Cloud-based-data-storagCloud-based data storage systems now make handling vast amounts of data fast and easy. However, a hidden threat lurks within this expanded storage capacity. Most managers and executives are not yet aware they need to ask vendors to define where, as well as how, their company’s data is being stored. In the United States and other countries, governments increasingly assign total legal responsibility for data control and security to the company generating that data. If you don’t understand how and where your data is being stored, your company can face potential far-reaching legal and profitability consequences.

Locating Your Data

This task presents a challenge for most companies. Cloud-based storage providers typically do not freely divulge this information. Many will not do so even under pressure, citing factors like compromised data security or inability to identify an exact storage location across their cloud system. The truth is that vendors find lower foreign data storage and processing costs attractive to their bottom line. Giving clients this information can impact the vendor’s profitability. A recent Icomm Technologies report indicates that an estimated 70 percent of storage providers refuse to divulge the location of their customers’ data. For this reason, locating your data may require changing vendors or executing a new contract with your current vendor.

Three Essential Data Location Questions

These three questions must be asked whether you are trying to locate your data with a current vendor or you are selecting a new data storage vendor.

  • Question #1: Will our company’s data be stored within the United States?
  • Question #2: If not, will our company’s data be stored within the European Economic Area? (The EEA includes all 27 European Union member states and Norway, Iceland and Liechtenstein. All EEA members agree to be governed by European Union legislation.)
  • Question #3: If the answers to both Question #1 and #2 are no, where is our company’s data being stored?

Understanding Jurisdiction

Just pinpointing your data’s storage location is not sufficient. Whether your data is being stored within the United States, in the EEA or elsewhere, it is also critical to identify which government(s) have jurisdiction over your data. This is important not just when legal matters arise, but at all times. Some countries routinely allow screening, decrypting or even sharing of incoming data for purposes of national security. Other countries expect foreign entities using their cloud storage space to comply with their data security policies even if no business is contracted within their borders. Still other countries allow any government entity or agency to monitor or extract incoming data for any purpose deemed necessary. If issues arise, your company and not your data storage vendor will be liable for compliance with any governing jurisdiction.

Securing Your Data

If you discover that the only way to pinpoint your data storage location is to switch vendors, you want to choose a new vendor based on where your data will be stored. The ideal solution is to have your data stored only in places where your company actually does business. For instance, if you do business in the United States, your data would be stored only in cloud servers hosted by the United States. Respected vendors are often more amenable to these types of specialized vendor contracts because they have more data storage flexibility to meet customized client needs. As well, their customizable security solutions are able to combine a variety of storage options using physical and virtual servers to help clients sidestep complex jurisdiction issues.

Collaboration Is Key

Collaboration between risk management, IT and legal departments is the best solution to ensure both complete legal compliance and full data protection across your company’s cloud-based storage systems. Risk management identifies and documents all possible threats. IT addresses those threats with customized data security solutions and also identifies all data storage locations. Legal identifies governing laws and jurisdictions in those data storage locations and educates IT staff about compliance. By leveraging the roles of key staff in all three departments, you ensure your company’s data stays safe and secure. At a minimum, also conduct an annual review of data storage locations with your vendor contact so you always know exactly where your data is.

About the author: Rama Shriharidan did his first IT internship at the company he still works with today: Trend Micro. His specialization is in providing customized cloud-based data service solutions for the company’s larger clients.