Where is your data located once you put it in the cloud? | Skillsoft’s Global Knowledge Skip to main Content
Article

Where is your data located once you put it in the cloud?

Global Knowledge
  • Date: 18 November, 2019

Where is your data located once it's 'in the cloud'? What are cloud providers allowed to do with your data? In this article Global Knowledge explains you why it's important to think about the answer to these questions before you migrate to the cloud.

What happens when data that is saved in the cloud leaks? Is your cloud provider allowed to use your data once you store it in their data centers?

These are things you need to think about before you migrate to the cloud. For example: this spring Dutch newspaper Algemeen Dagblad found out that data of hundreds of Dutch patients had been moved to Google Cloud, without asking for their permission. The customer data had been moved to the cloud for research purposes, according to the article.

Of course hospitals aren't allowed to just share their customer's data without their permission. But if that happens, where is that patient data located exactly? And who is responsible for protecting it?

On the hard drive

Before the cloud, data was saved on the hard disk. You always knew where this hard disk was located - either it was present at your office, or in the basement, sometimes the back-up would be located in the shed of your company CEO.

The age of cloud has changed everything. If you store your data in Microsoft's Azure cloud, you have no idea where it's located exactly? Microsoft can decide to even store your data in the Middle-East, and the rules are different in the Middle-East than they are in Belgium. What does that mean for the safety of the personal information your organization is storing? And Microsoft is hosting your data - are they allowed to use it?

The location of your data

Are you ready to move to the cloud? This means your data will be stored with your provider in one of her data centers. If you don't come to a clear agreement before your migration, your provider decides where he's going to put your data. The consequences can be pretty bad.

How do you make sure your cloud provider honors your customers' privacy as much as you do? In Belgium we work with the General Data Protection Regulation (GDPR), but those rules don't apply outside of Europe. Russia, The US and China - they all have their own rules when it comes down to data protection. And if your data is located in one of these countries, European rules won't apply.

Patriot act

The United States uses The Patriot Act. With the Patriot Act, the American government can obligate cloud providers to share their data. The Patriot Act only applies to data that is stored within the United States.

Last year however, the American government decided to implement the CLOUD-act. The Cloud-act allows American intelligence services to collect data about someone, no matter where this person is located or where his data is located. That means American intelligence can ask American cloud providers for data, even if their data centers aren't located in The United States. It doesn't matter if your data is located in Amsterdam or Atlanta - your agreement with your provider about your data doesn't mean anything if the American government wants access to your data.

What can you do?

In a processing agreement you can come to terms on where you want your data to be stored, but a provider doesn't have to agree with this agreement. In certain cases - with an American provider for example - it doesn't even matter where you store your data and which rules you agree on, because the government can access your data regardless.

If you are in charge of sensitive information and you want to keep the government out, you can decide to take on a different provider. Or you can decide to put some of your data with an American provider and some of it with a small European vendor. The possibilities are endless, but it's better to think about these things in advance. 

Who can access my data?

Once you sign an agreement with your provider, the first step is done. But after this part is finished, it's important to agree on what your cloud provider is allowed to do with your organizations data. If you don't want your provider to use the data for marketing, that might be something you need to put in your contract. Because if your provider uses the data without your permission for marketing for example, you're responsible.

Rather be safe than sorry? Use encryption. Encrypted data can only be accessed to someone who has an encryption key too - but be aware, this solution isn't a 100 percent waterproof either. During the implementation bugs can occur and problems can play up when protocols that don't match are paired together. Great advice of the writer of this article: make sure you know what you want to protect before you start with encryption. 

Need more information?

Explore the possibilities of cloud during the Cloud Computing Essentials training course. If you book the course at Global Knowledge, the exam is already included.

 

CHECK OUT THE COURSE
Browse Related Topics:

Global Knowledge

Related Articles
12 Aug 2019 Article

Firstly, there’s a new version of AWS Security Fundamentals. The second edition of this self-paced introductory digital course features updated, strea...Read More

11 Jul 2019 Article

Another significant development sees the launch of Amazon MSK, to help developers build and run highly available, secure and scalable applications.

03 Jul 2018 Article

When you work in ICT, you will undoubtedly have thought about whether you will bring the IT environment of your organization, partially or partially, ...Read More

We Care About Your Privacy

We are using cookies to give you the best experience on our site. Cookies are files stored in your browser and are used by most websites to help personalise your web experience. By continuing to use our website without changing the settings, you are agreeing to our use of cookies.

About your Privacy

We process your data for purposes such as delivering content or advertisements and measuring the delivery of such content or advertisements to extract insights about our website. We may share this information with our partners. Cookies set by Global Knowledge are labelled “first party”; you may exercise your preferences in relation to first party cookies by toggling the switch for each first party cookie category below. The remaining cookies are third party cookies; you may exercise your preferences in relation to each purpose by toggling the relevant switch below or by vendor by clicking “List of IAB Vendors.” These choices will be signaled globally to other websites participating in the Transparency and Consent Framework.
Privacy Statement

Necessary Cookies

These are cookies that are required for the Global Knowledge website to function and cannot be switched off in our systems. They include, for example, cookies that enable you to use a shopping cart or log into the booking area of our website.

Analytics Cookies

Analytics cookies are an optional but important part of our website's functionality. They help us to understand how you interact with our site by collecting and reporting information anonymously. The data collected by analytics cookies is used to improve the website's performance and enhance the user experience. It is important to note that these cookies do not collect any personal information that can be used to identify you.

Preferences Cookies

These are optional and you can turn them off and on. Please only use 2 to 3 lines of text here and if needed link to a page with more cookie info in Intro.

Performance Cookies

These cookies allow us to recognise and count the number of visitors to our website, traffic sources and to see how website visitors move around the website when they are using it. This helps us to improve the way the website works and improve your website experience. All information these cookies collect is aggregated and therefore anonymous.

Cookie Control toggle icon