Contents Introduction and agenda ........................................................................... 3
Agenda of the Workshop............................................................................. 3
List of workshop participants .................................................................... 4
Morning session: summary of the keynote presentations ....................... 5
Highlights of opening session by Dirk Van Rooy (Head of Sector, DG
Connect E2) and Pierre Chastanet (Deputy Head of Unit, DG Connect E2):5
Technical & Financial Challenges of Cloud Portability: What we learned
from the research by George Mironescu (Research Manager, IDC) ........... 5
Strategic & Legal Challenges regarding Cloud Portability by Arthur van
deer Wees (Director of Arthur’s Legal) ....................................................... 5
First break-out discussion: Portability in the cloud: ranking the key
challenges .................................................................................................. 6
Discussion on technical challenges ............................................................. 6
Discussion on legal challenges .................................................................... 8
Discussion on economic and financial challenges ....................................... 9
Afternoon session: summary of the keynote presentations .................. 10
Going Forward: What Happens Next? – Douglas Hayward (Associate Vice
President – IDC) ......................................................................................... 10
Potential Measures regarding Portability in the Cloud - Arthur van der
Wees (Director of Arthur’s Legal) .............................................................. 10
Second break-out discussion: Portability in the cloud: opinions on
potential measures ................................................................................. 10
Closing remarks ....................................................................................... 12
Annex 1 – Workshop Presentations ........................................................ 13
Figure 1 Ranking of the key technical challenges of cloud portability ................ 6
Figure 2 Ranking of the key legal challenges of cloud portability ....................... 8
Figure 3 Ranking of the key economic/financial challenges of cloud portability 9
Figure 4 Ranking of the key potential measures to enable data and application
portability .......................................................................................................... 11
31 May 2017 3
Introduction and agenda This report presents the main results of the open workshop organized by IDC and Arthur’s Legal for
the study “Switching Cloud Providers” (SMART 2016/0032), whose aim was to bring together a group
of relevant European actors in the field of cloud portability. Participants represented a range of key
stakeholders: from users of cloud services (who might have experience with porting data/applications
in different cloud environments), to cloud service providers and policy makers both from the EU
Institutions as well as from the Member States.
The workshop "Data and application portability in the cloud: current challenges & policy scenarios "
was organized by IDC and Arthur’s Legal on behalf of the DG CONNECT Unit E2 and took place on
Thursday May 18th 2017 at European Commission, Avenue de Beaulieu 25 room S1, Brussels from 9.30
to 16.30.
The workshop had two (2) separate yet related goals: a) to present of the existing barriers limiting - or
even preventing - data and/or application portability within cloud ecosystems identified in the context
of the aforementioned study creating a high risk for customer lock-in and b) to identify a set of
potential measures to address the barriers discussed, including the potential introduction of a new
right to data portability that would not be limited only to a specific type of data.
Furthermore, the participants were involved in highly interactive sessions allowing them to exchange
views on the challenges identified by the study and to discuss the draft set of preliminary measures
captured by the workshop materials to stimulate the workshop discussion.
The workshop agenda is hereafter presented, and it was essentially respected. The presentations of
the speakers are attached to the current Workshop Report.
Note that the study team distributed to the registered participants before the workshops the D3
Workshop Document aiming to best prepare them for the workshop discussions and optimize the
workshop outputs.
Agenda of the Workshop 09.30 Registration and welcome coffee
10:00 Opening & Welcome, European Commission Preliminary results of Public Consultation on Building the European data economy
10.15 10.30 10.45
Keynote Presentation 1: George Mironescu, Research Manager, IDC European Cloud Platform Services Technical and financial challenges of cloud portability - What we learned from the research Keynote Presentation 2: Arthur van der Wees, Arthur’s Legal Strategic and legal challenges for portability in the cloud Q&A
11.00 Coffee Break
11.15
12.30
Break-out discussion moderated by key members of the team Portability in the cloud: ranking the key challenges. End of discussion
12.40 Wrap up of discussion – – Reporting of the first interactive session to the plenary
13.00 Networking Lunch
14.00
Keynote 3: Douglas Hayward, Research Associate Vice President, IDC European Services team - Arthur van der Wees, Arthur’s Legal What should be done? Potential measures to ensure portability in the cloud
14.30 Q&A
14.45 15.35
Break-out discussion moderated by key members of the team Portability in the cloud: participants’ opinions on potential measures. End of discussion
31 May 2017 4
16.00 Wrap up of discussion - Reporting of the second interactive session to the plenary
16.15 16.30
Concluding remarks by European Commission END WORKSHOP
List of workshop participants The table below lists the participants and the EC staff who attended the workshop.
Last Name First Name Role Organization
Badura Jan CEO TIMEmSYSTEM
Bumba Jonathan Chief Marketing Officer Cloud Technology Partners
Chapman Martin Standards Strategy and Policy EMEA
Oracle
Chekroun Gilles NSX Systems Engineer VMware, Inc.
Clarke Kacy VP, Principal Architect Cloud Technology Partners
Conte Patrick VP & GM International Business HyTrust
Darling Peter Senior Analyst Relations Manager
Microsoft
Derickx Norbert Operational Director CIO Platform Nederland
Ducable Stephane Director, EMEA Public Policy Amazon Web Services
Ebert Andreas Regional Technology Officer Microsoft Corporation
England Timothy Project Consultant APCO Worldwide
Ferti Andriani Senior Associate Clifford Chance LLP
Flanagan Anne Deputy Head of Unit, TLC Policy & Regulation
Department of Communications, Climate Action & Environment
Francis Chris Government relations SAP
Haq Gazala Director of Public Policy and Government Affairs
Dropbox
Holtrop Geertjan Policy Officer Ministry of Economic Affairs Netherlands
Hugo Mania Cloud Computing Program Manager
DGE
John Clemens Public Affairs Manager United Internet AG
Jones Bob Coordinator of Helix Nebula CERN
Kok Ronelle policy officer European Commission
Landstrom Ola Legal Adviser Swedish National Board of Trade
Larsen Renaud CFA HyTrust
Lovegrove James EMEA Director Public Policy Red Hat Inc
Martins Luis Contract & SAM Senior Manager
Galp Energia SA
Matthews Peter Research Scientist CA Technologies
Nguyen Khanh CTO TIMEmSYSTEM
Niessen Thomas Managing Director Kompetenznetzwerk Trusted Cloud
Perkauskas Audrius Team leader European Commission
Poisson Gouyou Beauchamps
Xavier Vice President, Indirect Cloud Services, WW
HPE
Rotureau Cecile Senior consultant cabinet DN
Rowlands Mark Solutions Architect EMEA Public Sector
Amazon Web Services
Schmutz Alban SVP Public Affairs OVH
Schumacher Stefan Head of the Berlin Office VOICE - Federal Association of IT Users
Silva Paulo Consultant Project Management
Galp Energia SA
31 May 2017 5
Last Name First Name Role Organization
Simorjay Frank Sr. Program Manager Microsoft
Steijaert Andres GEANT cloud activity leader GEANT and SURFnet
Thornby Charlotte Senior Director, Public Policy and Corporate Affairs EMEA Head of EU Affairs
Oracle
Van den Wyngaert
Freddy Secretary-General EuroCIO
Van Rooy Dirk Head of Sector European Commission
Weiss Andreas Director EuroCloud Germany
Zaczek Agata Head of Unit Digital Single Market
Ministry of Digital Affairs
Morning session: summary of the keynote presentations Highlights of opening session by Dirk Van Rooy (Head of Sector, DG Connect E2) and Pierre
Chastanet (Deputy Head of Unit, DG Connect E2): The Commission discussed briefly the main actions taken in the context of the Cloud Computing
Strategy adopted in 2012. In particular, specific references were made to:
the finding of the public consultation on “Building the European Data Economy’’.
the recently published Mid-term review of the 2015 Digital Single Market Strategy
the impact assessment for the Initiative of the Free Flow of Data.
The aforementioned study on data and application portability in the cloud will provide input to the
impact assessment for the Free Flow of Data Initiative currently conducted by the European
Commission.
Technical & Financial Challenges of Cloud Portability: What we learned from the research by
George Mironescu (Research Manager, IDC) The full presentation is attached in annex; the key takeaways are:
Based on the evidence collected with the case studies, portability concerns at present tend
to –primarily- relate to data.
Open standards and common protocols for data movement are key to enable portability
To most challenges identified, there can be solutions that potentially address them.
However, few organizations have a clear cloud portability plan in place today. Most are still
experimenting with cloud consumption.
Strategic & Legal Challenges regarding Cloud Portability by Arthur van deer Wees (Director of
Arthur’s Legal) The full presentation is attached in annex; the key takeaways are:
Standards are used in the market in an ineffective and inconsistent manner, thus, hampering
the export of data from one cloud service provider and their import to another cloud service
provider.
Cloud computing agreements are often not sufficiently transparent; also, certain cloud service
providers seem to adopt a ‘’take or leave it’’ approach, thus, not leaving room for
communication and cooperation with cloud customers.
The majority of cloud computing contracts does not provide for an Exit Plan.
31 May 2017 6
There are no relevant attributes for portability or adequate service levels in place;
furthermore, there is either a complete lack of remedies or there is provisioning of insufficient
remedies
First break-out discussion: Portability in the cloud: ranking the key
challenges This section summarizes the discussion held in the first interactive session. Key experts from IDC and
Arthur’s Legal facilitated the discussion in 4 groups. Participants were invited to pick the three most
relevant issues affecting the cloud service portability, out of the whole list presented, and to justify
their choice.
The sections below present the top three challenges coming out from the stakeholders validation per
domain (technical, legal, financial).
The figures presented in the next sections show the results of the interactive discussion.
The overall ranking, presented by the first chart in each section, shows the aggregated votes of the 4
groups moderated by the study team. The participants were asked to provide a ranking of the top
three issues that have the biggest impact on data and application portability. The elaboration of the
votes is based on a 1 to 3 scale, where 1 is the most important issue and 3 represents the least
relevant.
As a general note, it is important to notice that the moderators allowed for an open discussion and
stimulated questions and participation also beyond the originally requested input about the ranking.
Therefore, the analysis reported here may not completely represent all concerns discussed at the
workshop, and the voting analysis may not include the opinions of participants who did not provide in
writing their input.
Discussion on technical challenges The first part of the session focused on the discussion around the analysis of technical issues, as
practical/operational reasons representing barriers to data/application portability.
Figure 1 Ranking of the key technical challenges of cloud portability
31 May 2017 7
Number of average votes per group = 18
1. Lack of standardization for portability of application software has been identified as the first
challenge at a collective/aggregated working-groups level: participants highlighted that there is
the need of standards and common specifications across the supplier landscape, as currently there
is a low parity between the cloud services provided by vendors, as particularly especially so in the
case of porting applications to a new platform.
2. Low parity between data formats is the second most important barrier to portability identified by
the working groups at an aggregated level: this challenge was reported as particularly relevant for
small and medium companies that rarely have in-house technical resources to address retuning
of data formats. Aspects related to data format such as data schema/data model/data dictionary
are very relevant to cloud service providers, as well as the compatibility between data formats at
export and import was identified as a key dimension in a working portability mechanism among
cloud providers. This challenge is also related to the lack of common technical standards, reported
above. Furthermore, the topic of types of data and their feasibility to portability demand to be
assessed together with the data format challenges as part of a cohesive approach.
3. The participants ranked the ease of identifying and exporting data as well as challenges resulting
from systems infrastructure and architectural dependency as equally relevant challenges. For
portability to work, end users need to be able to acquire and retrieve the data, including the
semantics of that data, in a timely and efficient manner. In addition, other relevant challenges
when porting data and/or applications in the cloud stem from the dependencies resulted from
the very infrastructure running beneath the information systems and the architecture of the
solutions subject to data and/or the application porting.
Among other challenges discussed by the stakeholders, the estimated time for data acquisition and
transfer was reported as highly relevant. This challenge is related to the limitations to the network
bandwidth and to the asymmetry of data outbound and inbound. Besides the technical aspects related
to this issue, the discussion covered also the concerns about the costs of transfer and the legal aspects
such as the contractual stipulation of the details of data import and export. Note that participants
emphasized the need to include security as a highly relevant technical challenge for portability in eh
cloud.
31 May 2017 8
Discussion on legal challenges In parallel, the session focused on the analysis of legal barriers to data/application portability.
Figure 2 Ranking of the key legal challenges of cloud portability
Number of average votes per group = 18
Data protection considerations were firmly reported as the first concern when dealing with
portability in the cloud. This point was further discussed during the afternoon session due to the
right of data portability introduced by the General Data Protection Regulation (GDPR).
31 May 2017 9
Participants confirmed the fact that currently most of the contractual arrangements do not
include a clear and transparent exit strategy that clearly provides for the costs, the responsibilities
and the specificities associated with data portability. For instance, there are no sufficient
contractual safeguards in place providing for the data retention time.
Among the other relevant issues, participants discussed the frequent imbalance of negotiating power
between the cloud customers and the cloud service providers.
Discussion on economic and financial challenges The third part of the morning discussion was centered around the economic and financial issues of
data/application portability.
Figure 3 Ranking of the key economic/financial challenges of cloud portability
Number of average votes per group = 18
31 May 2017 10
1. The first point raised by the stakeholders concerned the financial risks related to data security and
access to data during the transfer and transit from the old to new cloud vendor. This challenge is
rather difficult to size at a quantitative level in terms of costs, especially as the impact and damage
of a potential data breach occurring in the course of a porting/migration can be very complex and
can cascade into legal challenges for both the cloud end user as well as the cloud providers
involved in the porting process.
2. Following that, the costs related to business disruption emerged as another main concern.
Confirming one of the findings of the study, the debate has highlighted that a significant level of
disruption may outweigh the benefits of the migration to a new provider and lead to the customer
lock-in.
3. The costs related to skills were identified as the third main barrier. It was reported that cloud
service customers that want to migrate to a different provider may need to make additional
investments in new assets and skills, which often represent a challenge for SMEs.
Note that, especially, with respect to application portability participants highlighted the costs to
rebuild an application on the platform of a new provider.
Afternoon session: summary of the keynote presentations Going Forward: What Happens Next? – Douglas Hayward (Associate Vice President – IDC)
Data formats, standards and transparent data schemas can potentially represent a high
barrier to portability. Cloud service users call for more transparency. Regulatory bodies may
have a role to play to ensure technology transparency.
Balanced contractual arrangements and full transparency are also needed to ensure fair costs
and effective speed of data transfer. Regulatory bodies may intervene to ensure costs
transparency.
Potential Measures regarding Portability in the Cloud - Arthur van der Wees (Director of
Arthur’s Legal)
Portability options should be considered well in advance and not only at the stage of
termination of a service; in practice, the ‘’Data & Application Portability Legal Life’’ consists,
of the following stages: 1. the assessment stage, 2. the preparation stage, 3. the negotiation
& contracting, 4. the execution and operation, 5. the updates and amendments, 6. the
escalation and 7. the termination & post-termination.
The next policy instruments should –among other things- be technology neutral and principle-
based, while facilitating both cloud providers and cloud customers.
The General Data Protection Regulation (GDPR) provides for data portability; the direct
transmission of data from one organization to another, though, is provided only where it is
technically feasible.
Second break-out discussion: Portability in the cloud: opinions on
potential measures In the afternoon, the group discussion was centered around the validation of potential regulatory
and non-regulatory measures to lift the barriers for Data and Application Portability in the cloud, and
facilitate migration between Cloud Providers.
31 May 2017 11
Key experts from IDC and Arthur’s Legal facilitated the discussion in 3 groups. Participants were
invited to pick the 3 most impactful measures, based on the framework designed for this study, and
briefly justify their choice.
The figures presented in the next sections show the results of the interactive discussion.
The overall ranking, presented by the first chart, shows the aggregated votes of the 3 groups.
As clarified in the previous section presenting the first interactive session, it is important to notice that
the moderators in each group allowed for an open discussion and stimulated questions and
participation also beyond the originally requested input about the ranking. Therefore, the analysis
reported may not completely represent all concerns discussed at the workshop, and the voting
analysis may not include the opinions of participants who did not provide in writing their input.
Figure 4 Ranking of the key potential measures to enable data and application portability
Number of average votes per group = 27
31 May 2017 12
1. The stakeholders identified measures related to ethics and accountability, such as the industry
codes of conduct, as the primary non-regulatory measure that market players may adopt to
facilitate cloud portability and ensure customers’ rights. Related to this opportunity, a concern
was raised about how to ensure these rights and that the existing codes are respected, given the
plethora of codes in place, also, reflecting the market fragmentation.
1. Equal relevance was recognized to the need of a European regulation ensuring a right to data
portability; workshop participants were open towards a new right to data portability for all
customer data (both personal & non-personal data) if the regulator would not go- as said- ‘’too
far’’.
2. As discussed in the first session, the lack of standardization is perceived by the cloud service
customers as one of the main barrier to the full portability. Among the non-regulatory measures,
the cloud service providers should ensure the transparency and openness of APIs. Open
publication of APIs and technical specifications would also turn as a benefit for innovation.
3. Cloud service providers and technology providers should ensure portability by design, allowing
cloud customers to stay in control of their data. The participants stressed that there are existing
industry best practices that may be adopted in this domain.
Closing remarks After the breakout session, the floor was given to Dirk Van Rooy, EC DG CONNECT, to state the main
call to actions and conclude the workshop. Van Rooy stressed the policy relevance of this topic and
the connection to the full implementation of the Digital Single Market: increasing the update of digital
services in the industry and society is key to increase the quality of life of the European society and
the competitiveness of the European industry.
Van Rooy invited the attendants to participate in the next Net Futures conference on 28-29 June 2017,
where the EC will hold a cloud stakeholder workshop.