European Union Concerned With Cloud Deployments Storing Sensitive Data Offshore

3 minute read
J. Angelo Racoma avatar

Cloud computing is not only a technical and business concern, but also a legal and regulatory issue given the fact that users are essentially handing over the management or storage of their content and data to third-party service providers. In some jurisdictions, it is unlawful to store sensitive data offshore, hence reducing the viability of running cloud deployments. A recent study commissioned by the European Union warns that public clouds might not be suitable for government use, given certain restrictions.

A study published by the European Network and Information Security Agency (ENISA) entitled Security & Resilience in Governmental Clouds has warned EU government agencies to avoid running public cloud deployments that involve sensitive data. This is due to legislation in some EU member states that restrict certain types of information from leaving national borders. In the case of public cloud deployments, the ENISA says storing sensitive data on public clouds will effectively violate these restrictions, particularly if the data centers are physically located in other countries.

An example of such a legal restriction is included in the UK's Data Protection Act, which is based on the EU's Data Protection Directive. The directive is currently being amended to include provisions for exchanging data across national borders.

Addressing Legal Restrictions on Data Storage

The ENISA does not speak against cloud computing as a whole, however. The agency says that private cloud deployments are the most viable means for government agencies to get into cloud computing, as these "offer the highest level of governance, control and visibility." Such an example is the UK's own G-Cloud proposal, which involves a private cloud deployment in the government's own data centers.

Some enterprise solution providers, meanwhile, are addressing this need by undertaking expansion into the concerned jurisdictions. Rackspace (news, site), for instance, has recently announced an expansion of its cloud infrastructure into Europe. Rackspace's aim is to provide a local cloud infrastructure, which can mitigate concerns against storing sensitive information in offshore premises.

Learning Opportunities

Rackspace CEO Lanham Napier says the move addresses the demand for cloud services in the region, amid strict regulations on information storage. "Our UK offering allows companies to avoid offshore data issues and weighty upfront capital investments which helps them become more strategically agile from a business perspective," he says.

Other Cloud Related Concerns in Europe

Meanwhile, the ENISA also gives other observations and recommendations in its white paper. The document includes recommendations in improving the accountability of those responsible for managing information in their respective member states.

The paper cites responsibility and accountability over data and IT resources as key factors in ensuring proper compliance with regulations. The ENISA also cites poor quality of Internet connectivity in some EU member states as a possible difficulty.

On the whole, the ENISA paper recommends that member governments review the role that cloud computing will play in their respective governments, given the advantages. For one, the CEBR has estimated that cloud computing activities in the EU will amount to 763 billion Euros over the next five years. The paper even goes as far as suggesting the formation of a European Governmental cloud could be a virtual space that will follow a shared set of regulations across state lines.