Doesn’t it seem like there are security breaches happening with more regularity? Unless you’ve been on vacation or in a cave for a while, there are a handful of huge cases all over the news. Do you remember the recent WannaCry attack?But what about the other security breaches that fail to make the headlines? There are undoubtedly hundreds that go under the radar, that you may not even know about. Maybe they have even happened in your own company – without you knowing?
The cloud has innumerous benefits – scalability and cost-savings are at the top of the list - but can also bring some additional risks if your organization isn't choosing the correct cloud provider. When choosing a cloud provider your organization should consider the jurisdiction they are within, the laws of that region and what information will be in their care. These data soverignty considerations have implications for your data security.
In order to arm you with some key information to reap the benefits of cloud and protect yourself from data soverignty issues, we’ve provided 5 considerations for IT leaders to consider when thinking about the relationship between data security and data sovereignty.
1. What is Data sovereignty?
Data sovereignty is the concept that information which has been converted and stored in binary digital form is subject to the laws of the country in which it is located. For example, if an organization is located in Canada but also has a call centre in India, it must send some of it's data to India for them to place their calls, because this data is now in India it becomes subject to Indian law.
2. Location is Key
Your company’s data is subject to the laws of other countries, even if a foreign company is storing it. Meaning even though you're a Canadian or Bahamian business, if your data is located in another jurisdiction under the watchful eye of another provider, your data is still governed by the laws of the country in which it resides. It doesn't matter whose care the data is in but rather where the business operates and where the data resides.
For example, if your organization utilizes a European service provider to host your data but the provider is hosting through a data centre in the US, this data is subject to the U.S. Patriot Act, which allows the US government to access your company’s data without permission or prior notification. This reinterates my earlier statement, it's extremely important to understand where your service provider operates.
3. Data Residency Can Impact Your Data Privacy and Security
According to Ciphercloud, more than half of organizations claim that compliance, auditing and privacy is their top security challenge associated with cloud computing. Where your data resides is a huge piece of security. As WikiLeaks displayed, government handling of files they acquired through spying are often mishandled. This could leave your organization open to vulnerabilities. Data residency can have impacts on your organizations data privacy and security.