Don't let the FBI steal your server

blog Fledgling Australian cloud computing startup Ninefold has so far played relatively nice when it comes to the jurisdictional debate about where data should be stored, politely making its way amongst the likes of Amazon, Microsoft, Google to cut a long story short on. Nevertheless yesterday the company took the gloves off, following a high-profile incident in the US which saw the FBI seize a number of servers at the US-based datacentre operated by DigitalOne.

Now, frankly, Crossfield’s right. If your data is sensitive, it makes a lot of sense to host it in your own local jurisdiction where you can exercise greater control over it, and obviously the whole existence of a company like Ninefold is predicated on that idea. We’d like to see the global cloud computing players pay more attention to the needs of Australian companies; setting up local infrastructure to support local clients.

However, clearly, that doesn’t mean it’s easy or often even practical to stop using global cloud computing services in general. Ninefold is anyway you look at it pushing its own messgae, and the arguments around a number of integrated software stacks — just as the ones provided by Google, Salesforce.com and increasingly, Microsoft, means that the global cloud is for all that going to attract interest, no matter how many servers are seized in the US. That’s life.

Yes, Aussie bandwidth is more expensive, but at the time if they open data centres here and want to plug it into the internet, they’ll as well have to incorporate that into their pricing model like everyone else does. Clearly, being bigger, they may absorb the cost differently, can afford to loss-lead etc. However apples for apples, Aussie bandwidth just costs more no matter who you are.

‘problem with local companies’ even though

Wouldn’t describe that as a ‘problem with local companies’ even though. Not everyone wants to go with the big monopoly brand for openers. If not you’re suggesting any clothing store that isn’t Myer is a problem because they’re not a department store when in reality they all do just fine as smaller businesses with happy clients.

But these are different issues. Comparing data centres based on their likelihood of being able to protect your data, US-headquartered businesses are at higher risk than local ones and that’s from the mouth of MS.

in a cloud dc it is probably a lot harder to carry away the server as more often than not there is not a single asset like a traditional rack server. ie big bunch of blades referring to networked storage like as not spread over multiple locations. Fbi etc would have to take the lot!

So, regardless of what research can and can’t do and how cloud and virtualisation work, you will be breaching Australian law by not ensuring your data is in a jurisdiction which protects the privacy of Australian citizens data.

If you collects and stores any personal data on Australian citizens you are the defined record keeper of that data and will be liable for ensuring compliance with Australian laws and regulations. This includes company directors.

Any regulated entity and businesses using or storing personal or business sensitive data should exercise particular caution. For instance, the Australian Prudential Regulatory Authority which oversees the domestic financial services sector, has stated that financial services companies that wish to transfer data offshore must first notify APRA and demonstrate to the regulator that appropriate risk management procedures are in place to protect the data. The company must as well secure guarantees in its contract with the data hosting company that APRA will have access to that company to conduct site visits if required.