Being in the business of data, we’ve seen some pretty significant changes over the years. And one such change has been the shift in mindset of cloud buyers.
When the big players - Microsoft, Google, IBM - first started shouting about cloud some 10 years ago, uptake within the business world was steady, yet cautious. People were intrigued by the promise of cost efficiencies, anytime/anyplace systems access and business agility, yet there was a fear. The fear of the unknown, and that all important question - where’s my data?
As time moved on, cloud providers proved that the cloud offered much higher levels of security and resilience than a traditional on premise solution. Let’s face it, how many SMEs can afford to implement the same levels of security as a data centre? Business owners soon came to realise that a locked server cabinet and office alarm system was no match for cloud security. Especially when someone leaves a downstairs office window open, or the keys to the server cabinet hanging out of the lock.
And so, a trust in the cloud was born. And rightly so. However, what we’re now seeing as a cloud provider, is that the shift in mindset has almost gone too far the other way and companies are putting themselves at risk of what we call, cloud complacency.
As a cloud and colocation provider, the type of questions we get asked by colo customers differs widely from those looking for a cloud infrastructure. Colocation buyers invest significant amounts of time researching hardware, connectivity, latency, resilience - and sourcing the right data centre for their needs. With cloud, there’s a tendency for decisions to be based purely on price. The same expectations are there in terms of security and resilience, but the selection criteria seems to be lower. Businesses are less inclined to ask, where is my cloud data? Where is cloud data physically located?
The end result is the same. Whether choosing a cloud or a colo solution, the location of your data remains critical. Even more so since the introduction of GDPR, the NIS Directive and, if we dare mention the “B-word”, the potential implications of Brexit - all of which bring data sovereignty into play.
Data sovereignty is the concept that digital data is subject to the laws of the country in which it is processed. In layman's terms, this means that if you’re a UK company, processing data in the UK, and Britain leaves the EU, then there’s every likelihood that you’re going to be required by law to host your data in the UK. Many regulation bound organisations are already working to these directives - medical and legal companies, for example.
This means you’re going to have to start asking more questions about where your cloud data sits; at rest, in transit and through failover. If you’re hosting in a UK data centre, but that data centre fails over outside the UK, then you could be breaking the law. Not to mention the major compliance challenges that cross-border data transfers bring.
So you need to be asking the same questions of your cloud provider, as you would a colocation provider. Where is the data centre located? Where does the data failover to? Can the cloud provider guarantee data sovereignty?
Take a look at our free guide - 10 questions you should be asking your cloud provider - for more help on what you should be looking for.
Consider going directly to the data centre - although any cloud reseller worth its salt should be able to arrange a tour of the facility; whether or not it’s owned by them. And make sure that the data centre you’re using is ISO 27001 accredited. This international standard specifies the requirements that a data centre must uphold, helping you to implement the relevant organisational and technological security measures required by both the GDPR and the NIS Directive.
In short, data sovereignty needs to be high up on your agenda, and your cloud provider categorically needs to be able to make guarantees as to the location of your data at all times.
While cloud computing offers unprecedented levels of security, it isn’t simply the case that if you’re in the cloud, you’re ticking all the boxes.
To learn more about how cloud complacency could be damaging your business, read our blog post - Do you have cloud complacency?