Getting to Know Your Cloud Provider’s Jurisdiction Is More Important than Ever
The National Security Agency (NSA) surveillance affair has dominated recent thinking among chief information officers (CIOs) and chief technology officers (CTOs) about cloud computing. The ambition and apparent reach of intelligence agencies have taken many organizations by surprise. Executive teams now must reconsider operational fundamentals like the location of their infrastructure and the jurisdiction where it runs. It’s not clear that regular businesses can do anything much about government surveillance (except perhaps switch to manual typewriters and snail mail, as Indian diplomatic missions are reported to have done). But we must not lose sight of another jurisdictional factor: privacy and data protection regulations. Transborder Flow provisions in the laws of dozens of countries shine a spotlight on data center location, for if they find themselves in the wrong place, companies can face major new compliance costs, not to mention prohibitive customer anxieties. Jurisdictional technicalities are quite rightly beginning to influence IT hosting arrangements. Multinational businesses need to be aware of how they become both obligated and restricted by data center location and they need to be sensitive to end users’ concerns. Canny service providers are finding that investing in the right locations gives them competitive advantage.
This Quark examines what’s at stake in data center location, and reports on how one U.S. cloud identity innovator, OneLogin, is thinking more strategically about geography, with a significant commitment to new data centers in Europe.