At the moment, it seems like data privacy and security is all anyone can talk about in the data world.
Revelations earlier this year about the scope of NSA spying and the PRISM programme – which are still coming out – highlighted to many firms the importance of knowing where their sensitive information is and who has access to it.
Moving from your own data centre to the cloud
This is something that’s especially important in the age of the cloud. While one of the great things about moving operations from your own data centres into the cloud is that it can shift many of the everyday headaches associated with managing and maintaining your systems to a partner firm, it does raise new questions that need answering.
Central to this will be where your data sits and who is responsible for it. One mistake that too many companies make when they move to the cloud is to assume they are also shifting responsibility for their data. This is a mistake. In fact, it is still incumbent on a firm to ensure that all protections are in place and all regulations are being followed – you should never assume that this will be taken care of for you.
Additionally, physical locality is also often overlooked. While as far as the end-user is concerned, ‘the cloud’ just means it is somewhere on the internet, it will always have to be stored on servers – and they have to be physically located somewhere.
But why does this matter? Some providers, such as Google, maintain that this shouldn’t be an issue, but this might not always be true. There may in fact be a wide range of compliance, legal and security issues for businesses when information is held in a different jurisdiction from where a company is based and conducts most of its business.
This can leave firms exposed to a maze of complications and questions about whose governance the information falls under. Not only will this cause headaches, it can leave you vulnerable to action from regulators if you’re in breach of the rules.
It’s therefore vital companies are able to gain flexibility from cloud providers when it comes to cloud contracts, which must spell out clearly where the data is physically held, who owns it and what is done with it when the contract ends. If you don’t have these reassurances, you will be putting highly sensitive customer data at risk – and the damage this can cause to your reputation cannot be underestimated.
Blog: NOT SO ‘SAFE HARBOR’