Share

Top 5 Stories

News

70% of cloud data centers keep customers in the dark about storage locations

08 November 2012

As more companies turn to the cloud to provide redundancy and back-up services for mission-critical business functions, connectivity and applications, new research has revealed that a full 70% of cloud backup providers do not inform customers of where the data is being physically kept.

According to a report from Icomm Technologies, 70% of data storage/data center providers do not reveal which country, general locality or legal jurisdiction customer data is stored within. It’s an issue that becomes particularly apropos in the wake of Hurricane Sandy, which saw a number of critical data centers in the New York City area go down, darkening websites across the US. However, for UK businesses, the issue becomes broader. 

The Data Protection Act of 1998 specifically states that companies need to keep information secure, and that data should not be transferred to countries outside the European Economic Area unless it is adequately protected. If companies don’t conduct proper due diligence on their cloud storage and backup providers, then they run the risk of running afoul of the data protection regulations.

The Information Commissioner's Office (ICO), tasked with enforcing the law, has beefed up its penalties for entities that violate the Data Protection Act. In the last year, the ICO has issued £3+ million in fines for data security breaches in the public sector aloner, including the recent record-setting Stoke-on-Trent offense.

Cloud storage has provided businesses with a viable and economical solution to the challenges of huge data growth and unlocked access to offsite disaster recovery facilities. But data center companies, by the virtual nature of their business, can store data in countries where costs may be lower, but which do not have the same regulatory governance in place as the UK with regard to data protection. In fact, the Business Software Alliance’s (BSA) Global Cloud Computing Scorecard ranks many of the major growth economies such as India, Brazil and China particularly poorly in comparison to the UK, which is ranked sixth in the world.

Yet, “our research has shown the frightening scale of cloud backup providers that are not forthcoming in sharing even basic geography of where data is stored,” said Icomm Technologies executive Ian Callens. “This suggests most users of cloud backup aren’t concerned or even asking the question of data location as part of their due diligence.”

He added, “Equally, it suggests many providers are hood-winking customers by not proactively revealing where data is located,” and so, many are operating under the false perception that their data is protected under UK jurisdiction when, in fact, it isn’t. The incumbency is thus falling on organizations themselves to take action, he advised.

“With daily cybercrime and cyber espionage having escalated by 24% in 2012 [according to Symantec], businesses need to be confident they know exactly where customer or employee data is physically being kept,” said Callens. “Companies need to ensure they know where business critical data is being held to avoid the risk of cyber espionage, crime, illegal copying, sharing and selling of their data to third parties. Exposure could yield fines.”

This article is featured in:
Business Continuity and Disaster Recovery  •  Cloud Computing  •  Compliance and Policy  •  Industry News  •  Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×