FRANKFURT, Germany -- According to security experts at SNW Europe 2011, any enterprise that depends on secure cloud data storage must learn where its data is geographically located and understand how trans-border data flow laws affect cloud data security policy.
The cloud security debate was a hot topic at the recent Storage Network World (SNW) conference, as interest in EU data regulations and data security continues to mount.
If you really want to be secure, have your severs based locally in the same country where your company is based.
Squire, Sanders and Dempsey LLP
Anne LaFrance, partner at UK law firm Squire, Sanders and Dempsey LLP, said: “Possession is only 9/10ths of the law. If you are working with a cloud storage provider, the question is, who has jurisdiction over the cloud? Usually this lies with where your servers are located. However, it could also be where your company’s headquarters are based.”
LaFrance stressed it is important that both an enterprise and its cloud provider are sure of who is responsible for the security of data. She said this is particularly important when it comes to trans-border data flow and onward data transfer.
LaFrance gave an example of a company that might be implementing an Oracle database for its customers and plans to roll out the database across several European countries. The company may run into data issues with certain European countries, and France in particular. France cannot export national identity numbers, which means the company cannot process payroll outside of France.
“Can anyone claim they are immune to the daunting set of rules that come with working with a service provider? This is a global issue and doesn’t affect just one country," LaFrance said. "If you really want to be secure, have your servers based locally in the same country where your company is based.”
Tony Lucas, founder and head of business development for Edinburgh-based cloud service provider Flexiant, said there is definitely a market for the “geo-located cloud,” which will be sold purely based on where customers’ data is based, where it is duplicated and where it is backed up.
According to Lucas, European service customers can expect to be able to choose where they would like their data located – which country it is in and even the address of the building.
“Paranoia is starting to mount over the security of a company’s data, in regards to the physical location, so SaaS and cloud providers are trying to build a joint solution to solve this paranoia,” Lucas said.
Not everyone is convinced of the value of using a cloud storage strategy. Josh Krischer, principal analyst at research house Josh Krischer and Associates, advised enterprises not to use cloud storage for Tier-1 applications or any critical data, because of security concerns.
“No single provider will compensate you for company damage. A cloud provider will only compensate you for loss of time. Any damage to your company, for a security breach or the loss of data, is down to you and you will be the one facing a possible jail sentence,” Krischer warned.
Kayleigh Bateman is the managing editor for TechTarget International and a contributor to SearchSecuirty.co.UK.