Location, location, location: data sovereignty and perceptions of cloud computing

Data issues are rarely out of the news these days. Events like the recent terrorist attacks in Paris raise questions again around national security agencies gaining new powers of surveillance. And indeed, it was a similar, horrific incident that eventually led to data sovereignty becoming big news.

Just where is your data being held?

Soon after 9/11 the Patriot Act was passed in the US, giving its National Security Agency (NSA) extensive access to the bank records, emails, phone calls and internet browsing activity of its citizens, amongst other things. This was followed up some years later by the creation of the covert PRISM program, run by NSA, which collects data held by a number of the country’s biggest internet companies.

When its activities became public in 2013 through the Edward Snowden Wikileaks, users in other countries began to realise that their data may have been accessed as well. Why? Because if your data is stored in the cloud by a company that’s registered and headquartered in a foreign country, it must of course abide by the laws of that country, regardless of where you are based.

Rethinking cloud storage

Possibly up until this point, people hadn’t given much thought to where their data was actually being held. They’d got used to the idea of the cloud. They’d started to trust it. They were more savvy about what they could do to keep their data safe – and how to choose providers with the right security processes in place. Now, however, companies have begun to add jurisdictional considerations to their decisions about data cloud storage.

It’s not just companies that are taking a hard look at cloud storage strategies. Some countries including Australia and Germany have been looking at introducing tighter data residency and sovereignty laws. These would require their citizens’ data to be kept within the country, to protect personal information.

A way forward

This is a situation that’s evolving as I write.. So what options do you have?

• Do your research: it’s well worth finding out where your cloud storage provider is registered and headquartered. Then you’ll know which country’s data laws it will have to abide by.
• Always read the small print and ask to see the data privacy policy statements
• Make choices about what data is stored where: if it’s not sensitive, then perhaps it is less of an issue as to which service you choose and maybe you can make the choice based on how cost-effective the solution is.
  You could consider a hybrid solution, where critical data is kept in the private cloud, and the rest in the public cloud
• Consider how much data you need to store: there’s a lot of value in analysing the minimum amount of customer data you need to collect. Look at how it can be made anonymous. And set out your decisions in your terms and conditions.
• Stay up to date with developments: as data sovereignty issues are explored and discussed, new options around storage will emerge. This is a topic worth following closely, since it’s changing all the time.

Governments are implementing new ways to combat external threats and, hence, data privacy laws are changing and evolving all the time.  In summary, it is important you know where your data is and who might have access to it.

To find out more on how we can help you deploy a cloud application marketplace, visit our solutions for telcos or solutions for financial institutions pages