Sometimes the most interesting conversations are about something you never really expected to discuss, but I digress.

No, seriously: You sometimes get sidetracked on a topic that becomes so fascinating that your meeting is almost over before you get back to what you really wanted to talk about. Take for instance a conversation I had recently with Julian Lovelock of ActivIdentity. There are lots of things I as an analyst wanted to know about their recent acquisition by HID, who are at home in the “old” world of physical access management and who obviously wanted to buy into the “new” world of logical access control. ActivIdentiy makes most of its money selling often highly customized authentication solutions to businesses, but they derive a large chunk of their income (about 20 percent) from what they call “commercial business”, which essentially means online banking.

Now, conventional thinking says that European and especially German banks are light-years ahead of the rather archaic US banking system in terms of offering customers online access to their accounts and portfolios, as well as in many other respects (nobody in Europe has used a check in at least a decade!).

ActivIdentity, Julian says, has customers in the financial industry on both sides of the Atlantic, so they know what the differences are. In a nutshell, he says, European banks are more concerned with security, while American banks worry about the customer experience. Anything that would make it hard for US consumers to understand what to do next is more or less automatically a no-starter, and if that means there is a bigger danger of the customer’s account being hacked, then so be it. If necessary the bank will simple reimburse the customer without too many questions asked and swallow the damage. Better, anyway, than watching him switch to another bank.
Read the rest of this entry »

Where in the Cloud am I? And more importantly: Where are my data? I know that many managers and CIOs are asking themselves similar questions. In fact, as I have posted before, a colleague of mine put that question to Martin Jetter, CEO of IBM Germany, at a briefing about a year ago, namely: “If I give you my data to store in the Cloud, where exactly are they?” Mr. Jetter didn’t quite get the question at first, so he launched into a lengthy technical explanation, but the guy interrupted him and insisted: “I mean, physically, where are they?”

Of course, there was no really good answer, and Jetter sort of danced around the question and then hurried on to something completely different (in the famous words of John Cheese of Monty Python fame). The scene came to my mind recently when I read a Software Advice blog post by Gustav Westerlunds, CEO of CRM-Konsulterna, a Swedish consultancy, entitled “Is Your Cloud Safe From the Law?” in which he discusses the lack of legal precedents concerning transnational laws and trade agreements with respect to cloud computing. He asks two deceptively simple questions, just like my colleague did to Mr. Jetter, namely:

-          Which country’s laws apply to the data stored in the Cloud?

-          Which country’s laws apply to the data being transferred?

I have blogged about this subject myself concerning the ramifications of European data protection laws which have forced Amazon, for instance, to operate a completely self-contained “European Cloud” based in Dublin so that their European customers won’t go to jail (or have pay the maximum fine of 300.000 Euros stipulated by the EU directive) just because somebody’s name and address made it across the Atlantic due to the magic of packet switching. But Westerlund takes the issue a step further.

Read the rest of this entry »