Skyscape Cloud Services has released a white paper that looks to address the issues of data location and security.
Skyscape state that while fewer breaches happen on cloud platforms, when they do – they make the news.
One of the big concerns for the company is data which is stored offshore, with either US or overseas cloud providers. These providers could be subject to surveillance by foreign authorities and forced to hand over data without knowledge or consent, argue Skyscape.
The example used to back up these claims is that between January and June 2014, Microsoft reveieved more than 34,000 law enforcement requests from 68 different countries. These requests related to more than 58,000 accounts.
Microsoft released some data in more than 75% of the requests.
Simon Hansford, CEO of Skyscape, said: "In a post-Snowden world, organisations need to go to incredible lengths to keep their data safe and private."
"A UK public sector organisation should think twice before they choose an overseas cloud service provider to process and store precious citizen and government data, or they run the risk of that data being subject to foreign surveillance or passed to foreign governments, not to mention the risk of breaching the UK Data Protection Act."
"After all, what would the British public think if they knew their data could be released to other countries without their knowledge?"
"There’s a growing trend to keep data sovereign. Indeed, our own research found that over 80% of the peers and almost 100% of the MPs we surveyed agreed that the UK provides adequate protection for processing public sector data, while the majority viewed off shoring as the greatest obstacle to cloud adoption."
"For organisations, specifically those in the public sector, choosing a cloud provider that’s UK-based ensures that sensitive citizen data is safe from foreign governments’ prying eyes."
Skyscape has 5 key points that organisations should be aware of when they are considering implementing a cloud service.
If you breach the UK Data Protection Act then this will lead to big fines and so it is important to know where the data is being processed and stored.
It is the responsibility of your organisation to validate the cloud supplies statements about security and understanding data jurisdiction.
It is also important to understand if it is UK or US law which prevails, Safe Harbour doesn’t exempt US companies from US law.
Organisations need to be aware that data disclosure is a global issue and that your data could be subject to foreign surveillance.
As Hansford said, data sovereignty is a growing trend and it is likely to continue to grow, at least in the opinion of parliamentarians. The majority want to see UK public sector data being processed in the UK.