European Union Concerned With Cloud Deployments Storing Sensitive Data Offshore

Cloud computing is not only a technical and business concern, now also a legal and regulatory issue given the fact that users are in substance handing over the management or storage of their content and data to third-party service providers. In some jurisdictions, it is unlawful to store sensitive data offshore, hence reducing the viability of running cloud deployments. A recent study commissioned by the European Union warns that public clouds might not be suitable for government use, given certain restrictions.

Study published

A study published by the European Network and Information Security Agency entitled Security & Resilience in Governmental Clouds has warned EU government agencies to avoid running public cloud deployments that involve sensitive data. This is due to legislation in some EU member states that restrict certain types of information from leaving national borders. In the case of public cloud deployments, the ENISA says storing sensitive data on public clouds will effectively violate these restrictions, particularly if the data centers are physically located in other countries.

The ENISA does not speak against cloud computing in the aggregate, nevertheless. The agency says that private cloud deployments are the most viable means for government agencies to get into cloud computing, as these "offer the highest level of governance, control and visibility." Such an example is the UK's own G-Cloud proposal, which involves a private cloud deployment in the government's own data centers.

Rackspace CEO Lanham Napier says the move addresses the demand for cloud services in the region, amid strict regulations on information storage. "Our UK offering allows companies to avoid offshore data issues and weighty upfront capital investments which helps them become more strategically agile from a business perspective," he says.

The paper cites responsibility

The paper cites responsibility and accountability over data and IT resources as key factors in ensuring proper compliance with regulations. The ENISA as well cites poor quality of Internet connectivity in some EU member states as a possible difficulty.

On the whole, the ENISA paper recommends that member governments review the role that cloud computing will play in their respective governments, given the advantages. For one, the CEBR has estimated that cloud computing activities in the EU will amount to 763 billion Euros over the straightway five years. The paper even goes as far as suggesting the formation of a European Governmental cloud could be a virtual space that will follow a shared set of regulations across state lines.