Feeds

Data ownership becomes fuzzy in the cloud

Stand up for your rights

Secure remote control for conventional and virtual desktops

If Facebook has taught us nothing else, it is that people can be cavalier about protecting their data.

The social networking giant has forced consumers to think differently about their data: have I just handed over the rights to the photos of my kids? Am I going to appear on my friends' pages endorsing fashion leggings thanks to a throwaway remark about “legging it” to catch a bus?

In the same way, cloud computing forces companies to re-evaluate what data ownership means.

After all, when it comes to migrating critical company data to the cloud, no one in their right mind would sign a contract that gave away ownership of that data, would they?

Turns out, the question is not so simple to answer. Reg reader “Jerren” gets to the crux of the matter in this comment:

“More important questions to ask are where exactly is my data located in the cloud and how many others share that same storage? Are the backups of that storage segregated or are they mixed together? Why, you ask? Well all it takes is one warrant for all data, tapes and servers for company XYZ which live on the same infrastructure as yours to ruin your whole company. If they are mixed (and most are, again for cost savings) not only did you lose your servers (easy to replace) and the SANs (a little harder to replace, and will take a while), but your backups as well!

“Possession is 9/10 of the law. In the US the hosting provider owns the servers, the storage, and the backups. In many courts they own your data unless a clear agreement is in place. Even so that agreement will not save you from a shutdown in the scenario above.”

In March 2011, the UK’s National Computing Centre published research highlighting data control issues as a serious obstacle to cloud adoption in the UK.

No surrender

Although respondents were keen on the cloud concept, surrendering control of data ranked as their biggest concern. A lack of common security standards and portability of data were also highlighted.

Gary Jensen, lead consultant at Silversands, a Microsoft partner based in Poole, says the problem is that although cloud is increasingly mainstream (defined as a technology one’s parents start to enquire about), it is still immature, especially on the non-technical front.

In the scenario outlined by Jerren, Jensen says it is not at all clear what a company could do to manage or mitigate the risk.

Beware bombs

He describes it as “an absolute legal minefield to which there are no clear answers”, and thinks that in some companies the lawyers could end up in charge of the IT policy.

“If the server is an off-premise private cloud then any data will be completely independent of any other company’s data at the application level,” he says.

“But they could be stored on the same disk subsystem – how the data was seized might define whether or not data from two or more companies was taken.

“There are different implications based on the application or solution itself; how its data is architected, separated and managed; how the storage solution is configured to support it, and at what level a data seize would occur (application export, application database level or storage level); whether the data seize would render the application unusable; what country the data is located in and which jurisdiction applies."

For Conor Callanan, chief executive of UK reseller CoreGB, jurisdiction is the key to solving the problem. He recommends keeping data in the EU.

“In the US, they can walk in and grab the servers

“The EU and the US have very different laws about access to data,” he says. “In the EU, law enforcement has to make a request for data, which the hosting company downloads and hands over to the authorities.

“In the US, they can walk in and grab the servers. Safe Harbor agreements don’t come in to it. Store your data in Canada, Latin America, anywhere you like, but not in the States.”

If a company cannot accept standard liability waivers, or needs forensic examination rights, for example, the requirements could quickly go beyond those a hosting company is prepared or able to accommodate on a public cloud system.

When does it get to a point where it no longer makes sense to move into the cloud?

“In the end, the decision factors for any organisation wanting to go into the cloud will need to include these considerations, and it may well be that it doesn’t make financial, legal or compliancy sense to move away from locally managed infrastructure,” Jensen says.

Moment of truth

The cut-off point for customisation is where the costs approach those of running a private cloud. Once you get there, why switch to a cloud service at all?

A private cloud can be cheaper, simply by virtue of geography. But there are considerations that go beyond cost savings: companies still move from capital expenditure to operational expenditure, and they don’t have the hassle of managing the data centre themselves.

As Callanan says, “People have been doing this for years, they just haven’t called it cloud.” ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.