Safe Harbour fails to answer overseas cloud security concerns
March 24, 2011
In the past week I’ve met IBM and Google and asked them about cloud security. Sure, data is mirrored, replicated and always available…
No my question concerns data jurisdiction and the ability for governments to subpoena hosting and cloud providers to provide law and anti-terrorism agencies with customers’ data.
Google UK cites the Safe Harbour agreement that exists between the UK and US, that allows UK data to be stored in the US. But who’s stopping the US Department of Homeland Security from taking that data under the Patriot Act.
Oh that will never happen. Really? As likely as Egypt, which was set to become a major offshore destination for IT services, restricting and freezing internet access.
The Indian government is demanding Research In Motion give it unencrypted access to the Blackberry service. Oh and why did Amazon kick off WikiLeaks?
The argument put forward by the regulators is that you have nothing to fear if you have nothing to hide.
I expect most buy and sell-side organisations are prepared to comply if they are asked to provide data. But who would be prepared to give governments Carte blanche to snoop on their customers without their knowledge?
Heavy handed legislation will only lead to opportunities for start-ups to establish operations in data havens. There is a massive opportunity for home-grown IT firms to develop onshore cloud and IT services, which limits the jurisdiction of foreign powers.