The issue of data sovereignty (the question of which country’s laws govern your data) has been around as long as digital information has been mobile. But the debate reached fever pitch in June 2013, when Edward Snowden, a former U.S. National Security Agency (NSA) contractor, released the first of a trove of classified documents revealing that the NSA had been collecting, mining, analyzing, and storing the phone calls, emails, and other digital information of U.S. citizens and foreigners.
The documents Snowden leaked revealed, in part, that a secret U.S. Foreign Intelligence Surveillance Court required Verizon, AT&T, Sprint, and presumably others to provide the FBI and NSA the metadata from millions of phone calls. It was also revealed that the NSA had collected more than 250 million email inbox views and contact lists a year from online services like Yahoo, Gmail, and Facebook.
“The leaking of classified documents detailing the data collection activities of the NSA reignited some long-standing concerns about the vulnerability of enterprise data stored in the cloud,” explains Jaikumar Vijayan in a December 2013 article in Computerworld. In particular, says Richard Stiennon, principal at consulting firm IT-Harvest, “The leaks hammered home just how little control companies have over data stored in the cloud. There is a fundamental shift to a zero-trust model in the cloud.”
To help enterprise executives understand and address those vulnerabilities, IO has just released a whitepaper, C-Suite Primer on Data Sovereignty & Data Custody: What You Need to Know. Download it now.
In November 2013, Swiss telecom Swisscom revealed plans to create a cloud service that would store data within Switzerland where privacy regulations are very strict. The “Swiss Cloud,” Reuters reported, “could loosen the grip of U.S. technology giants and attract foreign companies looking for a way to shield sensitive data from the prying eyes of foreign intelligence services.”
In December 2013, a bipartisan group of House members – the Congressional High Tech Caucus – sent a letter to U.S. Trade Representative Michael Froman arguing that trade agreements should protect companies that use cloud-based technologies and need to move data across borders. As an article in The Hill describes it: “The caucus’ letter to Froman pointed to specific countries considering trade policies that could hinder the growth of American tech companies, including Brazil, Canada, Germany, and the European Union.”
Beyond the politics, global enterprises have changed behavior in response to the Snowden revelations. According to a survey conducted in early 2014 by NTT Communications, 88 percent of global Information and Communications Technology (ICT) decision makers are changing their cloud buying behavior, with 38 percent amending their procurement conditions for cloud providers.
Why are we talking about data sovereignty and data custody now?
While these are not new issues, the rising ubiquity of cloud computing and Edward Snowden’s revelations of U.S. National Security Agency (NSA) data surveillance have brought the conversation about data sovereignty and data custody into the boardroom. Enterprise leaders overwhelmingly understand the importance of location when it comes to storing company data, and many have taken or are planning new action to protect the privacy and security of their data.
Yet the fact remains that data sovereignty and data custody present legitimate challenges for global enterprises. And those challenges are not going away. To learn about how you can deal with those challenges, download a complimentary copy of the just-released C-Suite Primer on Data Sovereignty & Data Custody: What You Need to Knownow.