Jan 2014

Dude, Where’s My Data?

Rick Beecroft

Article by Rick Beecroft in TMI

Almost everyone has heard of cloud computing, and most people have an idea what it is and how it applies to themselves both personally and in business.

In recent months, some obscure terms have become mainstream and some unknown IT administrators have become famous. In May 2013, Eric Snowden, an American computer specialist leaked information that focused world attention on a program operated by the US National Security Agency (NSA) called PRISM. This clandestine program allegedly collects massive amounts of data from “wherever they can”. These Orwellian insights caused a lot of discussions in legal circles, amongst privacy advocates, IT professionals, the general public and customers of cloudbased services. Due to these recent news headlines, security and financial experts alike are placing more scrutiny on their cloud providers. They are looking for detailed answers to some important questions, namely “where is my data?” and “who has my data?”

Where is my data?

For the past decade, customer questions have always surrounded the location of their data. This scrutiny has ramped up and cloud providers are questioned more intensively about location of live data, failover servers, and offsite backups. Questions about this treasury matters topic are standard fare for most speciality cloud providers, since the legalities of who was able to obtain the data were fairly clear.

How did my data get here?

The publication of Snowden’s insights has brought the spotlight on data in transit since one of the revelations was that the NSA was capturing and storing mass amounts of data that passed through certain places. The route that data takes is beyond the control of any hosting company. In fact, using reasonable commercial means, the routes that data takes between locations in two countries is not possible for anyone to control. For example, a packet sent from Vancouver to Frankfurt passes through Montreal, Toronto and London. A packet sent from Vancouver to Paris travels through Seattle, Denver, Chicago and Washington. Users and hosters have no direct connection with the providers in the middle and the routes taken are driven as much by commercial contracts as logic. If you build a VPN tunnel between two points, it may appear to have only a beginning and an end, but it still travels on the same fibres as John in Kalamazoo shopping for a vacation rental in the South of France. Treasurers have known for years that all payment data was being scrutinised. The reality is though that data captured in this manner is unlikely to be used in any legal proceedings of a commercial nature. 

Download PDF