Computing Without Borders
“Information is the oxygen of the modern age. It seeps through the walls topped by barbed wire, it wafts across the electrified borders.”
- Ronald Reagan (1911-2004), 40th US President.
“You live in the age of interdependence. Borders don’t count for much or stop much, good or bad, anymore.”
- Bill Clinton, 42nd US President.
Two Presidents, separated by decades, had spoken about the unrestricted flow of information across borders. What started with radio and television actually became a reality with the Internet, allowing Chinese dissidents to post anonymous messages against the single-party government and Iranian rebels to denounce the autocratic regime. Now, with cloud computing, even the storage and processing of information have crossed geographic borders.
The title of the article is a play on “Doctors Without Borders.” Also known by its original name Médecins Sans Frontières, Doctors Without Borders is a secular humanitarian-aid non-governmental organization best known for its projects in war-torn regions and developing countries facing endemic diseases, unaffiliated to any any political, religious or economic powers. Like cloud computing, their operations are not bound by geographical boundaries.
At the same time, cloud computing does have a physical footprint. In spite of the virtual nature of the technology, ultimately, the data is stored and processed on physical data centers on physical locations, with the borders of particular countries. It is the distributed nature of the technology where storage and processing are performed across multiple locations that gives rise to the vaporous perception of cloud computing.
While this distributed nature of cloud computing has distinct advantages as far as reliability is concerned, there are certain disadvantages as well. Consider the following analogy. All your critical data is stored in a single data center in a city that is hit by an earthquake. Consequently, you lose all your data. Alternatively, if you had availed of cloud computing services, your data would have been stored in multiple locations. Even if one of those locations had been that earthquake city, much of your data could be salvaged from the other places. Consequently, your business would have got back on its feet much sooner.
Now, let’s talk about the disadvantages. You have signed up with a cloud computing service provider, one of whose data centers is located in country X. Now, country X has some security problems and passes legislation that allows it access to all data within its geographical borders. Consequently, your critical data is no longer safe from prying eyes due to government or legislative action.
If you think such a situation is far-fetched, think again. According to a report published by the EU’s European Network and Information Security Agency (ENISA), government agencies in the EU bloc should only deploy cloud services for applications that do not process sensitive data. Current data handling legislation in some EU states prevent certain data types from being taken out of their respective national borders. This would cause problems in the case of public clouds, ENISA says, as providers’ data centres may be elsewhere, such as in the US.
The EU is not alone in its concerns for the safety of its data. In spite of Canada’s friendly relations with the US, it has voiced concerns about cloud computing and the use of US-based data centers, in relation to the Patriot Act. Under the act, US officials could access information about citizens of other countries, including Canada, “if that information is physically within the United States,” as per a report on the website of Canada’s Treasury Board Secretariat.
In other words, if data privacy is so important to a business, perhaps it should think twice before embracing cloud computing. But wait, these issues exist only with public clouds spread across continents. For smaller private clouds, delivering services and infrastructure in highly virtualised form from an organisation’s own data centers, this is not an issue. Even the ENISA says that they are currently the most viable option for public sector bodies “since they offer the highest level of governance, control and visibility.” In other words, cloud computing can still be effectively used by businesses paranoid about privacy.
In conclusion, I would like to say that if data protection and privacy be of utmost concern to a business considering adoption of cloud computing, it should either think of getting its own private cloud or choosing a provider who has data centers in locations that meet the client’s expectations. At the end of the day, the improvement in cost saving and operational efficiencies of migrating to the cloud far outweigh minor security considerations.
By Sourya Biswas