In recent years, services utilizing cloud computing have come into widespread use. Datacenters are generally used as an infrastructure for providing such services. Datacenters are located all over the world and provided by a large number of service providers.
Hereafter, an application software program is referred to simply as an “application”.
It is often the case that a plurality of datacenters are used in operation of a service utilizing cloud computing. In such a case, migration of applications and data between datacenters is occasionally performed. At a time of such migration of applications and data, it is possible that a problem arises from a difference between the migration origin and the migration destination in operation rules about data operation and the like, a difference in applicable laws due to the difference between location countries for the datacenters, presence or absence of a contract with the datacenter provider with regard to these matters, and the like.
Specifically, when a law to be applied to data (for example, a law related to protection of personal information and privacy) exists at the migration origin but no law corresponding to the law exists at the migration destination, it is possible that no appropriate protection policy is taken with respect to data to be migrated. When an accident such as data leakage occurs at the migration destination datacenter as a result of that no appropriate protection policy has been taken there, if no measures against such an accident are explicitly prescribed in the contract with the migration destination datacenter, it is possible that a problem arises in terms of ex post measures, compensation and the like. For example, when migrating applications and data to a datacenter (cloud) located in a foreign country, with the aim of a cost reduction effect, great risk is involved in entrusting management of data requiring particular legal protection to a cloud provider not taking an appropriate measure. Inspecting in advance the occurrence of such a problem requires an enormous workload, because it is necessary to check a large number of matters including the contents of applications and data, contracts between datacenter providers, relevant laws in the country or area of the migration destination, and the like.
Already known are the following technologies for determining or inspecting risks of legal violation and of contractual incompleteness.
A contract information management system described in Patent Literature 1 (PTL 1) demands inputting a possibility (risk) of problem occurrence and determines a degree of the risk on the basis of the inputted information, in management of contractual coverage. Here, the risk is referred to as lack of a description of a legal clause which is to be prescribed in the contract.
An export management system described in Patent Literature 2 (PTL 2) includes a database storing relevant laws to be obeyed in exporting a product, such as the Export Control Order, and a database storing previous determination results on whether an export item violated a law, and thereby supports determining whether an export item or the like violates the relevant laws or not.
A law-observance condition inspection support system described in Patent Literature 3 (PTL 3) supports inspecting a law-observance condition in a business performed by the company, using a law-observance matrix consisting of a table of law themes and a check list of laws.