Do you need your data in Australia?
One of the key issues in the move to cloud has been that of ‘data sovereignty’ – where data is actually held, and under which jurisdiction it falls.
This has become a particularly important issue in Australia recently, with the Government’s new data retention laws about to come into force. For example Telstra, which as Australia’s largest ISP and mobile carrier is probably the company most affected by the new regime, has made a big point out of saying that all the metadata it will be required to hold under the new regime will be physically held in Australia.
The issue has also been given a higher profile by Ed Snowden’s disclosures about how the US Government – and others – can access information that passes through servers located in that country. Different countries have very different regulatory environments, and organisations committing to the cloud want to know how their data will potentially be affected.
A couple of years ago I conducted a survey of CIOs about cloud for a major software vendor. One of the questions asked about inhibitors to evolving core business systems to the cloud. Right at the top of the list were fears about data sovereignty – concerns that if the data was not based in Australia, it was less secure.
Around the time I did that research the University of NSW issued a timely whitepaper on ‘Data Sovereignty and the Cloud’, which examined many of the issues from a local perspective.
Since then awareness of the issue has become even higher. Forrester Research recently released a report called ‘It’s a Hybrid World – Strategies for Cloud Success’ (commissioned by NTT ICT and HP) which found that 69% of Australian CIOs and IT decision makers rated data sovereignty as a major concern.
“This suggests that cloud providers may not be competently addressing these concerns with their customers, or that organisations are not holistically identifying specific workloads that require localisation needs to support industry-specific sovereignty guidelines,” said the report.
“Organisations should look at a holistic approach to lower data sovereignty concerns, ensuring that cloud providers are compliant with local regulatory guidelines and are able to support customers with deep domain knowledge.”
It is no coincidence that most major cloud providers in Australia are now using local storage and processing as a selling point. It has been one of the key drivers of the massive growth in data centre capacity in Australia in the last few years, and the rise of high bandwidth connectivity solutions.
Cloud is a marvellous technology – or more exactly collection of technologies – but it brings with it a range of challenges. Data sovereignty is one of them.
In today’s environment, and with the range of choices available, it simply makes no sense to use a cloud provider that does not guarantee that data and the processing of that data does not take place in Australia.