Seven deadly sins of Data Sovereignty

Data Sovereignty refers to the concept that digital data must comply with the data legislation of the country in which the data is stored. This becomes important when considering migration to the cloud as there is not a universal data regulation applicable to all countries and therefore regulation can vary significantly between countries.  

The cloud offers a variety of benefits for firms in terms of cost savings and efficiency gains and it is therefore unsurprising that the number of businesses migrating to the cloud is increasing year on year. Despite the surge in migration it is important to consider the implications of data sovereignty when deciding which cloud service provider to use.   

A recent study, the UK Cloud Snapshot Survey 2017, conducted by Serviceteam IT aimed to determine whether UK businesses had considered the impact of Brexit on data sovereignty and whether this would lead to the relocation of cloud services back to the UK? The response to this question showed that 63% of businesses that participated in the research felt that there would be a data sovereignty issue as a result of Brexit. This highlights that there is still a significant proportion of businesses that are unaware of the consequences Brexit could have on data sovereignty.  

When interviewed as part of this project, Head of ICT Ben Griffiths from Analysis Mason said:

“anything to do with Brexit is uncertain”.

It is this uncertainty surrounding Brexit that may therefore be the underlying reason for the large proportion of businesses that did not think there would be a subsequent impact on data sovereignty.  

Data sovereignty is something that can have a massive impact on businesses but there is still great uncertainty surrounding this subject. The following therefor highlights 7 key things businesses need to know about data sovereignty: 

1. Data legislation varies between countries

One of the most important things to understand is that there is no blanket legislation that applies to data across all countries. The data protection laws between countries can vary quite substantially. For example, in Russia and Germany the data protection laws are far stricter and require that data concerning the citizens of this country remains within the physical borders of the country. It is therefore important to fully investigate the data privacy laws that apply to the data that you hold.  

2. Data sovereignty is not the same as data safety

Although similar, these two concepts are often confused as referring to the same thing. There is however a difference between these two terms. Data safety is often a priority within firms in order to safeguard the personal information of customers and employees. Data sovereignty on the other hand is regulated on the government level and is a set of laws cloud providers have to abide by. 

3. Data sovereignty cannot be guaranteed by solutions providers

Service providers cannot actually guarantee that data will comply with data legislation. This means that organisations need to ensure that they understand the risks of storing their data in the cloud and have an understanding of their service providers position regarding data sovereignty.

4. Location of cloud service providers

When deciding which cloud service provider to use the location of their data centers may therefore be an important thing to consider. There is a strong possibility that it is possible to choose a cloud service provider that has its data centers located in a location that ensures compliance with the data protection legislation that applies to that specific data. The location of your cloud service provider should therefore be one of the first considerations when deciding whether or not to migrate to the cloud.

5. Ensuring you remain compliant

It is important to have an understanding of the laws not only in the country in which you are based but also in all countries in which your business operates. This helps to ensure that your business remains compliant with all legislation surrounding the data you hold.

6. Is your data compliant with the country it resides in

Is the data you hold compliant with the laws of the jurisdiction of the country you store it? More often than not, this aspect is completely ignored, especially when the data storage is provided by a solutions or cloud provider. For example, there have been a number of Government initiatives to restrict the encryption of data, such as India’s abandoned Plain Text storage law. In France until 1996 you could go to jail for encrypting a file without prior permission.

7. Understating the importance of data sovereignty

You may not feel that data sovereignty is a big issue but that is not the case. Non-compliance with data legislation comes with significant consequences. For example, within the EU if a company is found to not be compliant with the requirements of GDPR this can bring heavy fines for firms that can be up to €20 million. 

Despite the demands of data sovereignty, this is not a reason to prevent migration to the cloud. Read more about data sovereignty.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!


Data Sovereignty: What it is and why it’s Important

Ensure you achieve the best possible data centre or cloud technical, commercial and compliance fit for your business. We have the industry and market knowledge regarding Data Centre and Cloud to help you eliminate what can be a frustrating and time consuming exercise. We monitor data centre capacity, managed services, new data centre builds, costs, availability and cloud suitability.

, , ,

Cloud Security elements every business should consider

Cloud Security has been a serious issue since the concept of the cloud began. The classic example was initially the discomfort of a shift from physically seeing the IT security infrastructure to simply trusting someone else with it virtually. Back in 2012, Serviceteam IT carried out major business process project for an insurance sector organisation. The conversation regarding data being located in the the Cloud was very short. Under no circumstances, no matter how much cheaper or how much more flexible, as cloud security was considered low.

Thankfully both the marketplace, and the organisation in the example above, have moved on and are cautiously adopting the benefits the cloud can offer. Last year the Enterprise Cloud Computing Survey from IDG revealed concerns that cloud security are still significant at 52%. Our own UK Cloud Snapshot Survey reveals 43% of respondents from UK organisations still cite cloud security as being the greatest barrier to cloud adoption. We can take encouragement from the downward trend, perhaps due to both improved cloud security and better end-user understanding.

One way to ensure a full understanding of cloud security, and security in general, is to understand the levels of your infrastructure that require protection. A simplistic multi-level infrastructure model, from the physical level, to the network level, to the applications.

Physical Security

Not so long ago physical security was a significant issue, as data centres were vulnerable and accessible to anyone almost, especially an in-office comms room. Companies recognised this risk, and therefore took the necessary steps to safeguard the physical infrastructure. Cloud has been has been a key player in alleviating physical security concerns. The expansion of the data centre for colocation, to the then centralisation of servers to purchase a ‘slice’ to now deploying applications without having to consider the server.

With almost all cloud providers, physical security concerns almost completely disappear, Partially due to the additional checks and measures carried out at data centre locations. Partially due to the distributed nature of the application, as the data will not only be encrypted on disk, but most probably meaningless as it’s balanced between multiple buckets.

Network Security

The second area to consider is the network, which is of upmost concern to Serviceteam IT. As an industry, cloud and IT professionals have made a great deal of progress in securing operating systems and basic networking.  Almost all organisations have the necessary cyber security tools, firewalls, access control lists and intrusion detection to safeguard against outside attacks to an internal network.

The greater challenge has come with the adoption of an ‘outside’ network, where the end-point is trusted, however, the traversal has been via the Internet. Cloud Connectivity can now take care of the network cloud security concerns, as the links have become both dedicated and secure.

Application Security

As the bottom of the ‘funnel’ has been, and can be, better secured, this has forced potential attackers to target higher up the stack. A common trend is tampering with customised applications, impersonating users or compromising some other user end-point. Whilst application security is a continual challenge, businesses can implement tools such as application monitoring. multi-factor authentication or group policy for additional protection and user verification.

Within the application layer, the emphasis should be on identifying vulnerabilities. Simple house keeping such as log file analysis, patch management, filters, scanners and yes, good old back-up! The digital world can be rather dangerous, therefore, security-aware application design, application security testing, and runtime application self-protection all combined with context-aware and adaptive access controls are needed.

Cloud Security Conclusion

Positioning as “inside” or “outside” security is very much for the past. Along with three digit passwords, open relays and no user-access controls. The simple recognition that perimeter defence is simply not enough. Applications need to be considered more actively in regards to their impact upon security as a whole.

Perhaps in the coming years the number of organisations expressing concerns regarding cloud security will continue to fall. Most probably when organisations are more comfortable with network security and application security is more robust.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , ,

Office 365 and Azure are now delivered from UK data centres

Data security, and the location of your data in UK data centres, is important to you.

Office 365 and Azure are now delivered from UK data centres, a significant milestone, both for Microsoft and for Cloud services in the UK. On the 7th September 2016 Microsoft announced the general availability of Office 365 and Azure from multiple UK data centres.

I’ll confess I found that one of the notable aspects of the press release, which can be read here: Microsoft becomes first global provider to deliver complete cloud from UK data centres was the fact that the word ‘centre’ was spelt correctly. Bear with me on this.

This development, the UK data centres, not the spelling of centre, is that it is demonstrable of Microsoft’s commitment to not only data security and privacy, but also to the UK as a whole, not as a component of Europe or an extension of their global operations. There is obviously no need for me to quote the press release verbatim.

You can read more about data security and privacy here, or download our brochure for Office 365. Microsoft have consistently shown their commitment to data security, who knows, spelling might be an indication to commitment to the UK? Google and Amazon Web Services have yet to deliver on their promised UK data centres.

If data security and the location of your data in UK data centres are important to you, and you’d like to know how you can benefit feel free to drop us a line on 0121 468 0101.

, , , , ,

Microsoft Azure achieves ISO Certification for Cloud Security

Microsoft Azure has taken a major step ahead of its rival cloud platforms with its continued commitment to security in the form of ISO 27017 cloud security certification.

Achieving compliance with the ISO27017 cloud security certificate dictated that Microsoft had to adhere to 44 different cloud risk and threat model controls. With these additional security credentials, Azure appeals to those enterprises and businesses with stringent data requirements. Alice Rison, Senior Director for Microsoft Azure adds that this is of particular interest to those in financial services, healthcare, life sciences, media and entertainment, and worldwide public sector. If your organisation is looking to establish credibility in security, then there’s no better way than to achieve compliance with ISO standards.

Furthermore, Microsoft has also taken this opportunity to update its privacy policy for enterprise products including Office 365, Azure, and Dynamics CRM. Most notably, Microsoft has agreed to not use any customer data it collects, to derive information from it for commercial purposes such as advertising. You can check if the changes affect you here.

Serviceteam IT consults with a number of organisations in a variety of sectors, many of whom have justifiable concerns about cloud security, especially for handling important data. It’s for this reason that we recommend and offer Azure as a secure and dynamic could services solution. To find out why we’ve recommended associated Microsoft cloud productivity products in the past; such as SharePoint or Office365, click here.

If data security to important to you, and you’d like to know how you can benefit feel free to drop us a line on 0121 468 0101.