We all rely on data storage in the modern world and the security of our data has never been as important as it is right now. The way we collect, store and move data has changed so many times in the last few decades that it is fair to assume it will continue to do so. This means that in many ways physical security is taking just as high a priority as data security, and rightly so. Bricks and mortar can be replaced easily and so can PC’s and servers but the data contained within them is not so easy to replace. It is fair to say that whilst most companies understand the need to backup and restore data they do not always know how to achieve this effectively and certainly not to the levels required for enterprise level clients. Where data is concerned the only questions worth asking are to establish where and how your data is being stored and to what level it is being protected.
The assumption for many companies is that if they use a large provider their data will be safer: That’s fair enough isn’t it? Perhaps not, deeper thought needs to be applied to be sure. Have you ever considered where the datacentres for Google, Microsoft and so on are actually located and how many companies work on the assumption that their data is located within their own country? It does need to be pointed out that this is rarely the case when using a major brand like Microsoft or Google, as an example let’s look at the location of Google datacentres. They have three located in Europe and they are in Finland, Belgium and The Republic of Ireland (according to Google’s website http://www.google.com/about/datacenters/inside/locations/index.html ) but they also utilise the services of third party datacentres in other countries too. Without knowing where the data is located exactly you will never be sure that the local laws are even similar to those we rely upon in the UK.
With the increase in SaaS Software as a Service usage from multiple vendors the problem becomes a lot more prevalent within most organisations. Where are the SaaS vendors providing their service from? In a legal dispute would you be able to retrieve your data from them? Which governing law/data protection act (if any!) would apply when the data is stored outside of the sovereign country it is being used within? Would you even retain ownership or be able to retrieve your data if the company providing the service was to fold?
Many people assume that larger technology companies locate their datacentres based on decisions like local and federal laws being stronger or geographic location to MPLS networks which increase connectivity speeds but the fact of the matter is Google, Facebook and Microsoft have all chosen to locate their most recent Mega datacentres in North Carolina, US and not because of any of the reasons above. They were promised a large tax break to set up in North Carolina and that is the sole reason they made their choices so you cannot be sure that a datacentre’s location is a choice made for the benefit of the consumer and not the profit of the companies involved. So now you know that using google for example means that your data is not guaranteed to be stored in the UK, does that change your confidence in the product? Imagine the implications when you start to look at SaaS vendors in the smaller end of the market!
You might think that the EU data protection directive would be just as robust as UK laws but this isn’t the case, the fact of the matter is that so many different jurisdictions have to be catered for that often the legal position involving data protection will default to the local laws instead. This effectively renders the EU directive null and void because it is not mandatory and the enforcement methods are very complicated to apply to any given situation, when choosing a supplier for your customers it would surely always be preferable to have sovereign access to the data and know that should the data protection act be breached or simply not provide the cover that it is supposed to you will always have legal recourse to put a civil case through the UK courts. The UK, France and Germany have recognisably more robust protection laws than anywhere else in the world and these countries are described as having a far more sophisticated approach to the problem than any other nation. This alone should be enough to encourage UK companies to keep their data on home soil. Having your data in a foreign country is problematic for many reasons not least the fact that it is much harder to verify the site and its levels of security which may not meet even the basic standards that we hold dear in the UK.
It has recently been put forward that the US data protection laws are surprisingly lacking in protection and although the Safe Harbor agreement was designed to bridge the gap between the US laws and the European Directive it is not all encompassing. The US safe harbour act is not very strong and is often superseded by the USA Patriot act which allows federal bodies access to anything they want.
This accommodation means the US laws fall short, at least compared to UK standards because even MI5 cannot just inspect your data at their own will without gaining express permission from a legal body. In fact the UK rules laid out in the Security Service Act 1989 and Regulation of Investigatory Powers Act 2000 state that even if there is a clear threat to national security the intelligence and law agencies must still seek a warrant issued by a judge. The whole subject is really a minefield and it will remain so until a truly global mandate is put forward and acted upon, given the inherent problems that the EU directive has suffered it does seem a mammoth task to put something in place on a global scale but a widely agreed framework and some well thought out modernisations to fully (the last major overhaul of the EU directive was between 1998-2000) incorporate cloud services so commonly used by today’s businesses and consumers alike. It must be pointed out that we are not criticising Google or Microsoft or indeed any data storage companies but we do feel strongly that data should be kept locally and if that cannot be achieved then the standards set by the more sophisticated frameworks should be used as a benchmark throughout the world.
VirtualTin Ltd has always insisted on using UK based datacentres and making sure they meet the requirements to class themselves as a tier 3 datacentre which is the only way to be sure of a stable and secure network, plus the physical security aspects that give true peace of mind that your customers data is 100% secure. We are completely transparent when it comes to data storage and customers can request to visit our primary datacentre in Kent. VirtualTin Ltd is fully committed to providing top level datacentre services and we are 100% confident that everything possible has been done to keep our customers data secure. This allows us to sleep well at night and our customers too! If you’d like to be one of our well rested customers or would simply like more information please feel free to get in touch and we will be happy to answer any questions you may have.
