Is Google the new Rome?
Cloud computing may be leading to a federation-like worldview on data management, but national laws will be a major obstacle
In some ways, Google is a digital Rome. Instead of extending roads to connect its empire, it builds data centers worldwide and challenges local rule not with swords, but with tools and information.
It is a company that probes the perimeters of censorship in China and tests the limits of privacy laws in Europe, sometimes with consequence, as it expands its cloud computing empire.
[ Check out Bob Lewis's "Learning from Google's Chinese censorship decision." | InfoWorld's Robert X. Cringely has also been following the Google-China clash and reports on the fallout in "The Google-China plot thickens" ]
On Monday, Google received a letter from 10 nations, including Canada, France, and Britain, telling the company that the "privacy rights of the world's citizens are being forgotten as Google rolls out new technological applications."
Google's Rome-like worldview extends to how it will treat the location of customer data. Google is not offering U.S. businesses any specific assurance that their data will be stored in a U.S.-based data center.
It is making an exception for government customers, such as the City of Los Angeles, which, as part of its contract to move its 30,000 users over to Google Apps, will have its data housed in Google's U.S.-based data centers.
From Google's perspective, "specifying data location made more sense when all data was within the organization's firewall, Eran Feigenbaum, director of security at Google Apps, said by email.
"In the world today where we have partners, vendors, multiple offices, employees working remotely, the Internet, email etc. 'Where is my data located?' should probably not be first question we ask," Feigenbaum said.
"When I send an email to my vendor or client, the way all email works, it can travel half way around the world before it gets to them -- even if they work down the street," he said.
"So the primary questions companies should ask are 'how is the data protected?' 'Who has access to it?', and 'How do I evaluate what my IT vendor is telling me about their practices?'"
