Net results: implications of data safety in the cloud are still up in the air

Of key concern is, who can get at your data?

Some EU countries may require that citizen and business data remain within their borders.  Photograph: Getty Images

Some EU countries may require that citizen and business data remain within their borders. Photograph: Getty Images

 

Who can get at your data? As companies gradually embrace various aspects of cloud computing, using software, services, and hardware located somewhere out on the internet, that question looms ever larger.

It’s no longer an issue of whether organisations want to use the cloud. Many are well on their way to putting at least part of their business activity there, meaning some of their data is held in a data centre somewhere. At the same time, few are fully gung ho cloud converts. Yet.

That ambiguity is reflected in analyst Gartner’s recently issued 2014 Hype Cycle. Hype Cycle, celebrating its 20th birthday this year, is a handy tool for picturing where emerging technologies sit in terms of acceptance and adoption.

On a graph depicting expectations against time, technologies go through five stages (if they last the whole cycle; many don’t). Phase one is the sharply climbing slope of the Innovation Trigger, followed by the apex, the Peak of Inflated Expectations. Then there’s a steep drop into the Trough of Disillusionment, followed by a gradually ascending Slope of Enlightenment which eventually flattens into the Plateau of Productivity.

Cloud computing is at the bottom of the Trough of Disillusionment, with Gartner predicting it will be in the Plateau stage in two to five years. In tech terms, that’s not very far away. But it’s distant enough that all the implications of moving to the cloud have not been thought through. Some of the more tangential concerns are only now becoming obvious, and urgent. Key among them is that question: who can get at your data? It’s a huge business and personal issue, of serious legal and civil consequence. We are more aware of how much access surveillance agencies like the US National Security Agency (NSA) and the UK’s GCHQ have had to our digital data.

As security expert Bruce Schneier said in a lecture for Dublin-based human rights organisation Front Line Defenders this week: “We live in a golden age of surveillance.” That’s thanks to the perfect storm of a very insecurely structured internet, alongside putting so much of our personal and business lives into digital format.

Data within borders

At Oracle OpenWorld last week in San Francisco – the company’s huge annual conference – one of its first announcements was two German new data centres.

It included the carefully phrased note that these “will provide cloud services to those businesses in the German market whose preference is for cloud applications deployed in Germany”.

As far as I am aware, this is the first move by a major US multinational to step up and address this new demand.

I asked new Oracle joint chief executive Mark Hurd about this. “There are many reasons . . . There are issues around data sovereignty by country. In some cases there’s issues by industry – financial services and healthcare have significant regulatory issues that impact on how and where data can be housed and stored. So as a result, we’ve gone down the route of opening multiple data centres now in many countries,” Hurd said.

“Our strategy has not been that we’ve wanted to build data centres all across the world, but the secular pressures . . . have caused [us to move] across many geographies and my guess is that we’ll move across many others in the future.”

He said although Oracle has data centres in multiple geographies, “we have one cloud . . . a single version of data capability.” But not one cloud, moving data from, say, that German data centre to one in the US.

Whether this is adequate to block access from the US, by security agencies or the courts, is up in the air. One US case demonstrates this: Microsoft is fighting a compulsion to hand over customer data held in its Irish data centre to a US court.

OpenWorld had one session on the emerging cases around cloud sovereignty issues, but it was off in a peripheral hotel. But the German announcement indicates at least some major US players do not want rain falling on their cloud business parade and will take EU concerns seriously.

Still, no one knows the definitive answers to the legal questions or whether national data centres will ringfence European data. Over time, case law will give new shape to the cloud, as it slowly floats towards that Plateau of Productivity.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.