Where in the world is my data: the importance of data sovereignty
Recently we considered the differences between backup and replication and were able to summarise some of the benefits of both. These two solutions, whilst distinctly different, both have the ability to help organisations manage and protect data more effectively and to comply with the regulations and guidelines specific to them.
Also of great importance in terms of compliance with data protection regulations and guidelines is where an organisation's data is being stored. This becomes particularly evident when organisations begin using cloud services. Typically, cloud services can be quickly and easily administered without thought being given to what happens in the background and where the service is actually delivered from.
To demonstrate this I visited Dropbox, a well-known, established and widely used cloud storage platform. The set-up process is simple, with as little as a name and an email address I was free to download the software and begin uploading my files into the cloud.
So my files are in the cloud, where is that?
Whilst setting up my account I took 5 minutes to read through the standard terms. Although there was brief mention of the laws that govern my data once in the cloud, there was no detail as to where their cloud is.
A further 5 minutes on and I managed to find some information on where my data could be. “Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world - including those outside your country.”
This statement is pretty ambiguous, and the fact that it took me longer to find this than it did to sign up worries me a little. Not for a lack of trust, but because it strikes me that most users simply wouldn’t look or know where their data is.
Why is this a worry?
My personal use of cloud storage platforms has had a focus on being able to store items online for access from multiple locations, on multiple device types and being able to securely and easily share my documents with colleagues.
Having done some research, I now know that with Dropbox my data would likely be held in America. However, I still had no understanding of the security and processes in place to protect it. I was able to sign up without seeing any mention of encryption during the set up process and although two-factor authentication was required to complete my account set up, I couldn’t help but wonder who else could gain access to my data.
It seems likely that many individuals and organisations don’t take the time to fully understand the impact that the use of cloud services has on them from a legal perspective. Location and security are key to this.
Peace of mind
One of the draws of a cloud based platform is the ease with which they can be set up and managed and the ability to get started quickly with the promise of enterprise level security providing reassurances that your personal details and data are safe and your organisation is compliant. But to achieve this there needs to be a level of transparency, as an individual, or as a representative of an organisation. You need to know where your data is, how it is protected and that compliance is going to be achieved as a result.
Regulation and compliance
The rules and regulations that govern personal data are subject to a major change next year when GDPR (The General Data Protection Regulation) comes into play in Europe. Although this piece of legislation has been created in Europe, it will affect organisations globally if they have any dealings with EU citizens or companies.
Cloud data platforms are a great way to guarantee the availability of data. With some services offering long term retention and versioning, the cloud can also be an ideal way of ensuring past versions of documents can be accessed if needs be. However, not all platforms offer these features so it is important to check.
Should an organisation intend to leave a cloud service they are currently storing large volumes of data on, gaining a copy of this data locally can also become a problem, especially if the service provider's cloud is in a different country. Alternatively, some cloud service providers charge for data downloads, so downloading all data at once could become extremely expensive. A simple advantage of using a fairly local cloud platform is being able to pull data back quickly or in some cases even having a physical copy of data delivered back to you.
A semi-automated chat-bot and the FAQ section of a website are all well and good but there are times when unfortunately, they just won’t suffice. It is important that if something goes wrong, there is accountability and support available.
I’ve not tried to call Dropbox specifically but in my previous experience, trying to get in touch with a support representative for a cloud based product or service can sometimes be very tricky, more so if the company is based in a different country or outsources its support to a different company or country.
Data management and Security
Redstor's data management and security platform is simple to use, securely encrypted and designed to meet the needs of organisations of all sizes. All solutions are delivered from our global network of data centres, ensuring data sovereignty and peace of mind for organisations in all regions of the globe.
Ransomware is a threat to all organisations and has been prevalent for a number of years. Although recent reports suggest that organisations are no... read more
Earlier this year high street electronics firm Dixons Carphone revealed that a data breach had occurred the previous year, effecting over 1 million... read more