The adoption of the cloud necessarily raises the issue of data protection. Increasingly, countries are adopting specific legislation that aims to regulate the governance and data protection of their citizens and their government agencies to which companies operating on their territory must comply.
The most important thing to remember with cloud services is that the company will be held accountable for any data privacy issues of the cloud service provider it signed on with.
In other words, you remain the owner and the person responsible for that data even though you no longer have control over it.
Given that there is no transfer of legal responsibility from you to the cloud provider with regards to data, a long list of questions follows: how does the cloud provider separate your data from other clients’ data? Where is it stored (under which jurisdiction)? How strong is encryption? How does it get moved to the cloud provider? Where are located your backups? How secure is data transfer?… This is only a very small sample of that checklist.
A local presence by a cloud provider doesn’t mean your data is entirely local. Often your backups are sent offshore in another country governed by different laws and in some cases this goes against the legislation to which your company must comply.
In short, cloud technology is much less about technology than it is about legal compliance, SLAs and contract management. Of course, there is still obviously a strong technology component to it. At ESI, we can help companies navigate through this to set their cloud strategy in motion in full understanding of what is at stake, since it all comes down to a question of risk management: what to move into a public cloud, what to keep in a private one.