Data sovereignty is back on the agenda

This is a problem for CIOs.

Growing numbers of CIOs and IT organisations are turning to the cloud to help them gain a competitive edge for the business, cut costs, and do more with less.  Nearly three quarters of the UK CIOs we surveyed in May this year agreed they were using the cloud in some capacity within their infrastructure.  One of the key benefits of doing so, the study found, was enabling truly ubiquitous access to business applications on data – anywhere, and on any device.  This is indeed the cloud’s biggest advantage over in-house IT infrastructure – but is it also its greatest weakness, as recent events have demonstrated? 

Revelations about the US government’s PRISM surveillance programme by the whistle-blower Edward Snowden, have prompted many organisations to rethink their investments in cloud.  Among the allegations Snowden made were claims that US-based technology firms colluded with the government to provide on-demand access to data held on their systems.  Many providers have subsequently denied the allegations, but the damage has been done.  All of a sudden, data sovereignty – the physical location where data is stored and the kind of organisation that is storing it – now matters to CIOs.  Keeping it in data centres in a country where the authorities could access or monitor it without consent constitutes a significant business risk.  The ability to choose where it resides – and even transfer it from one jurisdiction to another on demand – is now a prime concern.

Policymakers in Europe have lent their voices to this concern.  German Interior Minister Hans-Peter Friedrich has said: “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.”  And the allegations have hit US cloud providers hard – with $21-$35bn predicted losses, according to the Information Technology and Innovation Foundation. Anyone moving information from their immediate control needs to acknowledge a degree of loss of control and reliance on third parties.  However, the consideration of whether you trust your supplier must now include their government.

Yet moving corporate applications and data back into localised clouds – or even back in house altogether – is not the answer either.  Cloud platforms do help firms become more agile, and do help foster technology innovation, even in the most risk-averse organisations.  CIOs need a way to retain those benefits in a way that also protects the organisation, and the data it holds, against being compromised in any way.

Clearly, scrutinising cloud providers’ global network and data centre footprints, including where they are headquartered is a crucial first step.  Arguably as important is the ability to restrict or move data around on demand – to support new branch offices in new countries, for example.  This is highly challenging technically as it requires the entire network, server and storage infrastructure to be virtualised and automated to a large degree.  Delivering such enterprise cloud services to the world without touching any US-located infrastructure at all is even more difficult.  The routing of data travelling through the internet is automated, so there is no way of predicting the fastest path and there are any number of routes which data can take.

So how does this affect "The Cloud"?  Gone are the days where you can visit a data centre and be shown the very server where your information is stored.  However, the cloud’s versatility enables data to be placed wherever the supplier wants to put it, e.g., to restrict it to one country (or several) or one data centre (or several) or even a set of servers within a data centre.  And wherever the data is put, they probably will not give you audit rights to check the implemented security.. Therefore due diligence is as important as ever when choosing a cloud provider and each business moving to the cloud will need to contemplate the following questions:

  • Is your provider headquartered in the US or does it have a US presence?
  • Does your supplier have good security credentials?
  • Can you restrict where your data is located with your supplier’s cloud?
  • Does your supplier allow you to audit them?
  • Does your supplier guarantee data destruction?
  • Is your cloud supplier experienced at handling sensitive industries such as financial institutions?

The cloud’s appeal has mushroomed as CIOs have embraced its promises of increased flexibility and cost control. Whilst the cloud is not a guarantee against covert spying activities or indeed interception of traffic it enables flexibility and a level of security that cultivate businesses cost effective expansion across territories.  It is also a great shame that the national-security regimes in one country are now causing this compelling idea to unravel somewhat.  We hope the PRISM affair turns out to be just a temporary setback to truly mass-market adoption of cloud computing.  For now, however, CIOs must factor data sovereignty into every cloud computing decision.

Photograph: Getty Images

Len Padilla is Vice President Product Strategy, NTT Communications in Europe

Photo: Getty
Show Hide image

The rise of the green mayor – Sadiq Khan and the politics of clean energy

At an event at Tate Modern, Sadiq Khan pledged to clean up London's act.

On Thursday night, deep in the bowls of Tate Modern’s turbine hall, London Mayor Sadiq Khan renewed his promise to make the capital a world leader in clean energy and air. Yet his focus was as much on people as power plants – in particular, the need for local authorities to lead where central governments will not.

Khan was there to introduce the screening of a new documentary, From the Ashes, about the demise of the American coal industry. As he noted, Britain continues to battle against the legacy of fossil fuels: “In London today we burn very little coal but we are facing new air pollution challenges brought about for different reasons." 

At a time when the world's leaders are struggling to keep international agreements on climate change afloat, what can mayors do? Khan has pledged to buy only hybrid and zero-emissions buses from next year, and is working towards London becoming a zero carbon city.

Khan has, of course, also gained heroic status for being a bête noire of climate-change-denier-in-chief Donald Trump. On the US president's withdrawal from the Paris Agreement, Khan quipped: “If only he had withdrawn from Twitter.” He had more favourable things to say about the former mayor of New York and climate change activist Michael Bloomberg, who Khan said hailed from “the second greatest city in the world.”

Yet behind his humour was a serious point. Local authorities are having to pick up where both countries' central governments are leaving a void – in improving our air and supporting renewable technology and jobs. Most concerning of all, perhaps, is the way that interest groups representing business are slashing away at the regulations which protect public health, and claiming it as a virtue.

In the UK, documents leaked to Greenpeace’s energy desk show that a government-backed initiative considered proposals for reducing EU rules on fire-safety on the very day of the Grenfell Tower fire. The director of this Red Tape Initiative, Nick Tyrone, told the Guardian that these proposals were rejected. Yet government attempts to water down other EU regulations, such as the energy efficiency directive, still stand.

In America, this blame-game is even more highly charged. Republicans have sworn to replace what they describe as Obama’s “war on coal” with a war on regulation. “I am taking historic steps to lift the restrictions on American energy, to reverse government intrusion, and to cancel job-killing regulations,” Trump announced in March. While he has vowed “to promote clean air and clear water,” he has almost simultaneously signed an order to unravel the Clean Water Rule.

This rhetoric is hurting the very people it claims to protect: miners. From the Ashes shows the many ways that the industry harms wider public health, from water contamination, to air pollution. It also makes a strong case that the American coal industry is in terminal decline, regardless of possibile interventions from government or carbon capture.

Charities like Bloomberg can only do so much to pick up the pieces. The foundation, which helped fund the film, now not only helps support job training programs in coal communities after the Trump administration pulled their funding, but in recent weeks it also promised $15m to UN efforts to tackle climate change – again to help cover Trump's withdrawal from Paris Agreement. “I'm a bit worried about how many cards we're going to have to keep adding to the end of the film”, joked Antha Williams, a Bloomberg representative at the screening, with gallows humour.

Hope also lies with local governments and mayors. The publication of the mayor’s own environment strategy is coming “soon”. Speaking in panel discussion after the film, his deputy mayor for environment and energy, Shirley Rodrigues, described the move to a cleaner future as "an inevitable transition".

Confronting the troubled legacies of our fossil fuel past will not be easy. "We have our own experiences here of our coal mining communities being devastated by the closure of their mines," said Khan. But clean air begins with clean politics; maintaining old ways at the price of health is not one any government must pay. 

'From The Ashes' will premiere on National Geograhpic in the United Kingdom at 9pm on Tuesday, June 27th.

India Bourke is an environment writer and editorial assistant at the New Statesman.

0800 7318496