Cloud Security: Do You Know Who Is Looking At Your Data?

Who Is Looking At Your Data

Given the current anti-EU sentiment gripping certain shires of England, it might not be fashionable to highlight the positive role that the EU plays in setting the regulatory framework for certain aspects of business behaviour and personal rights.

Nevertheless, there’s no doubting the valuable service provided by a recent report from the Directorate General for Internal Policies (entitled Fighting cyber crime and protecting privacy in the cloud), which highlights serious concerns over the safeguarding of cloud-based data from European companies and citizens in a multi-jurisdictional framework.

The report accepts that cloud computing is making data processing global but warns that “jurisdiction still matters. Where the infrastructure underpinning cloud computing (i.e. data centres) is located, and the legal framework that cloud service providers are subject to are key issues”.

This is particularly so with regard to the US, home of many large technology companies and cloud computing providers, and two specific pieces of legislation, the US Patriot Act and the US Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008. The report believes both acts give rise to conflicts in the relationships between states and companies.

“Major cloud providers are transnational companies subject to conflicts of international public law,” the report states. “Which law they choose to obey will be governed by the penalties applicable and exigencies of the situation, and in practice the predominant allegiances of the company management.”

Those allegiances are likely to be sorely tested by the scope of FISAA which essentially authorises the mass-surveillance of foreigners outside US territory whose data is within range of US jurisdiction, including data accessible in US clouds. The question that needs to be addressed is whether EU-based businesses and citizens should be prepared to gamble the integrity, security and privacy of their data against the loyalties of managers of US-based companies.

The report warns that cloud computing breaks the 40 year old model for international data transfers because once data is transferred into a cloud “sovereignty is surrendered” and it advocates the use of prominent warnings concerning the dangers of cloud data being exported to US jurisdiction.

It’s a concern UK businesses should heed very carefully if they don’t want to put their data at risk from being spied on by US authorities. For those already ‘in the cloud’, the report represents an opportune moment to ask what country their cloud provider is storing their data in. Many cloud providers are global operations, which leaves them (and their customers’ data) vulnerable to surveillance from the authorities in the US and other jurisdictions.

One way for UK businesses to ensure their data is safe and not being snooped on by the US or any other country’s authorities is to choose a cloud provider with a geographically diverse cloud platform spread across the UK. A UK company gives them the comfort of being able to visit the data centre and an understanding of where their data lives. Until the US authorities change or amend the Patriot Act and FISAA, that’s the only way businesses in the UK can guarantee their most critical asset stays outside the jurisdiction of the US authorities (or those of any other country).

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Campbell Williams

Campbell Williams is a 15-year industry veteran who has held various sales, marketing and business development management roles in a variety of manufacturing, carrier and reseller companies. He started his career in Mitel where he was part of a team that drove the company’s transition from a direct sales and traditional PBX business to a channel focused and IP telephony software provider. Director-level positions at AT Communications and Charterhouse Voice & Data followed before he joined Six Degrees Group in 2011. Campbell is a well-known figure in the industry and he has travelled the world as a presenter and subject-matter expert in a variety of technology fields, including twice addressing global United Nations conferences.