In the news recently, we have witnessed numerous data breaches which have left many customers’ private information exposed to hackers. More than 300,000 US taxpayers recently saw their personal tax details accessed by organised crime fraudsters, whose attempts to hack the IRS were shockingly successful.
Not all incidents are down to organised hacker groups though, and some business’s lack of knowledge about different countries’ laws and regulations can lead to this type of risk.
[easy-tweet tweet=”Information that crosses country borders creates problems for the data controllers” user=”sixsq and @comparethecloud” usehashtags=”no”]
Information that crosses country borders creates problems, and as the company is the ‘data controller’ they are responsible for ensuring that the correct security measures are in place. If not, then this can have a huge long-term impact on a business.
Now, more than ever before, it is important to protect your business’s private and customer data from security threats. As the digital world continues to grow each day, there becomes more information exposed online and this raises many concerns.
Many factors need to be considered to protect confidential data stored by your business, and one of them is how a business manages its cross-border cloud hosting.
Cloud Storage Security
A lot of businesses use cloud service providers to manage their data storage, and for many it is a useful way to host applications on one platform. The issue is that there are regional differences in data protection laws, and this can impact cross-border cloud storage requirements.
The issue is that there are regional differences in data protection laws
It is important to be familiar with other international laws and regulations surrounding data protection. This is especially important when considering using a cloud service provider who hosts storage different areas of the world.
There are companies who have made innovations in the marketplace to ensure that their services offer flexibility when choosing cloud technology. For example, SixSq, who are part of the Rhea group and describe themselves as ‘software artisans’, partner with multiple cloud service providers to provide a diverse range of options to their customers.
Below is some tips on how best to approach this dilemma for your own business needs.
If the data you are storing is hosted by a cloud service provider in a different sovereign state, how does this impact on the privacy regulations of your owned data?
Access to the data and its protection will be under the laws and regulations of the state it is stored in. But this is not the full story. Countries with USA’s Patriot Act like laws can jump borders if the company is owned by a company or owner registered in such a country. It is therefore paramount to understand the ownership of the cloud companies used.
[easy-tweet tweet=”It is paramount to understand the ownership of the #cloud companies you are using for international services” via=”no” usehashtags=”no”]
Should this be a concern for any business using cloud storage in a different country?
Sure, as long as data privacy is an issue. Based on data categorisation, some data might not be sensitive or might only be valuable for a limited time. But for sensitive data (e.g. customers, employees, corporate, medical, sensor) this is critical and therefore understanding geolocation of the data stores is a must. But further, while where the data is stored is obviously important, where it is processed should also be controlled with great care.
Is it recommended to use a provider who is based in the country you reside in?
Not necessarily. But since we normally understand better our own county’s laws and regulations, it is often a reasonable choice. Having said that, other countries might have either more interesting laws and regulations or cheaper prices or higher quality. Doing your homework is important and getting help is probably a good idea to assist in the choice.
What advice would SixSq offer to businesses who are worried about their data storage?
ensure you are not stuck with any given provider
My advice is to first ensure you are not stuck with any given provider. This means not only from a contractual point of view, but also regarding technology, architecture and process. SixSq is based on the principal of neutrality in the cloud space. One of our customers recently shifted from one cloud to another in a matter of hours. Their architecture allows it, and using our technology (i.e. SlipStream to manage application deployment) ensured that they could simply re-deploy their applications stacks and watch the terabytes of data being moved from one no-sql backend to another. This is a great success where the customer was worried about lock-in and was able to shift its production system, with no downtime, from one cloud provider to another. This means that with careful planning, the right help and support, cloud independence can be achieved. Therefore, for data storage sensitive customers, this type of defensive approach to cloud storage location can be turned into a serious advantage and also eliminate an important risk from its business.
[easy-tweet tweet=”With careful planning, the right help and support, cloud independence can be achieved” usehashtags=”no”]
To find out more about international data protection laws and regulations visit the DLA Piper website for an extensive list.