The issue of data sovereignty is starting to drive business decision making with regard to data held in the cloud, according to New Zealand email security and hosting company SMX.
SMX co-founder and chief technology officer, Thom Hooker, said government organisations are particularly sensitive about the sovereignty issue, which is a driver behind SMX's high uptake among government and local government organisations. More than half of New Zealand's local government organisations and around one third of the District Health Boards have now subscribed to SMX's cloud service.
Hooker said data sovereignty is an even more important issue nowadays as businesses begin to move mail servers to the Cloud.
"In the past, when organisations ran their own email servers, business owners, CIOs and IT managers knew where their data was located. In this era of commoditised cloud computing many of the large global players in this space prefer that you don't ask where your data is stored. In SMX's case we've always been very open about deploying email infrastructure in the same jurisdiction that we sell our services."
Hooker said two of the most important questions organisations should asked when selecting a cloud service provider should be: 'Where is my data located?' And 'can I trust my cloud provider?'
"Data sovereignty is currently a hot topic, thanks in part to Edward Snowden exposing the NSA's clandestine electronic surveillance and data mining program, PRISM.
"The ability to deploy our datacentres locally has been one of SMX's strengths since we first started selling email security services in 2005. This decision was driven by the design of our platform which enables SMX to efficiently deploy multiple data centres around the world, all managed from our headquarters in Auckland, New Zealand. Our argument was that if we can keep our customer's data local to them, they and the people they communicate with will have a better user experience.
"In parallel to this we can also satisfy customer concerns around their data falling into the wrong hands and, in some of the jurisdictions SMX deploys in, international data costs are a real concern so reducing cost has also been an argument for customers to use our services. Recently we've seen those design decisions bearing fruit with the revelations about the NSA's spying programs and the ramifications for non-US companies."
Hooker cites a recent article in The Guardian which highlights the lengths Microsoft went to in order to co-operate with the NSA by providing the authority with a way to view encrypted chat sessions on the Outlook.com website. Microsoft gave NSA easy access to its cloud storage service Skydrive, and worked with the NSA to provide access to Skype video calls (Skype audio calls were already available to the NSA).
"Contrast Microsoft's actions with those of Yahoo, who have been subject to the same requests from the NSA as Microsoft," Hooker says. "In Yahoo's case, they decided to fight the NSA's requests. Yahoo has recently won a fight with the US government to unseal a court decision dating from 2008 forcing Yahoo to hand over customer data to the NSA's PRISM program. So not all companies were as happy as Microsoft to assist the NSA's intelligence gathering.
"There are serious privacy issues involved in selecting an off-shore cloud provider; then there are the support issues. Are you as a business owner, CIO or IT manager able to get hold of your cloud provider for support at 3am on a Sunday morning if you need to? Or will you be left on your own to do support for someone else's application?
"By choosing a cloud provider located in your region you can cover off one of the most important questions raised by cloud customers: where is my data stored? You can also minimise the number of opportunities for you to lose access to your data due to network problems, as well as limiting the risk of your data falling into the wrong hands. The trust question is much more complex but anyone considering out-sourcing their IT requirements to the cloud needs to fully trust their provider."