Businesses are always concerned about the security of their IT data. When it comes to using the cloud for operations this can be an even more critical need. A recent US ruling related to Microsoft data storage in Ireland illustrates why location of data storage needs to be considered.
In this case a US court ruled that Microsoft was required to provide access to data stored in one of its Ireland based cloud storage centres. The tenure of the Tech Republic article reporting on this situation reflects a US focused concern that this type of legal decision can affect the ability of US cloud businesses to compete in other markets like Europe.
From our perspective in supporting Canadian based businesses it raises a more significant decision point for Canadian companies. When they choose a cloud supplier should they only use those which have a Canadian based? Should they only use those that are Canadian in origin? This sounds kind of drastic on the surface but if there is any concern that your data might be subject to some sort of court ordered seizure due to the actions of your supplier, is it not better to be at least subject to Canadian law rather than some legislation from another jurisidiction that you do not fully understand.
Of course this is a much more problematic decision for businesses which deal internationally and which therefore become subject to the rules of several jurisidictions. In this case how your data is stored and where becomes an important piece of your business plan.
For more localized businesses which service a regional or even national clientel then making sure you meet the legislative requirements of Canada and the provinces may be an easier bet. In order to do this you need to understand where your data is being placed by yourself and any suppliers (cloud) that you may use for this purpose. This includes primary data stores for ERP systems, CRM systems, Document Management, Sales Management systems, etc. which are used in your businesses. It will also be important to look at secondary storage systems like file transfer systems, off site network backup storage, email filtering, cloud based email, etc.
Protect your data
If you use cloud based services or hosted applications you may wish to request a declaration from your service provider of the locations where they may be storing your data on your behalf. If retaining your data in Canada in its entirety is a concern for you then you may wish to select suppliers who can assure you that they only use Canadian sources for their hosting and storage. This can become an issue if they are unable to define the full scope of their systems including where they locate servers, backups and other tools.
The implications of the extra territorial application of local laws by some countries (the US is pretty active in this manner) is an increasingly confusing and challenge area of decision making for all businesses. As the referenced article implies it may even end up with a business inadvertently being caught between the rules of two jurisdictions. This becomes a no win situation if you get drawn into it. Unfortunately, it is possible to be drawn into this kind of situation through no active fault of your own but simply by a choice of supplier that is challenged for some reason completely unrelated to your data use.
Data security increasingly complex
As we have shown through a long series of articles in this blog, building a secure and effective data security protocol for your business is an increasingly complex situation. At one time it was simply being sure that you back up your stored material safely so you had access in the case of a disaster like fire or a computer server failure. While these are still important components of a data security plan they are not enough today.
In this world where privacy is challenged and governments at trying to mandate protection due to privacy converns, where government concerns over international security threats, and where data is easily piped to be stored anywhere in the world, there are many more considerations which every business must take into account as they design their systems.
Where and when data is stored by every application you use in your business is a critical component of your system design which cannot be ignored.
How detailed is your investigation of where your data is stored? Should you be concerned?
Photo Credit: By Irishwikiuser (Own work) [CC-BY-SA-3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons