invite regulation by governments at the local, national, and international levels. Moreover, as the world grows increasingly dependent on the cloud, other aspects of the technology – related to consumer protection, sustainability, inclusiveness, and human rights – will also attract scrutiny and regulation to protect or advance public interests.
To avoid rushed, ill-conceived, or counter-productive regulatory approaches, governments, cloud providers, customers, and other stakeholders must understand the wide range of interconnected challenges the cloud implicates. With a shared understanding of the challenge, these parties can work together to find ways forward. The contours of this approach are beginning to emerge around the world (e.g., through the Gaia-X initiative in Europe, elements of the proposed ACCESS Act in the U.S., and industry coalitions on issues like sustainability and lawful government access), but more remains to be done.
Carnegie’s Cloud Governance Project aims to build on this work by (1) mapping the governance issues associated with cloud services, and (2) collecting stakeholder perspectives to identify areas of overlap and potential ways forward. In doing so, this project aims to promote transparency and cooperation across the cloud’s stakeholders and advance the development of a coherent global cloud governance structure anchored in a mosaic of complementary arrangements – from legislation and regulation to corporate self-governance, international standards, and norms. Such an approach can help preserve and maximize the enormous benefits of cloud computing, while minimizing its risks and managing its challenges – all in pursuit of a more coherent, secure, resilient, equitable, and sustainable global cloud environment.