CLOUD ACT: What Does That Mean for Your Cloud Storage

The Endpoint Imperative: In a Software World, Hardware Does Matter

By G C Network | January 9, 2018

Hardware matters. From productivity to security to innovation, make sure your machines can keep up. Intel’s Sarah Wieskus joins The End Point Imperative: A Podcast series from Intel to discuss…

IT Transformation with Watson

By G C Network | January 5, 2018

Credit: Shutterstock by Kevin Jackson & Dez Blanchfield   IBM recently launched an exciting new project in the form of a podcast series produced and hosted Dez Blanchfield, appropriately titled the…

The Endpoint Imperative: A Form Factor Renaissance

By G C Network | December 22, 2017

Workplace expectations are changing, and along with them, the devices we use to do our jobs. In this episode of “The End Point Imperative”, Intel’s Sarah Wieskus tells us about…

Cloud Storage 2.0 Set To Dominate Market

By G C Network | December 19, 2017

The enterprise data storage marketplace is poised to become a battlefield. No longer the quiet backwater of cloud computing services, the focus of this global transition is now going from…

Top “Cloud Musings” Posts For 2017

By G C Network | December 17, 2017

    ( This content is being syndicated through multiple channels. The opinions expressed are solely those of the author and do not represent the views of GovCloud Network, GovCloud…

The Endpoint Imperative: ID’ing and Overcoming the Stumbling Blocks to Digital Transformation

By G C Network | December 6, 2017

Digital Transformation is the No 1 priority for organizations large and small. It’s imperative that IT remove any obstacles to digital transformation success – including outdated PCs and mobile devices.…

Industry Verticals Tackle Unstructured Data

By G C Network | December 1, 2017

  Organizations around the world are struggling to cope with the current data explosion. A vital characteristic of this data is that it is unstructured and represents things like email,…

The Endpoint Imperative: The Perimeter is Dead; Long Live the Perimeter!

By G C Network | November 27, 2017

Cloud, mobility and the Internet of Things have obliterated the traditional perimeter that protected organizations. The result: Higher productivity, but bigger challenges for security, data protection, and mobile device management.…

The Data Storage Explosion

By G C Network | November 25, 2017

Cloud computing innovation will power enterprise transformation in 2018.  Cloud growth is also driving a rapid rise in the storage market, exacerbating the enterprise challenge around storage cost and complexity.…

Digital Transformation Drives Mainframe’s Future

By G C Network | November 15, 2017

  Digital Transformation is amplifying mainframe as mission critical to business growth more than ever before. With 70% of the world’s corporate data and over half of the world’s enterprise…

When Congress names a law after you, it’s getting serious.  That is where we are now with cloud computing.  The Clarifying Lawful Overseas Use of Data Act or CLOUD Act (H.R. 4943) is a United States federal law that amends the Stored Communications Act (SCA) of 1986.  This amendment allows federal law enforcement to compel U.S.-based technology companies via warrant or subpoena to provide requested data stored on servers regardless of whether the data are stored in the U.S. or on foreign soil. Industry observers see this as a reaction to the Microsoft vs. United States lawsuit, known on appeal to the U.S. Supreme Court as United States v. Microsoft Corp (Whew!). This data privacy case addressed legal issues associated with US law enforcement efforts to gather electronic data physically stored in a Microsoft datacenter outside of US territory.  So why should you care? That “electronic data” was email which is the lifeblood of just about every organization. That, in turn, means that the outcome of this still unsettled case could affect how and where you store corporate email.

While the case was under review by the Supreme Court, Congress passed the CLOUD Act which resolves concerns related to the initial warrant. Although passage of the law made the case moot and vacated an earlier legal decision, an enterprise that may have email stored in overseas locations could find themselves choosing between violating foreign data privacy laws, like the General Data Protection Regulation (GDPR) or violating the US CLOUD Act. This unenviable position is preventable by seriously focusing on your current cloud storage vendor arrangements.

If you’re like many organizations, you have consolidated your cloud storage infrastructure with a single vendor. On the surface, this seems like a logical path, but in reality, that strategy could open you up to some serious risks. The most obvious one is vendor lock-in which could leave you operationally dependent on that single provider.  It could also make it impossible for you to change providers should the business relationship fail for some reason.  A second issue is driven by a need for data immutability. Data pedigree must be beyond reproach, and an essential requirement for protecting this pedigree is data immutability. This term describes a data property of being unchanging or unable to be changed over time. Immutability is especially important in law enforcement where prosecutors rely on data to prove their case. If you’re operating within the United States, the CLOUD Act adds additional uncertainty to any risk calculation. Enterprises must take a look at classifying their data based on applicable data sovereignty laws which describe the notion that information stored in binary digital form is subject to the laws of the country in which it is located.

An effective mitigation strategy for these risks could be establishing a secondary cloud storage vendor. This move would:

  1. Eliminate the possibility of cloud storage vendor lock-in;
  2. Provide data portability options should the business relationship fail for any reason;
  3. Help establish auditable procedures for the management of any data subject to US data sovereignty laws; and
  4. Establish and maintain data immutability.

If you need to take action toward mitigating your organization’s cloud storage risks, Wasabi could be a good option.  Their “Hot Storage” solution is deployed in fully secure, redundant, and SOC-2, ISO 27001, and PCI-DSS certified data centers.   The company’s primary production data centers are in  Virginia and Oregon with additional European Union data centers coming available later this year. Wasabi is also one of the few cloud service providers capable of meeting data immutability standards which include:

  • Ensuring that none of the provider’s employees can change application code on a production system without first undergoing thorough review and testing
  • Confirmation that all data centers contain appropriate physical security using things like biometric access control and man-traps.
  • Data guarantees at least 11 nines in durability; and
  • Every data object is read every 90 days to detect and automatically correct any random errors.
Posted in

G C Network