Summary
- Ofcom probe into UK Cloud Services launched in April
- Information Commissioners Office (ICO) has teeth to fine and penalise
- UK public sector organisations failing to carry out effective due diligence
- Are we failing to recognise long term goals over quick wins?
Ofcom Probe
In October, Ofcom launched a probe into UK Cloud Services and in April, halfway through the probe, announced it proposed to refer the whole market to the Competition and Markets Authority for further investigation.
What is Cloud computing? – Cloud computing is the delivery of data storage, servers, databases, networking, and software via the internet – and this has become critical for many organisations and since the pandemic, has transformed the way we work.
There are, of course, many benefits to using cloud services such as scalability, cost-efficiency and enhanced collaboration. However, all types of organisations from SMEs to public sector companies rely so heavily on it for their day-to-day functioning that some providers have taken advantage and effectively created a monopoly.
ICO
I work for Claritas Solutions, a Wetherby-based IT company which only has UK-based data centres and none of our data or traffic is routed overseas, and while I welcome the Ofcom investigation I think it falls short in several ways.
Firstly, the Information Commissioners Office (ICO) has teeth to fine and penalise those who do not adhere to their policies but is choosing to look the other way. In my role, I often see UK public sector organisations failing to carry out effective due diligence which then leads to data breaches. Last November, the education department was ruled to have given improper access resulting in data being released which could identify millions of children. The Information Commissioner said the serious breach law would have resulted in a £10m fine if it were not for the ICO’s reluctance to put pressure on the cash flow of public sector bodies. This is a prime example of where the lack of action means there is no reason for the UK public sector to change its behaviours whatever the Ofcom investigation outcome.
Secondly, Ofcom needs to work out how to effectively penalise large companies that hold the data. There is a line in the Ofcom response asking how to manage companies like AWS and Microsoft, and no one has an answer. Currently, the big hyperscalers put money away ready to be spent on fines. Earlier this month, Facebook’s owner Meta, simply paid a €1.2bn fine for mishandling data when they transferred it from Europe to the USA. They’re making so much money, they don’t care.
Thirdly, one glaring omission from the Ofcom probe is data sovereignty. Ofcom has identified that 80% of the UK cloud market sits with three hyperscalers from the USA, which means it is subject to US law, not UK law. No organisation, small or large seems to ask themselves where they want their data to be stored.
UK Cloud Market
I welcome the Ofcom probe into the UK cloud market but I want it to go further otherwise no one will ever learn and data will never be protected.
In an ideal world, individuals would accept their responsibilities and understand they have a part to play in keeping their data safe but at the moment, not many people understand what’s happening.
You also need to ask the question of what does the future look like, in say 10 years time, when all the knowledge base, data, resources, funding are in the hands of very few companies with more wealth than small nations. So, the best way we can make improvements is by putting pressure on Ofcom to be more rigorous.
New UK Sovereign Cloud Platform
Introducing our new UK Sovereign Cloud platform which will ensure that your data is protected and kept in the UK, all managed and maintained by UK citizens with SC clearance and Police Vetting (NPPV L3).
Get in touch with our sales team today!
Email- sales@claritas-solutions.co.uk
Phone- 0330 333 88 33
Or complete the online contact form