IT analysts have welcomed Microsoft’s decision to deliver Office 365 and Dynamics customer relationship management (CRM) in two Australian data centres from 2015, saying it will alleviate fears about data sovereignty in the cloud.
Global systems integrator, Dimension Data, is expanding its presence in Canberra with the launch of managed cloud services exclusively for Federal government agencies.
Telstra has touted data sovereignty as a major benefit of an announced cloud environment custom-built for government.
True utility computing – where virtual machines are moved between competing service providers without an organisation's knowledge – is coming soon, according to Vic Winkler, CTO at data security provider Covata.
Google hopes to ease lingering Australian concerns about data sovereignty as it makes a fresh play to get organisations to adopt its Drive cloud storage service, according to Kevin Ackhurst, managing director of Google Enterprise in Australia.
One of the remaining key issues Cloud users need to consider relates to the notion of being locked-in to certain applications or systems — and if a user wants to transfer data or applications from the Cloud, whether the data is portable between service providers. In these circumstances, a user will need to consider its requirements to access data some years into the future for a plethora of regulatory reasons.
Proper due diligence focuses on identifying the players in the Cloud relationship. That is, who is actually involved in providing the services and are they the same entity (or entities) that are processing or storing data? In the case of aggregators, for example, a Cloud user could be dealing with a single entity which itself is provided services by various third parties.
Unlike a fixed server in your office or at a data centre in Australia, data in the Cloud can potentially be located anywhere in the world — even in multiple data centres in multiple copies worldwide. A Cloud service provider may not even know where the data resides at any one time. The Cloud may not be tied to any particular location but this is clearly not the case with the laws of each country. Any ‘global’ technology solution will be impacted by the laws of a large number of nation states. As a result, sending and processing data around the globe could, in the process, fail to comply with data protection and privacy laws in various countries.
The Cloud can be cheaper, more flexible, easier to manage and efficient. But users and providers of Cloud services have to weigh these advantages against the risks or perceived risks — such as regulatory compliance, security, performance, availability of service, and liabilities and remedies under the governing contracts.
While the US Patriot Act may make many headlines for the legal authority it bestows on US agencies to access data held in foreign countries, Australian companies need to be aware of similar legislation in both the US and Australia, according to security industry experts. Forrester senior analyst, Michael Barnes, said Australian companies were right to be wary of placing their data in the cloud as it could be accessed by US authorities using the Patriot Act. Read more.