SlideShare ist ein Scribd-Unternehmen logo

Data Sovereignty and the Cloud

IESL - The Institution of Engineers, Sri Lanka
IESL - The Institution of Engineers, Sri Lanka

Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even private-- they are also affected by where data resides and the impact of local, regional, and national regulations on the privacy of that data--an issue known as data sovereignty.

TechnologieBusiness
1 von 4
Downloaden Sie, um offline zu lesen
DALLAS PHOENIXAMSTERDAM | |DALLAS PHOENIX LONDON AMSTERDAM DATA SOVEREIGNTY AND THE CLOUD | | | Data Sovereignty and the Cloud Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even private-- they are also affected by where data resides and the impact of local, regional, and national regulations on the privacy of that data--an issue known as data sovereignty. The romantic image of the cloud is that of a nebulous place somewhere where data and applications float freely—exactly where doesnʼt concern the user. The reality, however, is that cloud providers house infrastructure, platforms, data, and applications in data centers just like everyone else, and where those data centers reside affects which nation, state, or locality has legal sovereignty over and thus potential access to that data. Organizations looking to store any data or applications in the cloud, including via software as a service (SaaS), need to take these and other compliance concerns into account when deciding what to put in the cloud, what type of cloud to put it in, and what provider they intend to use. The Data Sovereignty Tangle One of the biggest catalysts for concerns about data sovereignty has been U.S. anti-terrorist legislation such as the Patriot Act, the Foreign Intelligence Surveillance Act (FISA), and extensions to the latter signed into law recently. These laws give U.S. intelligence and law enforcement agencies unprecedented leeway in requesting information held in U.S. data centers as part of terrorism investigations, including data held by foreign organizations in the U.S. Similar regulations exist in other countries, including Australia. There are also international treaties that affect the subpoena and surveillance of data belonging to U.S. and sometimes foreign organizations stored in data centers outside the U.S. The legal implications of these acts for foreign and domestic organizations are complex, evolving, and often not well understood. And perhaps worse, they sometimes conflict with data privacy legislation in the European Union and Australia requiring organizations to let users know who has access to their data. More recent European legislation has even required certain organizations to keep customer data within the country of origin. And of course there are other compliance issues that come up wherever data is located. Aside from anti-terrorist legislation, there are also Federal, state, and local tax laws that affect transactions taking place in U.S. data centers, including those of organizations based abroad. They are equally varied, complex and evolving. Finally, data stored in the U.S. may be subject to U.S. laws regarding data retention and discovery. And any disputes arising from U.S. based cloud services may fall under U.S. law. The same is true for foreign based services used by U.S. organizations. Data sovereignty has become a particularly important issue for organizations based outside the U.S., because most of the major cloud services, such as Amazon Web Services, Rackspace, and others, are U.S. based and host infrastructure and/or store data in U.S. data centers. Many of these services have data centers outside the U.S. as well, but standard cloud service contracts often give customers little to no control over where their data or the cloud infrastructure they make use of resides. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167
twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 All or Nothing? Under these circumstances many organizations choose to avoid housing any sensitive production data or applications in the cloud. However, such a move may limit their IT options and competitive position unnecessarily. It doesnʼt necessarily solve the problem either, as organizations may not be aware that their in-house developers run test beds or applications in the cloud that make use of sensitive data. In other cases an organization may already be using the public cloud during peak load periods. It may be using a cloud service for backup or disaster recovery. Or IT may not be aware that there are internal departments taking advantage of cloud services, including software as a service applications (SaaS) such as Salesforce.com, without ITʼs full knowledge or permission. Sensitive data stored internally but used externally by SaaS may be vulnerable and subject to data sovereignty concerns. So how does an organization looking to take advantage of the cloud address the risks and other issues of data sovereignty? Here are some basic steps to take when addressing the issue of data sovereignty in the cloud. Classify Data A good first step to addressing cloud data sovereignty issues is to do a risk analysis of any data and applications that either reside in the cloud today or may reside there at some time in the future. Classify which and how much data is high, medium, and low risk in terms of privacy and security. Some organizations classify data as either private, restricted, or public. IT cannot do this alone. Itʼs essential that representatives of the business and legal units be involved in the classification process as they often can best judge which data has which level of sensitivity. Compliance issues should be taken into account as well, which is why legal counsel should be involved. High-risk data usually includes any type of customer or client information, including names, addresses, numbers, email addresses, and of course credit card information. The same goes for employee and other human resource information. Any financial records should be analyzed carefully both in terms of business and regulatory risk. And email and other types of business records should be considered, not to mention any documents and other data that may involve intellectual property. IT should conduct discussions with members of the various business units to discover cloud services used by those departments and their employees as well. This may sound like a lot of effort. However, itʼs an essential step, not just for addressing data sovereignty, but for general IT security and compliance as well. Users may be unaware that the data involved may be vulnerable to attack or subject to regulations such as HIPAA. Finally, disaster recovery and software testing and development should be considered as well as these folks may be using recent sensitive data and the cloud as part of their testing or backup environment. Evaluate Cloud Providers Once IT has classified data according to high, medium, and low risk, a determination should be made as to how much high and medium risk data is either currently or likely to end up somewhere in the cloud at some time in the future. Itʼs important to consider not just data stored in the cloud, but data used by SaaS and software testing, as well as any applications you may be running in external data centers. If you have no intention of letting any sensitive data into the cloud and feel you can actually accomplish that goal, then it may not matter where your data is stored. Keep in mind, however, that by doing so you may be limiting important options could make your organization more agile and competitive. If it seems inevitable that some sensitive data will end up in the cloud, then you need to be very careful which cloud providers you choose to work with.
twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 There are many criteria to take into account when evaluating a cloud provider that have no bearing on data sovereignty. As part of your data sovereignty investigation, however, you should take into account these criteria. A Focus on Enterprise security concerns Any organization concerned about sensitive information should make sure the cloud providers itʼs considering are used to dealing with organizations with similar concerns. One way is to ask for some examples of existing customers likely to have similar concerns about data privacy and sovereignty as your organization. If the provider has large enterprise or government agency customers, thatʼs a good sign. Make sure the provider reacts the way it should to questions about data sovereignty. Are they familiar with the issue, used to those types of questions, and able to provide their own informed perspective and advice on ways to address data sovereignty issues? Location of Data Centers Where are the cloud provider data centers located? If youʼre a company based in the UK or Canada with concerns about data sovereignty, for example, which of your short list of cloud providers offers data centers in those countries? If the answer is none, or if all their data centers are located in one country or region, you may want to go elsewhere. Otherwise itʼs important to conduct a thorough analysis of the data sovereignty issues involved with their data center locations. How likely is it, based on national, regional and local regulations, that an intelligence or law enforcement entity would have the legal authority to monitor or request data stored in those locations? Itʼs important not to simply limit your consideration to whether you think itʼs likely your data would be monitored or requested. What are the tax implications, if any, of storing data or running transactions in those locations? There may be local, state, province, or other regulatory and tax implications as well. What treaties do those countries have with others regarding data sovereignty? Location and Contract Flexibility Most likely an organization with data sovereignty concerns will not want a cloud provider that relies solely on standard contracts. Look for providers that are willing to negotiate with an understanding of your business and data sovereignty needs. Chief among your concerns will be finding a provider that not only lets you choose where you want your data or applications located, but has an established record of complying with those contract terms. In your negotiations try to get a feel for the providerʼs awareness of the data sovereignty aspects of their data center locations and what they might mean for your business. And make sure you ask questions about that providerʼs disaster recovery practices to ensure your sensitive data wonʼt be backed up, snapshot, or replicated to locations with other data sovereignty implications. Part of your contract should be a requirement for immediate notification if the provider plans to make any changes in data center and backup locations. And look into what will happen to your data if you discontinue the service. What measures will the service take to eradicate your data from their systems and storage?
Transparency As Ronald Reagan liked to say, trust but verify. Having assurances that your data is stored in a particular location is not enough. You want to be able to verify this is the case. Work with a provider that is willing to be subject to an audit of where your information is stored, including backup and disaster recovery. Check if theyʼll allow you to visit the data centers that house your data and applications. Look for provider monitoring tools and portals that allow you to verify location and perhaps even APIʼs that allow you to plug in your own management tools for this and other purposes. Encryption For this and other security purposes you should strongly consider encrypting all your sensitive data in transit and at rest in the cloud. Check into the encryption options offered by the provider or consider the option of encrypting the data before it leaves your premises if possible. Donʼt forget Data Security This is pretty obvious but there are many other data security and compliance concerns besides data sovereignty that should be considered and wonʼt be discussed here. Suffice it to say that there are some providers that take enterprise level security more seriously than others. There are certainly risks to housing applications and data in the cloud, particularly when the provider is based abroad. However, the business advantages of cloud computing are too great to ignore for most organizations struggling with shrinking budgets, emerging technologies, and cloud enabled competitors. By taking a careful, methodical approach to analyzing risk and choosing a cloud provider, you can reap the benefits of cloud computing while bringing the risks down to an acceptable level. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 Media Contact Cathi Lane Manager of Public Relations FireHost press@firehost.com US +1 469 533 8133 UK + 44 800 500 8133

Empfohlen

Cloud
CloudCloud
Cloudalberto0
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...Steven Meister
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
GDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAGDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAXeniT Solutions nv
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 

Empfohlen

Cloud
CloudCloud
Cloudalberto0
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
Global Security Certification for Governments
Global Security Certification for GovernmentsGlobal Security Certification for Governments
Global Security Certification for GovernmentsCloudMask inc.
 
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...
Are you prepared for eu gdpr indirect identifiers? what are indirect identifi...Steven Meister
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
GDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAGDPR READY SOLUTION FOR UNSTRUCTURED DATA
GDPR READY SOLUTION FOR UNSTRUCTURED DATAXeniT Solutions nv
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Ekwensi ACC article
Ekwensi ACC articleEkwensi ACC article
Ekwensi ACC articleRonke Ekwensi
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)Craig Mullins
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requestsjcscholtes
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBMargaret (Peggy) Daley
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and HadoopJanosch Woschitz
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksCloudMask inc.
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 

Weitere ähnliche Inhalte

Was ist angesagt?

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsLindaWatson19
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...Everteam
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incDruva
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsDruva
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)Craig Mullins
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving servicesCloudMask inc.
 
Data protection process information
Data protection process informationData protection process information
Data protection process informationyourlegalconsultants
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeSherpa Software
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCloudMask inc.
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requestsjcscholtes
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_lawbsookman
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 

Was ist angesagt? (19)

Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the Chaos
 
Extending Information Security to Non-Production Environments
Extending Information Security to Non-Production EnvironmentsExtending Information Security to Non-Production Environments
Extending Information Security to Non-Production Environments
 
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...What Are you Waiting For? Remediate your File Shares and Govern your Informat...
What Are you Waiting For? Remediate your File Shares and Govern your Informat...
 
Where in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva incWhere in the world is your PII and other sensitive data? by @druva inc
Where in the world is your PII and other sensitive data? by @druva inc
 
Getting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensicsGetting a clue: uncovering the truth about your data with mobile forensics
Getting a clue: uncovering the truth about your data with mobile forensics
 
Big data security
Big data securityBig data security
Big data security
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)
 
Keep Student information protected while improving services
Keep Student information protected while improving servicesKeep Student information protected while improving services
Keep Student information protected while improving services
 
Data protection process information
Data protection process informationData protection process information
Data protection process information
 
Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?Will you be ready to comply with new EU Data Protection Regulation in time?
Will you be ready to comply with new EU Data Protection Regulation in time?
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
 
The Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital AgeThe Sherpa Approach: Meeting the Demands of the Digital Age
The Sherpa Approach: Meeting the Demands of the Digital Age
 
Cashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidenceCashing in on the public cloud with total confidence
Cashing in on the public cloud with total confidence
 
Efficiently Handling Subject Access Requests
Efficiently Handling Subject Access RequestsEfficiently Handling Subject Access Requests
Efficiently Handling Subject Access Requests
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEB
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
 
Sookman law society_6_min_business_law
Sookman law society_6_min_business_lawSookman law society_6_min_business_law
Sookman law society_6_min_business_law
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 

Ähnlich wie Data Sovereignty and the Cloud

Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksCloudMask inc.
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceKim Cook
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskCloudMask inc.
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON Byrum
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docxoswald1horne84988
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the CloudIron Mountain
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.jayceewong1
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Virtual Data Room Industry Growth Statistics and Trends.pdf
Virtual Data Room Industry Growth Statistics and Trends.pdfVirtual Data Room Industry Growth Statistics and Trends.pdf
Virtual Data Room Industry Growth Statistics and Trends.pdfHokme
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsParaben Corporation
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensenjaredcarst
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsSarah Fane
 
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docxlorainedeserre
 

Ähnlich wie Data Sovereignty and the Cloud (20)

Is data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risksIs data sovereignty the answer to cloud computing risks
Is data sovereignty the answer to cloud computing risks
 
eBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data GovernanceeBook: 5 Steps to Secure Cloud Data Governance
eBook: 5 Steps to Secure Cloud Data Governance
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
Law firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMaskLaw firms keep sensitive client data secure with CloudMask
Law firms keep sensitive client data secure with CloudMask
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
OSCON 2012 US Patriot Act Implications for Cloud Computing - Diane Mueller, A...
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx
 
Big data security
Big data securityBig data security
Big data security
 
10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud10 Tips for CIOS Data Security in the Cloud
10 Tips for CIOS Data Security in the Cloud
 
Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.Microsoft DATA Protection To Put secure.
Microsoft DATA Protection To Put secure.
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Virtual Data Room Industry Growth Statistics and Trends.pdf
Virtual Data Room Industry Growth Statistics and Trends.pdfVirtual Data Room Industry Growth Statistics and Trends.pdf
Virtual Data Room Industry Growth Statistics and Trends.pdf
 
Get The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation ToolsGet The Information Here For Mobile Phone Investigation Tools
Get The Information Here For Mobile Phone Investigation Tools
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Cloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared CarstensenCloud computing - Assessing the Security Risks - Jared Carstensen
Cloud computing - Assessing the Security Risks - Jared Carstensen
 
Master Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security FundamentalsMaster Data in the Cloud: 5 Security Fundamentals
Master Data in the Cloud: 5 Security Fundamentals
 
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
Steven Meister GDPR and Regulatory Compliance and Big Data Excelerator Profes...
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
 
27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx27featurearticle© 2015 Wiley P.docx
27featurearticle© 2015 Wiley P.docx
 

Kürzlich hochgeladen

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 

Kürzlich hochgeladen (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 

Data Sovereignty and the Cloud

  • 1. DALLAS PHOENIXAMSTERDAM | |DALLAS PHOENIX LONDON AMSTERDAM DATA SOVEREIGNTY AND THE CLOUD | | | Data Sovereignty and the Cloud Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even private-- they are also affected by where data resides and the impact of local, regional, and national regulations on the privacy of that data--an issue known as data sovereignty. The romantic image of the cloud is that of a nebulous place somewhere where data and applications float freely—exactly where doesnʼt concern the user. The reality, however, is that cloud providers house infrastructure, platforms, data, and applications in data centers just like everyone else, and where those data centers reside affects which nation, state, or locality has legal sovereignty over and thus potential access to that data. Organizations looking to store any data or applications in the cloud, including via software as a service (SaaS), need to take these and other compliance concerns into account when deciding what to put in the cloud, what type of cloud to put it in, and what provider they intend to use. The Data Sovereignty Tangle One of the biggest catalysts for concerns about data sovereignty has been U.S. anti-terrorist legislation such as the Patriot Act, the Foreign Intelligence Surveillance Act (FISA), and extensions to the latter signed into law recently. These laws give U.S. intelligence and law enforcement agencies unprecedented leeway in requesting information held in U.S. data centers as part of terrorism investigations, including data held by foreign organizations in the U.S. Similar regulations exist in other countries, including Australia. There are also international treaties that affect the subpoena and surveillance of data belonging to U.S. and sometimes foreign organizations stored in data centers outside the U.S. The legal implications of these acts for foreign and domestic organizations are complex, evolving, and often not well understood. And perhaps worse, they sometimes conflict with data privacy legislation in the European Union and Australia requiring organizations to let users know who has access to their data. More recent European legislation has even required certain organizations to keep customer data within the country of origin. And of course there are other compliance issues that come up wherever data is located. Aside from anti-terrorist legislation, there are also Federal, state, and local tax laws that affect transactions taking place in U.S. data centers, including those of organizations based abroad. They are equally varied, complex and evolving. Finally, data stored in the U.S. may be subject to U.S. laws regarding data retention and discovery. And any disputes arising from U.S. based cloud services may fall under U.S. law. The same is true for foreign based services used by U.S. organizations. Data sovereignty has become a particularly important issue for organizations based outside the U.S., because most of the major cloud services, such as Amazon Web Services, Rackspace, and others, are U.S. based and host infrastructure and/or store data in U.S. data centers. Many of these services have data centers outside the U.S. as well, but standard cloud service contracts often give customers little to no control over where their data or the cloud infrastructure they make use of resides. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167
  • 2. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 All or Nothing? Under these circumstances many organizations choose to avoid housing any sensitive production data or applications in the cloud. However, such a move may limit their IT options and competitive position unnecessarily. It doesnʼt necessarily solve the problem either, as organizations may not be aware that their in-house developers run test beds or applications in the cloud that make use of sensitive data. In other cases an organization may already be using the public cloud during peak load periods. It may be using a cloud service for backup or disaster recovery. Or IT may not be aware that there are internal departments taking advantage of cloud services, including software as a service applications (SaaS) such as Salesforce.com, without ITʼs full knowledge or permission. Sensitive data stored internally but used externally by SaaS may be vulnerable and subject to data sovereignty concerns. So how does an organization looking to take advantage of the cloud address the risks and other issues of data sovereignty? Here are some basic steps to take when addressing the issue of data sovereignty in the cloud. Classify Data A good first step to addressing cloud data sovereignty issues is to do a risk analysis of any data and applications that either reside in the cloud today or may reside there at some time in the future. Classify which and how much data is high, medium, and low risk in terms of privacy and security. Some organizations classify data as either private, restricted, or public. IT cannot do this alone. Itʼs essential that representatives of the business and legal units be involved in the classification process as they often can best judge which data has which level of sensitivity. Compliance issues should be taken into account as well, which is why legal counsel should be involved. High-risk data usually includes any type of customer or client information, including names, addresses, numbers, email addresses, and of course credit card information. The same goes for employee and other human resource information. Any financial records should be analyzed carefully both in terms of business and regulatory risk. And email and other types of business records should be considered, not to mention any documents and other data that may involve intellectual property. IT should conduct discussions with members of the various business units to discover cloud services used by those departments and their employees as well. This may sound like a lot of effort. However, itʼs an essential step, not just for addressing data sovereignty, but for general IT security and compliance as well. Users may be unaware that the data involved may be vulnerable to attack or subject to regulations such as HIPAA. Finally, disaster recovery and software testing and development should be considered as well as these folks may be using recent sensitive data and the cloud as part of their testing or backup environment. Evaluate Cloud Providers Once IT has classified data according to high, medium, and low risk, a determination should be made as to how much high and medium risk data is either currently or likely to end up somewhere in the cloud at some time in the future. Itʼs important to consider not just data stored in the cloud, but data used by SaaS and software testing, as well as any applications you may be running in external data centers. If you have no intention of letting any sensitive data into the cloud and feel you can actually accomplish that goal, then it may not matter where your data is stored. Keep in mind, however, that by doing so you may be limiting important options could make your organization more agile and competitive. If it seems inevitable that some sensitive data will end up in the cloud, then you need to be very careful which cloud providers you choose to work with.
  • 3. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 There are many criteria to take into account when evaluating a cloud provider that have no bearing on data sovereignty. As part of your data sovereignty investigation, however, you should take into account these criteria. A Focus on Enterprise security concerns Any organization concerned about sensitive information should make sure the cloud providers itʼs considering are used to dealing with organizations with similar concerns. One way is to ask for some examples of existing customers likely to have similar concerns about data privacy and sovereignty as your organization. If the provider has large enterprise or government agency customers, thatʼs a good sign. Make sure the provider reacts the way it should to questions about data sovereignty. Are they familiar with the issue, used to those types of questions, and able to provide their own informed perspective and advice on ways to address data sovereignty issues? Location of Data Centers Where are the cloud provider data centers located? If youʼre a company based in the UK or Canada with concerns about data sovereignty, for example, which of your short list of cloud providers offers data centers in those countries? If the answer is none, or if all their data centers are located in one country or region, you may want to go elsewhere. Otherwise itʼs important to conduct a thorough analysis of the data sovereignty issues involved with their data center locations. How likely is it, based on national, regional and local regulations, that an intelligence or law enforcement entity would have the legal authority to monitor or request data stored in those locations? Itʼs important not to simply limit your consideration to whether you think itʼs likely your data would be monitored or requested. What are the tax implications, if any, of storing data or running transactions in those locations? There may be local, state, province, or other regulatory and tax implications as well. What treaties do those countries have with others regarding data sovereignty? Location and Contract Flexibility Most likely an organization with data sovereignty concerns will not want a cloud provider that relies solely on standard contracts. Look for providers that are willing to negotiate with an understanding of your business and data sovereignty needs. Chief among your concerns will be finding a provider that not only lets you choose where you want your data or applications located, but has an established record of complying with those contract terms. In your negotiations try to get a feel for the providerʼs awareness of the data sovereignty aspects of their data center locations and what they might mean for your business. And make sure you ask questions about that providerʼs disaster recovery practices to ensure your sensitive data wonʼt be backed up, snapshot, or replicated to locations with other data sovereignty implications. Part of your contract should be a requirement for immediate notification if the provider plans to make any changes in data center and backup locations. And look into what will happen to your data if you discontinue the service. What measures will the service take to eradicate your data from their systems and storage?
  • 4. Transparency As Ronald Reagan liked to say, trust but verify. Having assurances that your data is stored in a particular location is not enough. You want to be able to verify this is the case. Work with a provider that is willing to be subject to an audit of where your information is stored, including backup and disaster recovery. Check if theyʼll allow you to visit the data centers that house your data and applications. Look for provider monitoring tools and portals that allow you to verify location and perhaps even APIʼs that allow you to plug in your own management tools for this and other purposes. Encryption For this and other security purposes you should strongly consider encrypting all your sensitive data in transit and at rest in the cloud. Check into the encryption options offered by the provider or consider the option of encrypting the data before it leaves your premises if possible. Donʼt forget Data Security This is pretty obvious but there are many other data security and compliance concerns besides data sovereignty that should be considered and wonʼt be discussed here. Suffice it to say that there are some providers that take enterprise level security more seriously than others. There are certainly risks to housing applications and data in the cloud, particularly when the provider is based abroad. However, the business advantages of cloud computing are too great to ignore for most organizations struggling with shrinking budgets, emerging technologies, and cloud enabled competitors. By taking a careful, methodical approach to analyzing risk and choosing a cloud provider, you can reap the benefits of cloud computing while bringing the risks down to an acceptable level. twitter.com/firehostLearn more at www.firehost.com email sales@firehost.com call (US) +1 877 262 3473 (UK) +44 0800 500 3167 Media Contact Cathi Lane Manager of Public Relations FireHost press@firehost.com US +1 469 533 8133 UK + 44 800 500 8133