Data sovereignty is back on the agenda

This is a problem for CIOs.

Growing numbers of CIOs and IT organisations are turning to the cloud to help them gain a competitive edge for the business, cut costs, and do more with less.  Nearly three quarters of the UK CIOs we surveyed in May this year agreed they were using the cloud in some capacity within their infrastructure.  One of the key benefits of doing so, the study found, was enabling truly ubiquitous access to business applications on data – anywhere, and on any device.  This is indeed the cloud’s biggest advantage over in-house IT infrastructure – but is it also its greatest weakness, as recent events have demonstrated? 

Revelations about the US government’s PRISM surveillance programme by the whistle-blower Edward Snowden, have prompted many organisations to rethink their investments in cloud.  Among the allegations Snowden made were claims that US-based technology firms colluded with the government to provide on-demand access to data held on their systems.  Many providers have subsequently denied the allegations, but the damage has been done.  All of a sudden, data sovereignty – the physical location where data is stored and the kind of organisation that is storing it – now matters to CIOs.  Keeping it in data centres in a country where the authorities could access or monitor it without consent constitutes a significant business risk.  The ability to choose where it resides – and even transfer it from one jurisdiction to another on demand – is now a prime concern.

Policymakers in Europe have lent their voices to this concern.  German Interior Minister Hans-Peter Friedrich has said: “whoever fears their communication is being intercepted in any way should use services that don't go through American servers.”  And the allegations have hit US cloud providers hard – with $21-$35bn predicted losses, according to the Information Technology and Innovation Foundation. Anyone moving information from their immediate control needs to acknowledge a degree of loss of control and reliance on third parties.  However, the consideration of whether you trust your supplier must now include their government.

Yet moving corporate applications and data back into localised clouds – or even back in house altogether – is not the answer either.  Cloud platforms do help firms become more agile, and do help foster technology innovation, even in the most risk-averse organisations.  CIOs need a way to retain those benefits in a way that also protects the organisation, and the data it holds, against being compromised in any way.

Clearly, scrutinising cloud providers’ global network and data centre footprints, including where they are headquartered is a crucial first step.  Arguably as important is the ability to restrict or move data around on demand – to support new branch offices in new countries, for example.  This is highly challenging technically as it requires the entire network, server and storage infrastructure to be virtualised and automated to a large degree.  Delivering such enterprise cloud services to the world without touching any US-located infrastructure at all is even more difficult.  The routing of data travelling through the internet is automated, so there is no way of predicting the fastest path and there are any number of routes which data can take.

So how does this affect "The Cloud"?  Gone are the days where you can visit a data centre and be shown the very server where your information is stored.  However, the cloud’s versatility enables data to be placed wherever the supplier wants to put it, e.g., to restrict it to one country (or several) or one data centre (or several) or even a set of servers within a data centre.  And wherever the data is put, they probably will not give you audit rights to check the implemented security.. Therefore due diligence is as important as ever when choosing a cloud provider and each business moving to the cloud will need to contemplate the following questions:

  • Is your provider headquartered in the US or does it have a US presence?
  • Does your supplier have good security credentials?
  • Can you restrict where your data is located with your supplier’s cloud?
  • Does your supplier allow you to audit them?
  • Does your supplier guarantee data destruction?
  • Is your cloud supplier experienced at handling sensitive industries such as financial institutions?

The cloud’s appeal has mushroomed as CIOs have embraced its promises of increased flexibility and cost control. Whilst the cloud is not a guarantee against covert spying activities or indeed interception of traffic it enables flexibility and a level of security that cultivate businesses cost effective expansion across territories.  It is also a great shame that the national-security regimes in one country are now causing this compelling idea to unravel somewhat.  We hope the PRISM affair turns out to be just a temporary setback to truly mass-market adoption of cloud computing.  For now, however, CIOs must factor data sovereignty into every cloud computing decision.

Photograph: Getty Images

Len Padilla is Vice President Product Strategy, NTT Communications in Europe

Photo: Getty Images
Show Hide image

The Fire Brigades Union reaffiliates to Labour - what does it mean?

Any union rejoining Labour will be welcomed by most in the party - but the impact on the party's internal politics will be smaller than you think.

The Fire Brigades Union (FBU) has voted to reaffiliate to the Labour party, in what is seen as a boost to Jeremy Corbyn. What does it mean for Labour’s internal politics?

Firstly, technically, the FBU has never affliated before as they are notionally part of the civil service - however, following the firefighters' strike in 2004, they decisively broke with Labour.

The main impact will be felt on the floor of Labour party conference. Although the FBU’s membership – at around 38,000 – is too small to have a material effect on the outcome of votes themselves, it will change the tenor of the motions put before party conference.

The FBU’s leadership is not only to the left of most unions in the Trades Union Congress (TUC), it is more inclined to bring motions relating to foreign affairs than other unions with similar politics (it is more internationalist in focus than, say, the PCS, another union that may affiliate due to Corbyn’s leadership). Motions on Israel/Palestine, the nuclear deterrent, and other issues, will find more support from FBU delegates than it has from other affiliated trade unions.

In terms of the balance of power between the affiliated unions themselves, the FBU’s re-entry into Labour politics is unlikely to be much of a gamechanger. Trade union positions, elected by trade union delegates at conference, are unlikely to be moved leftwards by the reaffiliation of the FBU. Unite, the GMB, Unison and Usdaw are all large enough to all-but-guarantee themselves a seat around the NEC. Community, a small centrist union, has already lost its place on the NEC in favour of the bakers’ union, which is more aligned to Tom Watson than Jeremy Corbyn.

Matt Wrack, the FBU’s General Secretary, will be a genuine ally to Corbyn and John McDonnell. Len McCluskey and Dave Prentis were both bounced into endorsing Corbyn by their executives and did so less than wholeheartedly. Tim Roache, the newly-elected General Secretary of the GMB, has publicly supported Corbyn but is seen as a more moderate voice at the TUC. Only Dave Ward of the Communication Workers’ Union, who lent staff and resources to both Corbyn’s campaign team and to the parliamentary staff of Corbyn and McDonnell, is truly on side.

The impact of reaffiliation may be felt more keenly in local parties. The FBU’s membership looks small in real terms compared Unite and Unison have memberships of over a million, while the GMB and Usdaw are around the half-a-million mark, but is much more impressive when you consider that there are just 48,000 firefighters in Britain. This may make them more likely to participate in internal elections than other affiliated trade unionists, just 60,000 of whom voted in the Labour leadership election in 2015. However, it is worth noting that it is statistically unlikely most firefighters are Corbynites - those that are will mostly have already joined themselves. The affiliation, while a morale boost for many in the Labour party, is unlikely to prove as significant to the direction of the party as the outcome of Unison’s general secretary election or the struggle for power at the top of Unite in 2018. 

Stephen Bush is editor of the Staggers, the New Statesman’s political blog.