Following the recent Safe Harbour ruling, many companies are now concerned about how they can store their data securely but still make it available to their employees at any location.
Safe Harbour refers to an agreement between the European Union and the United States. First adopted by the European Commission in 2000, it allowed companies to transfer personal data from a European Union country to the US in compliance with the EU Data Protection Directive.
At the start of October last year, the European Court of Justice decided that Safe Harbour did not give data transfers between Europe and the US adequate protection, declaring the agreement void. The doubts surrounding the agreement are due to scepticism towards the US’s Patriot Act, which in certain cases allows the US government to access data saved in the US and monitor it for any potential terrorist threats. For EU and US companies, the Safe Harbour agreement was a ’safety net’ that allowed the transfer of EU data to the US. It allowed any company to issue self-certification that confirmed EU data would be protected if it was transferred to and saved at US data centres.
The invalidation of Safe Harbour raises questions and problems for many companies with regard to backing up and sharing data in the cloud.
There are two possibilities for securely storing and accessing data in a cloud. One option is for the user – either private or corporate – to find a cloud provider whose data centres are operated in Europe. Alternatively, companies have the option of setting up their own private clouds and using them to provide their employees with data, IT resources and applications. The market offers many options for both approaches. Today, offering customers safe data storage and sharing in the cloud is part of the mission of almost every major manufacturer.
Cloud users must work with proven and secure provider
If a company opts to use a public cloud architecture, it requires a suitable and reliable cloud service provider. The highest priority here is to ensure that the provider’s data centre resources are based in Europe or even better, the UK. Users can also inquire as to whether the provider’s internal data backup is located only within these data centres or if copies are made in data centres in other countries.
Service level agreements concerning how and when data is stored and under what conditions it is transferred back should also be key considerations when selecting a cloud data protection services provider. You should also take into account the provider’s level of encryption to prevent any accidental or targeted misuse of data.
Full control in the company’s private cloud
The second option of guaranteeing secure data protection, access and sharing in a cloud architecture is admittedly somewhat more complex, but it gives companies an increased level of control of critical business data and digital information: a private cloud architecture.
While the company will have more resources to manage, a private cloud solution has a comprehensive range of options with regard to the provisioning of services, access rights, selection of applications and device support. That, in turn, gives employees greater flexibility, the tools they need for their job, and the ability to deliver the same user experience as they would get with a public cloud. The safety of data and devices can be guaranteed according to internal standards set by the company.
A private cloud is not affected by the ramifications of Safe Harbour and it allows for the use of a wide range of cloud-based services, rather than applications such as Box or Dropbox, which should probably not be used in view of the changes related to Safe Harbour.
Companies that want to maintain secure clouds and full control of their resources and data should choose a private cloud and the right applications for their employees and IT personnel.
In short: data security in the cloud must be the top priority
A very important conclusion can be drawn from the Safe Harbour debacle. No matter whether a company chooses a public or private cloud, working with proven and compliant vendors that leverage local data centres and are committed to security in the cloud are qualities that should be looked for when choosing a solution.