Skip to main content
Home » Post: Is jetting to Cuba this summer a bad idea for European SaaS ISVs?

Is jetting to Cuba this summer a bad idea for European SaaS ISVs?

Because PaaS applications and data are “in the cloud” it should not matter where they are. In the real world of laws, borders and trade disputes, however, location still matters. A recent example shows what can go wrong when European companies bump-up against US laws.

Written on April 23rd, 2008 at 7:32 am by Andrew Biss

Is jetting to Cuba this summer a bad idea for European SaaS ISVs?

While Cuba is a popular holiday spot for Europeans, a 46-year old trade ban puts Cuba off-limits to Americans. Strictly enforced laws prevent US companies from doing direct or indirect business with Cuba.

The US trade ban became a big problem for travel agent Tour & Marketing International. Although based in Spain, the US Treasury’s Office of Foreign Asset Control (OFAC) added them to a blacklist. Why? For selling Cuban holidays to Europeans (US citizens cannot travel to Cuba).

As a result, their US-based domain register blocked about 80 of their .com domains for Cuba-related websites. The domain register gave no notice and refused to transfer the domains (they must freeze all US-based assets).

Are you breaking US law?

You might not have customers in Cuba, but what about all the subscribers of your SaaS solution:

  • Do you know who and where they are?
  • Are you sure your information is accurate?
  • Could you prove it in a court of law?
  • How will you track future changes?

Your PaaS provider could get a call from OFAC to suspend your SaaS application. You get no notice and appealing is difficult. This is not going to be good for your SLA…

Is storing data in Europe enough?

Metadata is also important, not just your application and data. For example, Amazon’s S3 storage service allows you to store your data in Europe, but what about your account data? If it is in the USA, Amazon could get a call from OFAC. While your European-data is still there, you might not be able to use it.

I am not sure that all ISVs building their business on Amazon S3 have fully considered this issue.

Wait for the law to catch-up?

It is not just the US and Cuba; cloud computing and cross-border trade disputes are an accident waiting to happen. The law will take years to catch up with cloud computing.

Until then, you need to know where your PaaS provider is storing your applications, data and metadata.

What can PaaS providers do today?

PaaS providers must make their customers aware of these potential problems. They will not convince European ISVs with an easy “Everything’s in the cloud; do not worry”; PaaS providers must be transparent and make it clear exactly where they are storing applications and data.

Splitting workloads by region could be a good differentiator. This might also open the market to non-US PaaS and utility-computing providers.

Coming up…

Next time on paasTalk I will look at another issue European ISVs must consider–who might be spying on your data: Is SaaS Spying-as-a-Service?.

These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Technorati
  • del.icio.us
  • StumbleUpon
  • Digg

Permalink | Trackback
Tags: , , , , , ,

Thank you for reading paasTalk. You can get the next post hot off the press by RSS, or by email.

Your comments

Join the conversation

Please enter your comments below and join the conversation. We reserve the right to delete any comments that include spam, profanity, personal attacks or any other inappropriate material.






XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Copyright © 2008 ISVfocus.com Limited Creative Commons license terms

About · Contact · Accessibility · Privacy · Imprint · Datenschutzerklärung · Impressum