WIXLIB

The ability of countries and companiesto leverage cloud computing for growthrequires that they be able to access apowerful network; the new methodologyputs increased emphasis on the IT Readiness,Broadband Deployment category.Those few countries that have embracedlocalization policies pay a heavy priceÂÂ After years of concerns about restrictive policies inRussia, the effect of those policies are becomingmore clear. This year, for the first time in the historyof the Scorecard a country finished with a zeroin one of the scoring categories. Russia’s failureto embrace technology neutrality in governmentprocurement and its cumbersome Internet filteringand censorship regulations act as a barrier to cloudcomputing.ÂÂ These policies are not without financial effects.Consider that in 2012 the research firm IDC foundthat Russia’s cloud computing market had grownmore than 417 percent to nearly 60 million andwas projected to continue to grow by more than50 percent in the years ahead.3 By 2017, though,IDC was finding growth in the Russian cloud marketof just 9.9 percent — far behind the global growthof 19 percent.4Increased emphasis on IT Readiness andBroadband Deployment leads to interestingresultsÂÂ The ability of countries and companies to leveragecloud computing for growth requires that theybe able to access a powerful network; the newmethodology puts increased emphasis on the ITReadiness and Broadband Deployment category.Although almost all countries continue to work toimprove broadband penetration, the success ofthose efforts remains very inconsistent.ÂÂ Singapore, Japan, and Korea score highest in thecategory — boosted by the successful efforts toboost their national broadband plans.ÂÂ Certain countries’ high IT Readiness scores maybe masking weaknesses in other areas of cloudpolicy. For example, when infrastructure scoresare removed, Japan ranking plummets from No. 2to No. 10. Likewise, Korea scores nearly 20 pointsfor IT Readiness and rounds out the top tier ofcountries in the rankings. But it finishes much closerto middle-tier countries like Mexico and SouthAfrica in an examination of the countries’ purepolicy rankings.ÂÂ Vietnam also continues to impose severecensorship and restrictions on Internet content.That fact is further complicated by the country’sfailure to develop appropriate laws on governmentprocurement and other trade barriers.344Oleg Kouzbit, Report: Russian Cloud Market to Top 460 Million by 2015 (September 25, 2012), available at: d-market-to-top-460-million-by-2016/.IDC, Russia Cloud Services Market 2016–2020 Forecast and 2015 Vendor Shares, (September 2016), available at: https://www.idc.com/getdoc.jsp?containerId CEMA40565616; Forbes, Roundup of Cloud Computing Forecasts, 2017, (April 29, 2017), available at: a9d7f31e8.BSA The Software Alliance

KEY FINDINGSFive short years ago, cloud computing was a new tool — a next-generationtechnology that promised to help companies and countries unlock greaterproductivity and expanded economic growth. It was with that perspectivethat BSA The Software Alliance launched the Global Cloud ComputingScorecard — a resource to help policymakers shape the proper legal andregulatory environment to encourage the growth of the cloud in theirmarkets.Fast forward to today and cloud computing is a widelyadopted technology that powers global businessesand helps governments better connect with theircitizens on a daily basis. Based on that evolutionBSA The Software Alliance believed that 2018presented an opportunity to step back and reassessthe Scorecard — the only report to regularly trackchange in the relevant international policy landscape.With companies and governments increasinglymoving their key IT processes to the cloud, the mixof important policy considerations has becomeincreasingly clear:ÂÂ Privacy laws must ensure the proper protectionfor users’ data without restricting the ability ofcompanies and users to move data across bordersto maximize its value.ÂÂ Security laws must help shape an environmentwhere cloud computing providers can implementcutting-edge cybersecurity solutions withoutbeing handcuffed by requirements to use specifictechnologies. Users also must be able to trustthat cloud computing providers understand andproperly manage the risks inherent in storing andrunning applications in the cloud.ÂÂ When it comes to delivering the cloud, countriesmust invest in the appropriate infrastructure. Cloudusers must have access to robust, ubiquitous, andwww.bsa.org/cloudscorecardaffordable broadband, which requires policies thatprovide incentives for private sector investment inbroadband infrastructure and laws that promoteuniversal access to broadband.Some basic fundamentals have not changed. ITremains integral to every nation’s economic growth.Cloud computing adds to the importance of IT byincreasing access to technology that drives economicgrowth at the global, national, and local levels.Cloud computing democratizes the use of advancedtechnologies. It allows anyone — a start-up, anindividual consumer, a government, or a small business— to access technology previously available only tolarge organizations. These services in return haveopened the door to unprecedented connectivity,productivity, and competitiveness.Countries that offer a policy environment in whichcloud-computing services can flourish gain inproductivity and economic growth. The countries withthe most favorable policies are those in which thefree movement of data, privacy, intellectual propertyprotections, robust deterrence, and enforcement ofcybercrime are all important priorities. Many countriesalso recognize that coordination of national cloudcomputing policies with those of other nations willfacilitate benefits for all countries participating in theglobal economy.5

ISSUEBRIEFCUTTING-EDGE TECHNOLOGIES: Cloud Computing Is theCatalyzer of the Benefits Created by Cutting-Edge InnovationsOne of the many benefits of cloud computing is that it catalyzes the positive effect of cutting-edgetechnologies, generating societal benefits and economic growth. Policies that create an environmentconducive to cloud computing will produce significant, positive results as these new technologiesevolve.Examples of cutting-edge technologies enabled by cloud computing include:ÂÂ Cloud computing allows a tremendous amount of data, collected from multiple locations, to bestored and analyzed in a cost-effective way. This enables data analytics to be performed on a largescale.ÂÂ Artificial intelligence uses vast amounts of data to “train” algorithms to solve complex problems andachieve certain goals. Cloud computing allows this data to be collected and analyzed efficiently.ÂÂ There are multiple uses for blockchain technology from financial transactions to manufacturing,and many new uses are constantly emerging. Cloud computing allows participants in blockchaintransactions to remotely record information in decentralized ledgers and subsequently access them.The cloud not only enables cutting-edge technologies to function, but it facilitates access to thesetechnologies. Governments, businesses, and even individuals can take advantage of data analytics,artificial intelligence, blockchain solutions, or other technologies developed by third parties who offercloud-based solutions. This is done in a very cost-effective way, with minimum upfront investment bythe user. Thus, the benefits of these technologies become exponentially larger through the use of cloudcomputing.These cutting-edge technologies, enabled or substantially improved by the use of cloud computing arecreating benefits in nearly every industry sector. The automotive industry is one of many examples. Inthe automotive industry, companies leverage the cloud to increase productivity. They use data analyticsto improve accuracy in demand forecasting and adjust production plans. Proactive maintenancepowered by artificial intelligence-enabled tools reduces unscheduled downtime of machinery. The needfor costly repairs and recalls can also be substantially reduced by the use of blockchain technology tomore efficiently track faulty components.The benefits of innovations powered by cloud computing and enabled by emerging technologiesare not only available to large corporations. Small- and medium-sized enterprises can — and in manycases already are — leveraging these technologies. For instance, family-owned restaurants can usedata analytics software to better predict demand, which allows them to adjust supply orders and staffschedules accordingly; local firms can grow their business by leveraging software that uses artificialintelligence to make recommendations on which sales leads to prioritize; and accounting firms canimprove the efficiency of their business by using blockchain technology to streamline compliance withregulatory requirements.Emerging technologies have the potential to improve our lives even further. But this can only beachieved if cloud computing can continue to be leveraged. It is, therefore, crucial that countriescontinue to strive to create an environment that favors the continued development and deploymentof cloud computing so that these technologies continue to promote societal benefits and economicgrowth.6BSA The Software Alliance

But countries inhibiting, or failing to support, the useof cloud computing will not keep pace with thoseembracing the tool.The Scorecard has for five years ranked the ITinfrastructure and policy environment — or cloudcomputing readiness — of 24 countries that accountfor 80 percent of the world’s IT markets. Each countryis graded on its strengths and weaknesses in seven keypolicy areas. The 2018 BSA Global Cloud ComputingScorecard, though, focuses new attention on the policyareas that matter most to cloud computing.The 2018 Scorecard shows continuing improvementsin the policy environment for cloud computing inkey global economies since the 2016 version of theScorecard.These new rankings put additional emphasis on thepolicy areas that matter most to cloud computing,things like privacy laws that protect data withoutunnecessarily restricting its movement across bordersand cybersecurity regimes that promote the properprotection of consumer and business data withoutfreezing into place outdated and unneeded regimes.In addition, questions to assess intellectual propertyprotections have been extensively revised to focuson cloud-relevant issues, including new questions ontrade secrets and patents.The 2018 Scorecard shows continuingimprovements in the policy environment forcloud computing in key global economies.Unfortunately, privacy laws are still absent orinsufficient in several countries. Brazil and Thailandhave no comprehensive laws in place, while laws inChina, India, Indonesia, and Vietnam remain verylimited.A small number of countries have adopted orproposed prescriptive data localization regimes thatwould require cloud providers to restrict the free flowof data or build costly — and unnecessary — servers inorder to provide services in a specific market.Canada and Mexico score highest in the privacysection, offering comprehensive privacy regimeswithout onerous registration requirements. Countrieswith no laws (Brazil and Thailand) and countries withprescriptive data localization requirements (such asRussia and Indonesia) score poorly in this section.SecurityData PrivacyCloud users need to trust that their data, which maybe stored anywhere in the world, will not be usedor disclosed by a cloud provider in unauthorizedways. Countries can provide these assurances withappropriate privacy laws. But it is a delicate balance —unnecessarily burdensome restrictions will hinder theimportant advantages of cloud computing that userswant and need.This section of the Scorecard examines how countriesare managing these competing interests. Overall, theconcern for privacy has produced many positive resultsacross jurisdictions, including significant law reformand a greater public awareness of data privacy issues.Most countries in the Scorecard have dataprotection frameworks in place and have establishedindependent privacy commissioners. Many of the dataprotection laws are now being updated to meet newinternational standards — such as the European UnionGeneral Data Protection Regulation (GDPR) and theAPEC Cross Border Privacy scheme (CBPRs).www.bsa.org/cloudscorecardUsers of cloud computing and other digital servicesneed to be certain that cloud service providers canmanage the security risks of storing their data andrunning their applications on cloud systems. Largescale national and international cybersecurity attacksare now common.This section examines how countries manage andregulate cybersecurity, security certification, andsecurity testing.This year’s Scorecard indicates that many countrieshave implemented national cybersecurity strategies.Many of these national strategies promote a jointpublic-private approach to the management ofcybersecurity. Overall, this is a positive development,although Argentina, Mexico, and Vietnam are yet todevelop and implement strategies.7

Overall, the Scorecard finds that mostcountries are rising to the challenge ofprotecting data from cyberattack andphysical security breaches.Most cloud computing applications are designed tomeet internationally recognized security standards,and this approach is supported by most countries inthe Scorecard. This means that a product tested inone country can be recognized in other countries.However, the Scorecard reveals that some overlyprescriptive security requirements that duplicateaccepted international standards and impose onerouslocal requirements have been introduced. Forexample, China, India, and Korea have all introducedsome local security testing requirements.The United Kingdom, Germany, France, Australia, theUnited States, and Japan score highest in the securitysection. Mexico, Argentina, and Vietnam record thelowest scores — mainly due to delay in implementingnational cybersecurity strategies.CybercrimeThe huge quantities of data that companies andgovernments store in their computer networks havelong attracted the attention of bad actors. In orderto protect data holders and deter cyber criminals,governments must use legislative, investigative, andenforcement tools.This section examines cybercrime laws, as well as rulesrelating to investigation and enforcement.Overall, the Scorecard finds that most countries arerising to the challenge of creating legal regimes toprotect data from cyberattack and physical securitybreaches. Most countries studied have legislation tocombat the unauthorized access of data stored in thecloud. Most also have implemented cybercrime laws,many of which are compatible with the Convention onCybercrime. Italy, Japan, Poland, and Spain all scorevery highly in this section of the Scorecard.Unfortunately, a few key jurisdictions still have gapsand inconsistencies in their cybercrime laws. China andVietnam score poorly in this section of the Scorecard.8The Scorecard also asks whether local laws andpolicies on access to data by law enforcementauthorities avoid technology specific mandates (e.g.,requirements for specific tools that allow access toencrypted data). These mandates may act as a barrierto the supply of security products and services. Therewas a wide divergence on this issue and on otherissues related to the investigation and prosecution ofcybercrime.Intellectual Property RightsAs with the creators of other highly innovative andfast-evolving products, providers of cloud computingservices rely on a combination of patents, copyrights,trade secrets, and other forms of intellectual propertyprotection. To encourage investment in cloudresearch and development, intellectual propertylaws must provide clear protections and effectiveenforcement of misappropriation and infringement.Online intermediaries should be offered incentives tooperate responsibly and should enjoy safe harbor fromcopyright liability when they do so.This section examines the intellectual propertyprotections in place in the countries studied, as well astheir approaches to implementation and enforcement.The Intellectual Property criteria for this year’sScorecard was extensively revised to focus on issuesthat are most relevant to cloud computing, includingnew questions on trade secrets and patents.The United Kingdom, Singapore, and the UnitedStates all score very highly in the Intellectual Propertysection, reflecting their combination of modern lawsand effective enforcement. Unfortunately, manycountries struggled to achieve good results in thissection, with Vietnam, Malaysia, Turkey, and Indiarecording the lowest scores. However, numerousproposed and draft laws and regulations exist acrossthe countries in the study, and this may be a sectionwhere we see strong improvements in the comingyears.Support for Industry-Led Standards andInternational Harmonization of RulesUsers need data portability and seamlessinteroperable applications if they are to make full useof cloud-computing services and the digital economy.IT industry organizations are developing internationalstandards that will ensure optimal portability.Government support for these voluntary, industryBSA The Software Alliance

led efforts is highly important. Countries must alsopromote global harmonization of e-commerce rules,tariffs, and relevant trade rules.This section examines the extent to whichgovernments have encouraged industry-led processesand promoted harmonization of e-commerce rules.The Scorecard reveals that some countries havemoved away from accepting international standardsand international certifications, most notably China,India, Indonesia, Korea, and Russia.Although tariffs and trade barriers for online softwareand applications continue to be rare, they continueto hinder new technology products used to accesscloud services in a few countries. Argentina, Brazil, andRussia all score poorly in this section.Promoting Free TradeCloud services operate across national boundaries,and their success depends on access to regional andglobal markets. Restrictive policies that create actualor potential trade barriers will inhibit or slow theevolution of cloud computing.This section examines government procurementregimes and the existence or absence of barriers tofree trade, including each country’s requirements andpreferences for particular products. The section alsoexamines whether countries support internationalefforts to standardize and liberalize trade andprocurement policies, allow cloud providers tooperate free from tariffs and other trade barriers, andavoid laws or policies that impose data localizationrequirements.The Scorecard indicates that a number of countries stillprovide preferential treatment for domestic suppliersin government procurement or have introduced otherbarriers to international trade. Indeed, this section ofthe Scorecard reveals the widest divergence betweencountries. A small group of countries scored closeto the maximum points — Canada, Germany, theUnited States, Poland, and Japan — while a numberof countries score no points or almost no points,including

the_Cloud.pdf. Consider just a few changes: In 2012 when BSA released the first Scorecard, the demand for cloud computing came largely from start-ups and other small companies. In 2018, though, analysts predict that more than half of enterprises will have adopted cloud computing worldwide and that cloud applications,