Big Brother within the Cloud
Following on from my last Blog, “Data storage in and out of doors the UK”, I assumed that I might contribute an update on this subject.
For the advantage of those that didn’t read the last white book, well in summary it contained risks related to outsourcing data storage and therefore the data protection act (DPA).
So, on with the update.
In November I read a really embarrassing article (for Microsoft) and that I must admit, for the primary time I had some sympathy for the software giant albeit most resellers of their technology wouldn’t accept as true with me lately (for obvious reasons). Back in June of this year poor old Gordon Frazer (use the term loosely), MD of Microsoft UK, announced to an area filled with journalists that he couldn't guarantee that data stored in Microsoft’s European datacentres wouldn't find yourself within the hands of the United States government.
Now, imagine the scene, he's announcing the highly publicized “Microsoft Office 365” product (at its launch) in London. The press had a field day and what came next was an onslaught of criticism from all sides of the space.
So why would “poor old” Gordon say this I hear you ask? Well since the September the 11th attacks on the planet Trade Centre (and the Pentagon), a replacement United States government act came into play – SEC 215, ACCESS TO RECORDS AND OTHER ITEMS UNDER THE FOREIGN INTELLIGENCE SURVEILLANCE ACT.
So, what does this mean? Well simply put it allows the FBI to get ANY data from European companies that have their data stored in US-owned datacentres, albeit the datacentres are based in Europe. information technology training If this wasn’t serious enough, the datacentre in question would be under a gagging order to not mention this to the individuals under suspicion.
Now in most circumstances people like you and that I wouldn't be worried about this prospect and live safe with the very fact that the nasty terrorists are being observed (which I 100% believe in), however, it’s the speculative reasons that I'm not overly happy about and let me explain why.
The above Government act (also referred to as the Patriot Act) is meant to be linked to terrorism, however, we'll not skills it’s getting used. actually, you never will and if you object to your data having the power to be within the hands of the United States government, you yourself will automatically come under scrutiny for being a terrorist by not cooperating, see the dilemma?
Just to boost another eyebrow, how about this. When Microsoft was asked to discuss this they declined. When HP and Amazon were asked, they didn’t even respond and Dell and Salesforce suggested that they didn’t have a spokesperson available! Interesting hey? So, it comes back to my first paper on where you ought to store your data, within the country you reside in. Unfortunately this statement is not ok to guard the safety of your IP (intellectual property), now it goes one level deeper – is that the datacentre US-owned? Sound crazy? Then you'd be thinking like me and expect a visit from the FBI for being uncooperative. Seriously though, this has big ramifications to the web hosting marketplace and data security.
Imagine what data might be accessed without your knowledge? Financial data, Health records, IP that you simply are performing on, pictures of the ex-wife, well maybe that’s a touch too far but you get the purpose.
Many UK based companies are now considering this subject seriously and therefore the incontrovertible fact that this is often not commonly known and there's little or no if any, publicity on this issue makes me think. Cloud Computing may be a complex subject because it is with its own questions surrounding the variants of technology. This alongside the topics of knowledge sensitivity and security, could “Cloud”(pardon the pun) the difficulty even more and potentially steer people far away from the technology.
What do I think? Well, I can see a move to a more local approach to data storage. I'm a patriot of this country called Great Britain and wherever possible adopt and suggest this approach, this subject is simply one more reason for justifying it, one that I'm sure that the united kingdom government would accept as true with me on (G-Cloud).
For a more in-depth feature on this subject, please read the November issue of Computing (Nov 3rd), however, this text does raise both sets of arguments with a slant and large center on Rackspace, a US-owned datacentre.
Does every cloud have a silver lining?
By Colin Durrant, director, Midlands based Colins IT
So what's cloud computing? Should I be embracing it or sheltering from it? Whenever I’m faced with an issue like this I always find it comforting to form an inventory of the pros and cons but before I do that let’s start with some basics. Cloud computing, in its simplest terms, enables you to store files and software remotely instead of on a tough drive or server within the office. you'll not realize it but you're probably using the cloud every day in your life.
Services like Gmail, Hotmail, Skype, YouTube, Vimeo, and SoundCloud all operate within the Cloud. So if these services are using the Cloud it should be safe, shouldn’t it? OK, it’s nearly time for that list. It’s now possible for businesses to possess their own private cloud which includes specific services and is merely accessible to chosen people. Sounds good, doesn’t it? Let’s check out the Pros of Cloud Computing:
Employees can access data and files they have even once they are working remotely or outside of office hours.
Assuming they will catch on the web employees can access information from home, within the car, from customer’s offices, and from their smartphone.
Employees can work collaboratively on files and documents even once they aren't together. Documents are often viewed and edited at an equivalent time from different locations.
Setting up cloud computing is often very quick and straightforward. If you think that about how easy it's to line up a Gmail or Hotmail account and be up and running as compared to installing software which may be time-consuming.
Cloud computing is often cheaper – you don’t need to buy and install software because it’s already installed online remotely.
You don’t need a lot of disc space. With cloud computing, you subscribe to the software instead of own it which suggests it works a touch like pay as you go. you simply buy what you employ and you'll scale this up and down counting on your requirements.
Cloud computing offers unlimited data storage because it's online. it's not restricted by server and disk drive limits and there are not any issues with server upgrades etc. If you would like more data you only up to your subscription fee.
Sounds like a no-brainer thus far doesn’t it? With all of the above benefits, why wouldn’t I embrace the Cloud? Let’s have a glance at a number of the Cons of Cloud Computing. After all, every bright side features a Cloud, if you pardon the pun!
With the Cloud you are doing not physically possess storage of your own data, leaving the control and responsibility of your data storage together with your Cloud provider. So it might be seen that this is often a leap of religion.
You could become completely dependent upon your cloud computing provider removing your freedom to some extent.
Your business continuity and disaster recovery are within the hands of your provider. does one trust them enough?
What happens with data migration issues do you have to want to vary provider?
What happens if your cloud provider goes out of business?
Can your cloud provider guarantee the safety of your data?
Cloud servers can go down a bit like normal servers so how do I access my data if this happens?
Cloud computing is merely as robust as your internet connection. If you're experiencing internet issues you won’t be ready to access your data.
Hmmm, not so sure now. However, it’s still youth for Cloud Computing and as time progresses then a number of these issues will get ironed out. cloud technology companies comedian Peter Kay once famously said about Garlic Bread…..it’s the future! an equivalent is often said about Cloud Computing. It’s here to remain, it's the longer term and whatever size your business is, it’s time to start out thinking if Cloud Computing goes to be the foremost cost-effective and versatile solution for your future data needs data storage in and out of doors the united kingdom
Data security has always been high on the agenda for any company, however, with the emerging cloud infrastructures that are available it might be knowing to consider all of the choices presented. the most point being, “do you actually know where your data is being held and stored, including who is accessing it?”
With virtual memory available anywhere, UK based companies would be prudent to ask the proper questions before taking the leap of religion which is Cloud Storage. With this said, UK-based providers with virtual memory-based within the UK (onshore) adhere to the DPA (data protection act 1998) which demands the safeguarding of any given firm's data.
The DPA is an act of the UK parliament that defines the ways in which any firm’s data are often legally stored and used. the most purpose of this act is to guard any given individual or firm's data against misuse or abuse. There are 6 main parts (amongst many others) that are pertinent to the present topic but one especially I might wish to draw your attention to:
Data must not be transferred to a rustic or territory outside the EU Economic Area unless that country or territory protects the rights and freedoms of the info subjects.
So, with now at the center of the info protection act, how sure can any given firm be of where their data resides outside of the UK? With the emergence of numerous cheap and cheap cloud storage strategies available there is a mess of issues that would arise from these so-called “cost-effective data storage strategies”.
Let’s not forget the problems that outsourcing faced when the service first emerged. There are documented cases where reputable service delivery organizations employees selling client's data to form a fast buck.
I can recall one horror story where we were called after an audit was conducted to an outsized city firm, where data storage was outsourced to a let’s say, not so reputable company. for a few of their data, it simply couldn't be found!
The Client was fined by their administration and that they quickly moved their operations to UK based IT infrastructure and tried to forget the entire embarrassment. this example could are tons worse.
So, out of all of the IT strategies that are required for any given business (or individual altogether honesty), data security and storage are top of the list. If you had the choice of where your data storage is found, wouldn’t you preferably be in your native country that a minimum of abiding by the administration that protects your intellectual capital, instead of going for a less expensive option that would potentially sell your data to your competitor? All of this with none recourse back to themselves as they are doing not abided by the united kingdom governing laws? I feel the selection is clear in my book and alongside the fast IT connectivity interconnects now available, businesses don't get to have this concern at a high price.
So how are you able to use contracts to make sure there's an adequate level of protection?
There are several sorts of contracts that you simply can use to transfer personal data outside the EEA.
The main types are:
Contracts supported the quality contractual clauses approved by the ECU Commission (EC model clauses); and
other contracts you draw up yourself after a risk assessment to bring protection up to an adequate level.
EC model clauses
The European Commission has approved three sets of ordinary contractual clauses (known as model clauses) as providing an adequate level of protection. If you employ these model clauses in their entirety in your contract, you'll not need to make your own assessment of adequacy.
Two of the sets of model clauses relate to transferring personal data from one company to a different company, which can then use it for its own purposes. during this case you'll choose either set of clauses, counting on which suits your business arrangements better. the opposite set of model clauses is for transferring personal data to a processor acting under your instructions, like a corporation that gives you IT services or runs a call center for you.
The model clauses are attached as an annex to the EU Commission decisions of adequacy, which approve their use. the knowledge Commissioner has authorized the utilization of both sets of model contracts for transfers from the controller to the controller: the first 2001 clauses and therefore the revised 2004 clauses.
The Information Commissioner has also authorized the utilization of revised contractual clauses adopted in May 2010 for transfers from the controller to the processor, and in doing so withdraws his authorization for the first 2001 clauses for transfers from the controller to a processor. Contracts made under this authorization and concluded before 15 May 2010 are still valid, however, the revised clauses should be used from 15 May 2010.
If you're counting on the EU Commission adequacy decisions you can't change the clauses in any way, for instance by removing parts or adding other clauses to vary the meaning, but the clauses are often incorporated into other contracts. For more information, see section 3.2 of The eighth data protection principle and international data transfers.
Sound complicated? Well, you'd be right. Data security and storage may be a potential minefield of issues to go through. Call me paranoid but if someone asked me where I might recommend any given firm's data storage to reside, it might be within the country that they reside in.
At the very least they're protected under the DPA.information technology colleges
Obviously, I might also suggest that they perform the acceptable due diligence on ANY firm that they're considering cloud technology is here to remain and can become even bigger over the years to return. However, with such a growth curve, there'll be many issues to return calls in the longer term with regards to data handling and virtual memory.