A small Australian business, wholly serving the Australian marketplace and with a cloud service operating from a datacentre in Australia might find its business details being scrutinised by the FBI.
It boggles the mind, but the US Patriot Act makes that scenario a very real possibility. As reported by ZDNet, from a data sovereignty perspective, it won’t necessarily matter that Amazon is setting up a local datacentre for its cloud services. The US authorities can still access your data because Amazon happens to be an American company.
The same goes for Microsoft, incidentally, and any other American Cloud provider you might want to use (Oracle and Apple would be other high profile cases). So while you might get faster pings for your data from a datacentre close to home, from a security and compliance perspective the issues with jumping on to the cloud are as problematic as ever when dealing with these companies.
Law and regulation with regards to data and the Cloud still has a long way to go to catch up but you get the impression that the American Government will be in no hurry to amend the Patriot Act. So what can local companies do when those big American multinationals, such as Microsoft, try and push their enterprises on to the Cloud?
Even on a personal level, Microsoft likes to think that we’ll all be making use of this ‘personal Cloud’ vision in the future. Not if the American corporations hold the lion’s share of Cloud provider corporations, we won’t.
This uncomfortable balance between the needs of customers, the wishes of Cloud providers to get people on board, and archaic data sovereignty laws brings up many of the same debates we’ve already had ad nauseam – that with some applications it doesn’t really matter if the FBI wants to sniff around – after all who doesn’t have a gmail account these days? And then the hybrid Cloud model is the wise way to go if you don’t want sensitive data falling into the wrong hands (or Homeland Security, which might end up being the wrong hands if you’re planning a trip to the US and some virtual wires get crossed when they conduct a ‘routine’ background check).
So I don’t think the practicalities and concerns of moving data to the Cloud has changed in any significant way with the data sovereignty story that has sprung out of the Amazon Cloud news.
What I do think is that it is becoming far, far too difficult to track who might have access to what data up there in the clouds – both for organisations and as an individual. Perhaps that’s the underlying reason the likes of Anonymous are able to run rampant right now – where once we were fighting with our backs to the wall, now that wall has been taken away and we’re expected to be as secure in an open field.
It’s a deeply depersonalising experience to know that your data is quite literally an open book resource on the other side of the world, and that you have very little control over it – even if you terminate your own or your business’ relationship with your Cloud provider. When you can’t even be sure if your data will remain in Australia when you host your data on a datacentre in Australia, it’s a ludicrous situation. It’s even worse to know the archives and backups remain available to people you haven’t directly authorised after the contract is terminated.
But this issue does have business advantages for competitors. Australian companies and other non-American companies from nations without a paranoid, sorry, ‘Patriot’ Act, suddenly look a lot more attractive. With the likes of NTT Data and Telstra making big moves in the local Cloud space, it’s not like customers will even have to compromise the peace of mind that dealing with a large enterprise can bring.
The American corporations might want to start lobbying for some exceptions for their offshore customers in light of that.