Post-Snowden, location matters in cloud decisions

Posted on April 2, 2014  /  0 Comments

In our contribution to the 2013 UNCTAD Information Economy Report, we talked about the likely importance of place in cloud services purchasing decisions:

The storage of data in multiple, usually foreign, jurisdictions raises a different set of regulatory issues including data protection and police investigatory powers. The jurisdictional issues are anchored on the location of the firm and the location of the data. In the former instance, wherever the data may be located, the firm may be ordered to ensure that data are subject to the laws applicable to the jurisdiction within which the firm is located. As a corollary, the firm may be required to ensure that the data are located is jurisdictions where the laws are consistent with those of its home jurisdiction. This was not too difficult a problem in the past because the firms that stored or processed data in foreign locations were large entities with capability to enforce the applicable rules through contracts and otherwise. In the context of cloud computing, the smaller firms that will begin to store and process data in foreign jurisdictions are unlikely to have those capabilities. In fact, they may not even know where the data is stored, since multiple servers and dynamic resource allocation to tasks is the norm in cloud computing.

That was written just before the Snowden leaks redefined the landscape. In a recent survey of 1,000 decision makers in the cloud services space, NTT Communications has found that surveillance concerns have changed purchasing criteria:

The study also found that almost a third of those questioned were moving their company’s data to locations where they “know it will be safe”, and 16% said they had delayed or cancelled their contracts with cloud service providers.

Len Padilla, from NTT Communications in Europe, said: “Our findings show that the NSA allegations have hardened ICT decision-makers’ attitudes towards cloud computing, whether it is modifying procurement policies, scrutinising potential suppliers or taking a heightened interest in where their data is stored.”

Full report.

Comments are closed.