10 Things to Know about Data Security and Sovereignty in the Cloud
What do Edward Snowden, the U.S. PRISM scandal and the corporate data hack on Sony Corp. have in common? All involved breaches in data security and sovereignty. While the cloud offers many benefits–such as cost savings, scalability and flexibility–there are also added risks. Data security always tops that list of risks.
To combat these risks, it’s crucial for service providers to have a fundamental understanding of data security and data sovereignty. Use these 10 facts as your foundation to ensure you’re offering customers the best security, reliability and performance in the market.
1. Data sovereignty is the concept that digital data is subject to the laws or legal jurisdiction of the country in which it is stored.
2. 64% of organizations cite the issue of compliance, auditing and privacy as the biggest security challenge associated with cloud computing. (For more info, check out the CipherCloud survey on cloud data protection.)
3. It is important to know that data is subject to the laws of other countries, if it is being stored by a foreign company. For example, if an English company is using a data center located in England, but the data center is operated by an American company, that data is subject to the U.S. Patriot Act and can be accessed without the company’s permission or notification.
4. Countries such as Canada, Germany and Russia are drafting stricter data residency and sovereignty laws, which require data to remain in country in order to protect their citizen’s personal information.
5. The concept of the national cloud where data is held within a country, run by local companies, and is (only) subject to national laws is gaining traction.
6. Local cloud service providers that own and operate public clouds can offer their customers the assurance that their data will be secure and private because it is stored and managed by a national company. This may be a key differentiator for service providers in the EU and other countries with strict privacy and data sovereignty laws.
7. Cloud service providers are also differentiating their offerings through specialization in vertical industries such as healthcare, finance and education, where specific compliance expertise and certification is required.
8. Organizations are responsible for securing their data in a way that renders it meaningless if breached.
9. Gartner defines this type of security solution as a cloud security gateway: “Cloud security gateways are on-premises or cloud-based security policy enforcement points placed between cloud service consumers and cloud service providers to interject enterprise security policies as the cloud-based resources are accessed. Cloud security gateways consolidate multiple types of security policy enforcement.”
10. For customers who realize the benefits of cloud computing, but are restricted in terms of which cloud they can move to since they may not be able to retain data sovereignty, there is a solution. With the vCloud Air Network, together, VMware and our partners can address the challenges of data sovereignty with partners in more than 100 countries.
Learn more about the VMware vCloud Air Network Program, and check out vCloudProviders.VMware.com to see how we’re promoting our ecosystem of service providers. Be sure to follow @VMwareSP on Twitter or “like” us on Facebook for future updates.
Melissa Ross is a Senior Marketing Manager, vCloud Air Network Program, at VMware. Guest blogs such as this one are published monthly and are part of MSPmentor’s annual platinum sponsorship.