Many businesses are wedded to on-premise hardware. But the unstoppable rise of data centres and cloud-based services is about more than just cost. For sensitive data, the security, flexibility and availability of the cloud is very compelling.
Data sovereignty has long been an issue for multinational corporations and financial services firms. Servers, the applications they run and the data they process are all governed by the laws of the jurisdiction in which they’re physically located. Even the location of the end user will affect how that data or service is regulated.
Even before newer legislation – such as the General Data Protection Regulation (GDPR) – determined how data was secured, any organisation storing and sharing data had to consider their rights and responsibilities according to these local laws.
In Switzerland, for example, some banking-related data cannot be processed outside its geographical borders. And for US-based servers, understanding your data liability means getting to grips with the Patriot Act – which gives the government access to any data it deems relevant to foreign intelligence and terrorism.
GDPR secures a host of rights for EU citizens regarding their data – an issue for all companies operating in or with customers in EU countries. Brexit won’t change very much for UK businesses on this score. GDPR protects EU citizens’ data on any servers – wherever they are located – and the UK Information Commissioner will be adopting GDPR into UK law as part of the Brexit process in any scenario.
Everything changes with cloud
The massive growth of cloud computing changes the picture. Cloud platform providers deploy massive data centres to free organisations from having to run their own servers at all. Fast, universal internet connections make this possible – and the attractions are numerous:
The public cloud market – that is, the capacity that’s available to buy, not including private corporate clouds – has risen in value from $26bn in 2012 to a forecast $533bn by 2026.
For sensitive data, two questions arise. First, is the cloud secure? And second, how can you be sure that when you upload to the cloud, your data is physically located in a jurisdiction where you’re compliant with local laws (and not subject to onerous restrictions)?
Bigger castles, thicker walls
Security is perhaps the most misunderstood aspect of cloud computing. High profile examples of cloud-stored data being hacked are almost always the result of social engineering (getting people to compromise their own data) or lax access controls (weak passwords, for example).
In fact, on every score, cloud providers offer greater security for sensitive data than any on-premise solution. For example, physical access to storage hardware is virtually impossible at a cloud provider’s data centre – where the layers of security are at the level of military installations – while a company’s own server room is unlikely to be guarded 24/7.
A cloud provider can also devote vastly more resources to digital protection – such as firewalls and virus containment – than even a large corporation. They all offer additional enhanced access control capabilities packaged in a way that ensures even organisations without high levels of expertise can secure their data. And they are more intimate with local and global data regulations, offering greater certainty for compliance.
Put it this way: the UK Ministry of Defence spends £4m a year with cloud provider Rackspace to host its server farm. If it’s secure enough for them, it’s secure enough for our virtual data rooms (VDRs) too.
Cloud domiciles
So what about data sovereignty? Although for the user, uploading to the cloud feels like sending files into some notional supra-national entity, obviously it gets stored somewhere. But it’s wrong to assume that a cloud provider simply dumps data into the next available storage medium in its nearest data centre.
Most major cloud providers address any sovereignty requirements by dictating which facilities are used for different customer data. Rackspace, for example, maintains major data centres in the US, South America, the UK, central Europe, Russia, Singapore, Hong Kong, Shanghai and Australia. That means any client requirements around data laws can be managed appropriately.
Access when it’s needed
These are all crucial considerations when businesses are looking to create a reassuring environment for due diligence at pace – whether it’s for raising capital, divesting assets or acquiring a business.
Authorised counterparties from anywhere in the world can get into the process quickly and compliantly, boosting competition in any process. Using a leading cloud provider such as Rackspace means we can focus on delivering the value-add in data room services, not worrying about whether the right people are watching the data or that servers are up.
If Brexit complicates data sovereignty issues for cross-border transactions, it’s not impossible to imagine that where legal and administrative terms for a deal remain fluid, data sovereignty might become an issue. A cloud-based VDR can assure users data is stored in the UK rather than, say, Germany, if new EU regulations restrict data hosting to the country where end clients do business, ensuring compliance whatever the regulatory landscape.
Lorem ipsum dolor sit amet, consectetur adipiscing elit
These Stories on Business
Europe HQ: Aldgate House, 33 Aldgate High Street, London, EC3N 1AH
Tel: +44 (0) 20 7100 9680
Americas HQ: Nomad Tower, 1250 Broadway, New York, NY 10001
Tel: +1 (800) 916-9858
Asia HQ: 33 Lockhart Road, 19/F, Wan Chai, Hong Kong
Tel: +852 3105 8263
Enquiries: enquiries@sterlingvdr.com
Support: support@sterlingvdr.com
