Cloud Machine Manager Blog

Keep it legal – meeting regulations in cloud computing

regulations in cloud computingWhen an organization moves to the cloud, it’s easy to get caught up in all of the possibilities it provides. But it’s important to spare a thought for making sure that your cloud computing activity stays within the bounds of the law – something that is often overlooked.

With various cases of privacy issues cropping up including the Wikileaks case, issues with data privacy on Facebook etc. businesses need to take extra care when deploying their cloud computing activities.

This includes thinking about where servers are located and even taking steps to boost your cloud security.

Data Location

One of the advantages of migrating to the cloud is that servers can be hosted off-site, saving businesses money through reduced maintenance costs.

But the particular location that these servers are located also impacts upon the legality of use of the data contained in these servers i.e. data sharing across particular regions. What you need to remember is that wherever the servers that host your data are located, the laws of that particular country govern your data.

For example, data protection within the European Union (EU) requires that whoever the data belongs to must inform anyone whose data will be hosted on that server, that their data will be hosted overseas.

If we look specifically at the United Kingdom (UK), UK data protection laws apply to companies with data that is hosted on servers in the UK, even if this particular company operates overseas. Under section 5(1)(b) of the Data Protection Act (1998), the storage of any data on servers hosted in the UK must comply with UK laws.

So if you plan to host data on servers located outside of your main area of operations, it’s important to consider the laws of the hosting country, especially if these servers will be processing any sensitive data.

Microsoft vs US authorities

One recent issue concerning access to data on servers concerns Microsoft’s cloud service and their refusal to provide US authorities with emails regarding a criminal investigation from a Hotmail account that is being hosted on a server in Ireland.

Microsoft are arguing that the US has no right to access these emails, as access to these emails should be governed by Irish laws which would deny the US authorities access to these emails.

Although a Judge in New York last year told Microsoft to release the emails to the US authorities, Microsoft have argued that this violates the privacy of US citizens if governments are able to simply access data from servers whenever and wherever they wish.

The point of contention is the Stored Communications Act (1986), which has led to varying arguments over the extent to which the act applies to the application of US law, overseas.

This is an example of how access to data can be complicated by arguments around the interpretation of the law and its applicability to cloud servers.

Data Security

An important issue that you need to think about when meeting cloud regulations is keeping data secure in the cloud. The last thing you need is a breach of the data in your cloud servers and facing the possibility of having to pay out huge sums of money in compensation.

So what can you actually do to reduce the chances that your servers will breached? One method of keeping your data safe is using two-factor authentication, a useful and popular method of protecting your data.

Two-factor authentication works by requiring the user to combine passwords with another form of identity authentication. For example, a bank card may be one factor, and the PIN is the second factor to gain access to the account.

Overall, cloud computing regulations differ markedly across the globe with different countries applying different laws to the processing of data in servers based overseas. But what’s important for organizations who are hosting data on servers overseas is that they take a good look at the legal ramifications of any cloud breaches or mishaps in a particular company. But to start with, it’s never a bad thing to increase your cloud servers’ security, perhaps through two-factor authentication.