Cloud Closure Highlights Data Sovereignty Risk

The recent high-profile closure of a US cloud vendor’s UK service is a reminder for end users to clarify what contractual rights their providers sew into their service agreements.

While Doyenz’ actions have been contractually sound, the case casts light on the important questions end users need to be asking of their Cloud Service Providers (CSPs), if they are to protect themselves from losing critical business information, or unknowingly having their data transported to, and stored in, undesirable jurisdictions.

US-based disaster recovery vendor Doyenz launched its rCloud service in the UK in November 2011, based in a data centre in London. In early August, the vendor announced that it would no longer be supporting the rCloud backup and recovery service, giving notice that it would stop the service, offering to move customers’ data to a US facility.

Cloud users should be looking for contractual clarity and reassurance from cloud providers to understand how the service is delivered, where data is stored and ultimately who is accountable and liable for service delivery.

Cloud is a relatively new delivery model, so instances when cloud providers have stopped trading have so far been rare occurrences. However, end-users must take precautionary steps to ensure business continuity for any situation as they must assume ultimate responsibility for their data. It’s important to remember that CSPs, like all external suppliers, will not act as insurers of a customer’s business, so it’s important that the risks are adequately accounted for.

Market messaging today tends to over-play vendor specific messages about platforms or, too often, paints cloud as a panacea. Whilst neither approach is necessarily incorrect, they downplay or risk ignoring the practical considerations facing organisations adopting cloud services and may be damaging the public perception of cloud.

Although customers have been given the choice of transferring their data to Doyenz’ US-based data centres, I express doubt over the viability of this option, owing to users’ legitimate concerns about data location.

My company’s own research into end user concerns about cloud services found that data sovereignty is one of the key concerns for organisations when moving to the cloud. Moving data to a cloud service can often mean it is hosted in another country and therefore subject to different data laws. If users have no visibility or control over where their data resides, they are risking the security of their data, their customers and even their own business’ survival.

Martin Saunders is an expert in product management for the Internet sector. He successfully product managed the UK’s first 8Mb ADSL broadband product and the first symmetrical broadband product. He has over a decade’s experience in the Internet industry and has been highly influential in the rapid development of business and residential Internet communications. Prior to joining Claranet, Martin managed AOL’s Local Loop Unbundling (LLU) strategy, leading the migration of over 200,000 AOL customers from BT's network to their own. As Claranet’s Product Director, Martin oversees the deployment of new products, processes and procedures to serve customer requirements. He was recently responsible for launching Claranet’s revolutionary VPN service that enables users to build a cost-effective and dependable private network.