Location of Data Centres May Restrict your Plans for the Cloud
Microsoft Azure may Offer the Cloud Data Storage Solution you need
Proving you can Confidentially Store Data Could Make or Break your Cloud Plans
Regulation may Prevent Partial or Full Cloud Implementation
 |
| Microsoft Azure may ease your compliance based headaches |
The rise of the cloud has been nothing short of
remarkable. Within in a few years we
have moved from file sharing platforms to industry standard Office 365 and
Microsoft Azure, and applications such as Dropbox are now in mainstream use. IT giants such as IBM to smaller companies
now offer their own solutions. This age
of the cloud is only set to grow.
Before we get too carried away however, there are a few
loose ends your organisation may have to tie-up in wake of cloud implementation. Let's take a look at what these are.
Proof of Security
Depending on your industry, your organisation may need to
obtain permission from a regulatory body to implement the cloud, especially if
you are a government contractor. This
will entail proving you can meet Service Organisation Control (SOC) compliance,
as well as part of the relevant ISO quality standard.
If you are a commercial organisation, especially one that
handles sensitive data and moves large sums of money, again, you will no doubt
face tough questions from stakeholders which you will have to satisfy.
In essence the question will be how well your cloud system
can keep data confidential and secure?
If you cannot show that the data will be secure, the chances are full
cloud adoption will be off the table.
Data Centre Location
Another significant implementation factor where data centres
are concerned is where they are located.
Regulations in this regard, again depending on industry are explicitly
clear, often excluding countries which are considered 'unfriendly' states. Depending on your provider, you may find that
they hold data in regions deemed undesirable.
Microsoft for example, tries to keep data close to the origin
of it. So if you're based in Western
Europe, they will try and keep the data in Western Europe. They also provide
a facility of storing data in a single geography, region, or country. This can
negate a lot of data storing headaches.
According
to Microsoft customers can: "Specify the geographic area(s)
("geos" and "regions") of the Microsoft datacenters in
which Customer Data will be stored. Available geos and regions are United
States, Europe, Asia Pacific, Japan, Brazil and Australia."
Understand Disaster Recovery Plans
As part of
the data storage location issue, it is important to discover where data is held
in the event of an unforeseen disaster.
Does it remain in the same territory, or is it stored in a completely
different location? Is the data
redundancy location in an allowed zone?
Microsoft,
has stated that it may transfer your data within a geo, say Europe for example,
and it replicates Blob and Table
data between two regions within the same geo for enhanced data durability in
case of a major data centre disaster.
"Microsoft
will not transfer Customer Data outside the geo(s) customer specifies (for
example, from Europe to U.S. or from U.S. to Asia) except where necessary for
Microsoft to provide customer support, troubleshoot the service, or comply with
legal requirements; or where customer configures the account to enable such
transfer of Customer Data."
E.U. Data Protection Directive
The E.U.
has implemented directives to control the location and movement of sensitive
data. It is important that should your
provider move the data outside of an allowed territory that this act complies
with The E.U. Data Protection Directive (95/46/EC). This directive lays down strict requirements
for the handling of personal data originating in the European Union.
Microsoft
have secured an agreement whereby they can transfer European data to the U.S
for storage and processing. This is part
of the Safe Harbour Framework developed between America and Europe.
Microsoft
as of February 2015 is the only company that have received approval from the
EU's Article 29 Working Party. This is
partly down to Microsoft's impressive record on compliance for in-scope
services. They have satisfied EU Standard
Contractual Clauses and guarantees around
the transfer of personal data.
It is
important to note that Microsoft will transfer E.U. Customer Data outside the
E.U. only under very limited circumstances.
Negotiation and Guarantees
If you find that a cloud based solution cannot be
implemented due to regulations, you might be able to negotiate with a provider
to only hold data in 'friendly' locations.
This would have to have formal guarantees and no doubt reams of
paperwork will be involved. The rewards
however, might be worth the bureaucracy especially given the cost savings the
cloud brings. That said, Microsoft do
seem to be leading the way in this regard, with their Azure product.
The cloud delivers a highly configurable IT solution which
enables your people to work with agility.
It has been shown to deliver significant cost savings, and handle
demanding workloads. It is the
future.
Whether or not you can use it and or how much of it you can
use, may be out of your hands.
Why not share your cloud implementation experiences in the
comments below, or contact me direct.
Sources
Azure In-Scope Services
No comments:
Post a Comment