Cloud computing is on the rise. But as organizations get their data and work on the cloud, data jurisdiction can be questionable, especially if data centers are offshore. With this in mind, a potential concern with cloud computing is data sovereignty, and Australian states are debating the issue, particularly with regard to storage of sensitive and private citizen data.
Cloud computing is gaining prominence in the enterprise and consumer markets, with big service providers ramping up their offerings (see Microsoft Office 365 launch, for instance). While organizations in general are warming up to cloud computing, some are expressing their concern on where data is physically stored. Australian governmental agencies, for instance, prefer in-state data centers, to ensure they have physical jurisdiction over their data.
In formulating its guidelines for the Australian cloud computing initiative, the Australian Government Information Management Office (AGIMO) notes that various agencies already use their own cloud service in one form or another. Still, a common concern is compliance with data storage requirements.
Physical Jurisdiction: Where is the Data Located?
This concern is being reiterated by HP Enterprise Services Asia Pacific head Alan Bennett, in relation to HP's undertaking the Aussie cloud project. "Some of the state agencies we've spoken to have been open to hosting certain classes of processing out of state, but they really want their data in-state and the ability to process it when they need to," he says.
According to Bennett, agency IT managers want direct and unrestricted access to important data, and these should be physically located within their jurisdictions. This matter becomes particularly sensitive when citizen data is concerned. In particular, government agencies want to ensure the privacy and integrity of personal information, such as health records. They worry that current laws might not give them enough control over the data if these are located outside of state lines or even outside of the country.
Is a Solution in Sight?
Australia is not alone in voicing concerns about data sovereignty. In fact, the European Union is also facing similar concerns with its cloud project, particularly with some member nations restricting certain data from leaving national borders. An example is the UK, whose Data Protection Act prevents sensitive data from being stored offshore. The country's own G-Cloud initiative advocates a private cloud deployment that runs on government data centers.
One suggestion that might help meet state jurisdiction standards is to maintain multiple copies of data, which some members of the European Union are advocating in their own effort to build a union-wide cloud. While this will not address the restriction against data leaving one's borders, it will ensure redundancy, and organizations are assured of jurisdiction in the physical sense. For now, this might be the best solution, and HP says cloud providers should be ready to provision for data center presence in each state.
For now, HP is rolling out the government cloud in phases, the first of which is a SharePoint SaaS and other IaaS solutions hosted from within HP's Global Switch facility in Sydney. The company's West Sydney data center is being constructed, and will be ready by November this year.