Unlike the virtual realm, the world that appears on a map poses a long list of challenges to the adoption of cloud computing and the extent to which service providers are willing or able to take their operations global. This may include opening up datacentres or other operations in new and emerging markets.
In an effort to make sense of that patchwork, the software trade group, the Business Software Alliance (BSA), is releasing its second annual Global Cloud Computing Scorecard. This scorecard ranks 24 countries based on seven policy categories: data privacy, security, cybercrime, intellectual property, support for industry-led standards and international harmonisation of rules, promoting free trade, and ICT readiness/broadband deployment.
"I would say that it is a solid mix. There has been a lot of progress that we're very hopeful about," said Chris Hopfensperger, technology policy counsel at the BSA. "I think the thing that we see though at the end of the day is that there's good laws and bad laws and you end up with really patchy progress."
The 24 countries the BSA evaluated for its cloud scorecard account for around 80 per cent of the global information and communications technology market.
For the second year in a row, the BSA ranked Japan as the friendliest environment for cloud providers, citing a high rate of broadband adoption, strong laws against cybercrimes and a solid framework to promote security and protect users' privacy.
Australia follows in the number two spot, also unchanged from last year, while the United States moved up a position, switching places with Germany to rank number three on the cloud scorecard.
The authors of the report attribute that advance more to the ongoing development of standards and infrastructure supporting cloud computing than any substantive policy measures enacted by the US government.
Of the constellation of policy issues that affect the spread of cloud services worldwide, Hopfensperger says that none is of greater concern than security and privacy. He stressed that consumers and businesses alike will be reluctant to shift data to the cloud unless they are confident that their information will be adequately protected from cyber attacks and not exploited for purposes that they would consider invasive.
"Privacy and security are probably talked about more than any other [issue] for a variety reasons. But they are really two sides of the same coin," he says. "Both are key to engendering trust in the cloud. Obviously, cloud computing does no good if people don't want to put their data in the cloud."
The October 2012 passage of a privacy law in Singapore helped vault that country five spots in the BSA's Cloud rankings, moving up from number 10 to number 5, making for the biggest single gainer in the scorecard.
The BSA praises Singapore's law for taking a "light-touch" approach that codifies a set of principles intended to affirm individuals' right to control their personal information, while at the same time acknowledging that cloud providers have a legitimate need to collect, use and even disclose that data in certain cases.
That type of flexible approach, rather than overly prescriptive regulations, is critical to nurturing a regulatory environment that fosters the expansion of cloud-based services, according to the BSA.
Singapore "took a big step in 2012," Hopfensperger says, "because they adopted a privacy law that balances the important consumer protections with the need for companies to be able to move data and continue to innovate."
In contrast, each of the European Union member countries that the BSA evaluated in its scorecard slipped at least one place, owing in large part to the uncertainty associated with an ongoing effort to reform the body's privacy laws.
That debate has aired proposals that alarm the BSA and some of its member companies, including the imposition of "new administrative burdens" and limitations on providers' ability to review data for security purposes, rather than the risk-based, contextual approach to data protection that the group advocates.
The BSA also warns against protectionist policies that favor domestic cloud providers while subjecting foreign companies to bureaucratic and operational requirements.
Indonesia, for instance, dropped one place to 21st on the BSA's list due to new regulations requiring cloud providers to register with a central authority and mandating that some set up datacentres in the country staffed by local workers.
The BSA finds similar concerns with other countries that rank poorly on its scorecard. Indeed, the five countries at the bottom of the list - in descending order, South Africa at number 20 trailed by Indonesia, Brazil, Thailand and Vietnam - received the lowest scores of any nation on the BSA's "supporting free trade" criterion.
"The real problem areas I think we would say is that some of the countries that are at the bottom of the ranking - Indonesia, Vietnam - some of these countries are really taking active steps to chop off a piece of the cloud for themselves," Hopfensperger says. "These things really run counter to what we view as an international approach to cloud policy."