Does "Where?" trump "How?"?

Quocirca recently had an interesting discussion with an off-shore hosting and cloud company.  Jersey-based (as in the UK Channel Islands, not the US New Jersey) Calligo is positioning itself as the right place to be for data - and for running the applications that create and consume the data.

Why is this important?  Well, organisations are beginning to wake up to the fact that even when a data centre is in a "friendly" country, there is still potentially high risks to the intellectual property (IP) held within the data.

The US Patriot Act and the Foreign Intelligence Surveillance Act (FISA) make those European companies that have looked into their possible impact shudder.  That a foreign power can demand - and get - access to their data just because it is hosted by a company in the US - or is in a facility anywhere in the world that is owned by a company in the US - means that many are looking for alternative arrangements with companies that can still offer a broad range of services, but backed with better data security agreements that cannot be ridden roughshod over by the regional government.

Calligo's view is that Jersey is highly controlled from a data viewpoint.  Although it is nominally "in" the UK, it is actually a separate British Crown Dependency.  This means that it is autonomous, makes its own laws and operates outside of the reach of other country's legal systems - including the UK.  Sure, EU laws will still apply when push comes to shove - but a European customer may be happier with a Jersey/EU escalation than a <country>/EU/US three-way battle.

This means that data can be stored in a country where the legal system is subject to fewer overall laws, is overseen by fewer people and can be targeted to specific needs. Jersey has pedigree here with the way it has dealt with financial services in its country.

Jersey is also well connected from a data viewpoint to both the UK and the European mainland through multiple cables, and from these to the rest of the world.  Therefore, placing applications and data in a commercial, secure facility on an island that is part of the EU but is autonomous has many things going for it.

But, however well Jersey is connected to the rest of the world, it cannot overcome its relative geographic isolation. When fast, low-latency response is needed, e.g. for transactional work in the US or in Japan - the underlying latency can still be an issue.  Calligo recognises this, and is looking at where else in the world it can set up similar facilities and meet the needs of organisations that want to be assured of greater security for their data and therefore their intellectual property.

The Cayman Islands are one option - they are well placed for the south of the US, for Central America and for the major markets of the top of South America. Although the Cayman Islands are a British Overseas Territory with their own legal system, they come under the overall control of the UK and have a Governor appointed by the Queen - but can still enact and follow laws that make sense from a commercial viewpoint to the islands.

Calligo also includes a data ownership clause in its agreements - the data always belongs to and is owned by the customer.  Many cloud providers make no statements about this - which can cause issues for the actual data owner.  On top of this, Calligo says that it has a special clause in its agreements, which make it clear that should the untoward happen, the data has to be turned over to the customer (even by a business administrator) - so making it easier for a customer to regain access to the data and move it to another provider.

Similar approaches in other parts of the world could give Calligo an interesting footprint for a global offering.  With small, autonomous island states being more likely to provide laws that are data friendly while still retaining strong audit and overall data security capabilities, Calligo's offerings of IaaS, PaaS and SaaS (for example, it hosts SugarCRM and other applications) combined with the capability to use external cloud offerings where it makes sense (such as Google Maps) will make sense to many organisations.

Overall, Calligo looks like an interesting company.  For those who have worries about how their data is secured not just from the baddies out there, but also from the governments who are enacting ever more threatening laws around data access, the use of Island nations as a home for data could be just as good as using them for financial affairs.