The cloud is changing the shape of data storage. It has brought on new cost savings, greater business elasticity and lowered resource requirements. But it has also broken down traditional geographical and geopolitical barriers. Why? Because information, even when stored and converted into binary digital form, is still subject to the laws of the country in which it is stored. And with its growing transmission ease, the cloud raises new questions around data sovereignty.
Recent waves of massive data breaches have put data privacy and security top of mind for most organizations. But data sovereignty should also be considered as the laws and regulations that protect digital information can be extremely complex.
For instance, many countries have implemented new compliance regulations that require customer data to be kept within the country where the customer resides, and data stored in certain countries may or may not be subject to subpoena by another country’s government. This can create great challenges for international firms with multinational customers.
Take Google, for example. The European Court of Justice (the highest court in the European Union) ruled that Google must, in some cases, honor requests from search engine users to delete links to personal information.
The Microsoft fight over a ruling by a U.S. federal judge that it must hand over email data stored outside the United States to the U.S. government is also an example. These very public instances have raised concerns – particularly in Europe, Canada and Australia – over data privacy and jurisdictional control.
These considerations are of particular note when evaluating solutions for secure file sharing and collaboration in the cloud. By nature, file sharing is about exposing others to content; but it’s ideally done with significant policy control governing who, how, when and for how long.
Yet, assuring proper jurisdictional control for data sovereignty protection should also be a key selection criterion. Here are four areas to consider.
- Understand local laws and regulations where you do business. To assure compliance, understand the laws and regulations of not only the country where your organization is based but also in each of the countries where you do business. This can be complicated but may save your organization from costly events down the road. This is particularly important if you are in a heavily regulated industry.
- Select cloud solutions that offer geo-redundancy with data centers in your jurisdiction. This helps to ensure that your customers’ data is confined to the country or jurisdiction in which it is governed and also that the data center will follow the compliance and regulation laws for your region.
- Assure that mirrored data is confined within the same jurisdiction. For data protection and disaster recovery purposes, most data centers mirror data to another data center. Be sure that the cloud file sharing service you select also uses physically separated alternate data centers that are also within the same jurisdiction — keeping your data local at all times.
- Pad your protection with multiple layers of security. Of course, protection from data breaches, privacy intrusions and security threats is never a guarantee, no matter how locally your data is confined. Therefore, select cloud solutions that deliver multiple layers of security including encryption for data in transit, in session and on device and in all locations where user files are stored. It should also employ best practices for authentication key storage and rotation management, including two-factor authentication, data leak prevention and device wipe functionality.
It’s important to know that your data is not only private and secure but that it’s also compliant to the governing data sovereignty regulations where it is retained. When selecting a cloud file sharing solution, look to those that have elevated their jurisdictional advantage by operating geo-redundant data centers within the countries and regions where you operate.
Sam Liu is vice president of marketing for Soonr, a provider of secure file sharing and collaboration services with data centers in the U.S., Canada, Denmark, Australia and soon the U.K. He is an expert in mobile, cloud and enterprise technologies.