Cloud computing has completely revolutionised the way everyone, from an individual working at home to the largest enterprises in the world, works. The promise has been an always on, universally accessible platform we could all depend on to store data, run software and deliver services. But the cloud is fracturing, and the repercussions for everyone are significant.
Privacy and security
Across the world, new privacy laws are being made that directly affect how and where data is stored. The European Union is in the process of enacting the General Data Protection Regulation (GDPR) which dictates a number of roles, responsibilities and obligations on personal data.
Some countries in the EU, notably France, make it very difficult for data pertaining to citizens to be stored in other jurisdictions, forcing large service providers to build new data centres and alter the way traffic is routed and how data is stored. Whether the newly enacted data breach notification laws in Australia inspire similar caution is hard to say.
But, the idea that servers can be anywhere and that, as long as the service providers act within legal frameworks, it can be accessible from anywhere is under threat.
A case we commented on yesterday is currently playing out in the US Supreme Court where law enforcement agencies want Microsoft to hand over data that resides on servers in Ireland.
And we know that local agencies are increasingly concerned about how bad actors can use overseas services to hide their actions.
While legal case law is struggling to keep up, when it does, the results are likely to impact how and where Australian data is stored.
I’ve singled China out as the government there has taken an “interesting” approach. While service providers are able to offer cloud services within China, these have to be offered within data centres owned by Chinese companies that, confidentially (or not) have close relationships with the government.
That will give that regime unprecedented access to personal and business data.
So, while the so-called “Great Firewall of China” blocks access to particular content (this week’s episode of “Fun in the Chinese Politburo” featured a ban on the letter N), control of cloud servers that were previously owned by Amazon, Apple and others means that there will be a massive private cloud operating in China.
What can we do?
For business and individuals, it’s hard to know what to do.
Some of the major service providers, such as Microsoft, Google and amazon, have installed data centres within Australia and it’s possible to limit the presence of data and applications to those data centres. But SaaS (Software as a Service) applications are a different matter.
With SaaS providers working on tight margins, they will often host on the most reliable service they can access for a price. That will often mean using IaaS (Infrastructure as a Service) and PaaS (Platform as a Service) from offshore entities. So, your data could end up on an overseas service.
And if the IaaS or PaaS provider backs up or replicates data to another provider, it’s conceivable that your data could end up anywhere in the world, subject to laws and rules you had no idea mattered to you.
So, you need to ask some questions.
- Where is the data being stored?
- What are the backup/replication arrangements?
- What laws govern any disputes or requests for access to the data?
- How will I know if the arrangements change?
The world is changing and the way cloud services are built, provisioned and accessed is moving along. Seemingly irrelevant changes in overseas jurisdictions may have an impact on your business. It’s critical that you are aware of the changes and ask service providers what they are doing.
And if they cannot answer adequately, perhaps it’s time to plan a migration strategy.