by ECLAC's Unit of Innovation and New Technologies
The expansion of cloud computing in Latin America faces several constraints:
• Limited access to and low quality of broadband internet. Fixed or mobile broadband penetration is very low in some countries, such as Honduras, Nicaragua, Paraguay, Bolivia and Guatemala. Countries with higher penetration rates (e.g., Chile, Brazil and Uruguay) have better chances to successfully migrate services to the cloud.
• Weak legal and regulatory frameworks. These frameworks are frequently absent in many countries, and, in the few cases where they do exist, are clearly insufficient. As for regulation, according to the Business Software Alliance, Mexico and Argentina present above average qualifications (similar to those of India and Turkey) in a group of 12 countries analyzed, while Brazil ranks 9th within the same group.
• Incomplete service level agreements (SLA). As long as service providers do not offer SLAs which duly include consideration about security and portability, many firms would be reluctant to fully migrate to the cloud. The main points SLAs should cover are service adaptability, system security and latency, service reliability, data security (including backups), compliance with existing laws (e.g., governing data protection), data migration and
standardization, and technical support to customers.
• Limited privacy and security. Security is the main concern faced by many firms considering cloud migration, and it is related to the following risk areas: (i) external data storage, (ii) dependency upon public internet, (iii) multi-tenancy, and (iv) lack of integration with internal security systems.
Based on these considerations, we propose the following recommendations for the promotion of cloud computing in Latin America.
• Limited access to and low quality of broadband internet. Fixed or mobile broadband penetration is very low in some countries, such as Honduras, Nicaragua, Paraguay, Bolivia and Guatemala. Countries with higher penetration rates (e.g., Chile, Brazil and Uruguay) have better chances to successfully migrate services to the cloud.
• Weak legal and regulatory frameworks. These frameworks are frequently absent in many countries, and, in the few cases where they do exist, are clearly insufficient. As for regulation, according to the Business Software Alliance, Mexico and Argentina present above average qualifications (similar to those of India and Turkey) in a group of 12 countries analyzed, while Brazil ranks 9th within the same group.
• Incomplete service level agreements (SLA). As long as service providers do not offer SLAs which duly include consideration about security and portability, many firms would be reluctant to fully migrate to the cloud. The main points SLAs should cover are service adaptability, system security and latency, service reliability, data security (including backups), compliance with existing laws (e.g., governing data protection), data migration and
standardization, and technical support to customers.
• Limited privacy and security. Security is the main concern faced by many firms considering cloud migration, and it is related to the following risk areas: (i) external data storage, (ii) dependency upon public internet, (iii) multi-tenancy, and (iv) lack of integration with internal security systems.
Based on these considerations, we propose the following recommendations for the promotion of cloud computing in Latin America.
Given that one of the main problems is access to reliable structured information on cloud computing development and adoption in the region, we suggest the creation of a regional information center (observatory) which enables governments, firms and users access to such information. To the extent that a uniform and adequate regulatory framework is necessary to promote cloud computing dissemination, we propose the creation of a high level regional dialogue, aimed at reaching and implementing multilateral agreements on the following issues:
• Incentives to fixed and mobile broadband deployment, as well as to attract large regional data centers.
• Regulation modernization and harmonization, including SLAs and cloud network standards.
• Creation or update of legal frameworks for personal data protection and privacy, paying attention to data security.
• Harmonization of international data transfer regulations in order to facilitate secure personal data transfers between
countries.
• Ensure interoperability between cloud solutions for government use, recognizing technological neutrality and the independence of suppliers.
• Alternatives to promote government services in the cloud as a drive for cloud computing expansion.
Lastly, regarding trade-offs among privacy and security, a prevalent topic since mid-2013, two approaches may be explored:
• A multilateral agreement. This alternative would imply that governments seek a agreement in the form of a treaty or similar legal instrument. Although this option will require diplomatic leadership and significant resources, it offers the best hope for coherently facing governments’ security concerns, and guaranteeing that firm and user interests
are properly taken into account on a global scale.
• Bilateral commitments. This less ambitious option implies that governments independently undertake consensus building on procedures for the prevention or the resolution of privacy-security conflicts.
From Cloud computing in Latin America: Current situation and policy proposals, Division of Production, Productivity and Management, ECLAC, 2014.
• Incentives to fixed and mobile broadband deployment, as well as to attract large regional data centers.
• Regulation modernization and harmonization, including SLAs and cloud network standards.
• Creation or update of legal frameworks for personal data protection and privacy, paying attention to data security.
• Harmonization of international data transfer regulations in order to facilitate secure personal data transfers between
countries.
• Ensure interoperability between cloud solutions for government use, recognizing technological neutrality and the independence of suppliers.
• Alternatives to promote government services in the cloud as a drive for cloud computing expansion.
Lastly, regarding trade-offs among privacy and security, a prevalent topic since mid-2013, two approaches may be explored:
• A multilateral agreement. This alternative would imply that governments seek a agreement in the form of a treaty or similar legal instrument. Although this option will require diplomatic leadership and significant resources, it offers the best hope for coherently facing governments’ security concerns, and guaranteeing that firm and user interests
are properly taken into account on a global scale.
• Bilateral commitments. This less ambitious option implies that governments independently undertake consensus building on procedures for the prevention or the resolution of privacy-security conflicts.
From Cloud computing in Latin America: Current situation and policy proposals, Division of Production, Productivity and Management, ECLAC, 2014.