Wednesday, 15 May 2013
Jurisdiction over Your Data - Why Location & Architecture Matters
The topic of jurisdiction has long been debated and is particularly sensitive in the datacentre field. With vendors trying to protect their clients while also adhering to government regulations and requirements. In truth, it can be a bit of a minefield for us providers with rules and regulations continually evolving.
But where are we now? Well… recent stories and speakers at industry events (see Zack Whittakers story on Zdnet for more) suggest that our adoption of the cloud and more open networks is creating new and more complex legal challenges. Zack`s story in particular highlights the ease at which U.S. authorities can obtain records of businesses and individuals in Europe legally. For some this is a worrying development but, as a whole, the interest should be in some of the problems the cloud poses.
Weaknesses of the Cloud
Cloud technology of course offers some great benefits to both providers and end users and is likely to remain a key part of the industry for years to come. However, its open nature does continue to pose some problems and more recently there have been huge debates over the ownership of data. For example the ownership or rental of downloaded music.
In this instance we are more interested in what rights government agencies have in accessing data over the cloud. There are many misconceptions here and it is well worth downloading this white paper on the matter. While the issues are outlined here companies do not only have to look at what technology to use but also location. For example in some instances the dedicated server might be the better option.
Why Countries Such as Switzerland are Unique
Countries inside the EU have to follow very strict privacy and data protection rules and, in turn, have to comply with a number of regulations which make their data more susceptible. Countries outside the EU tend to follow many of the same regulations but have a certain level of flexibility. For example Switzerland who have very tight controls when it comes to government agencies requesting information from their datacentres. This makes locations such as this more attractive to some companies.
In Switzerland the only way to gain access to the data hosted within a datacenter is to request an official court order proving guilt or liability. This procedure applies to requests from any country and tightly controlled. However, despite popular belief, the US is not granted any special powers in these instances. They just have a different approach overall.
Is the Industry Doing Enough?
It is a question many of us have been asking and remains an interesting one. While businesses can choose from many providers do they really get an accurate overview of how their data is managed and securely maintained? Some would say there is an increasing need for transparency especially in the case of the cloud and only time will tell if and how vendors will react to this.
For us at Artmotion, we try to be as transparent as possible and work hard to keep our customers data secure. This, like most other providers, is extremely important to us and we would like to see more come out and talk about the issue.