One lesson from the NSA scandal: Find out where your cloud provider’s data centers are located

For the early history of computing, data tended to be kept locked down within isolated, local systems for security reasons. With the advent of the cloud however, the idea of accessing data from anywhere, using cost-effective on-demand services is now thoroughly mainstream. Indeed, the future of IT is the cloud.

As cloud computing continues its triumphant spread, one issue that has continued to get undeservedly little attention, though, is the geographical location of data. The ongoing NSA scandal is finally bringing to light just one aspect of how critically important the physical location of digital data has become.

Distance can increase risk

On the most basic level, choosing a cloud provider whose data centers are located on a distant continent will obviously increase latency and so adversely affect performance. For businesses where performance and speed are relevant that’s a major concern. But it’s also worth considering that submarine communication cables, despite all their protective layers, are regularly broken by fishing trawlers, anchors and natural events such as earthquakes and turbidity currents – more than 50 cable breakdowns a year are repaired in the Atlantic alone. So relying on distant cloud providers can add a layer of risk of service dropouts that isn’t tenable for many businesses.

Local business culture matters

Every country has its own traditions and business culture, which can be difficult to grasp from abroad. For instance, mutual misunderstanding between American companies and Japanese customers is not a rare thing. So it’s logical that cloud users from around the world prefer working with providers who speak the same language, work in the same time zone and understand their local customs. Dealing with far-flung customer service reps simply can’t compete with more local ones.

And, perhaps most importantly, the location of your data centers has legal implications. If your cloud provider stores your data on servers in another country, then the laws of that country will most probably govern your data as well. National privacy laws vary widely from country to country.

For example, German developers prefer local hosting providers to American ones largely because U.S. law allows intelligence agencies access to foreign customers’ private information. (European data protection laws prohibit export of certain data abroad.) If your data is stored somewhere in India, meanwhile, you can never be sure whether it is secure or not, as there is no legal framework for cloud computing there yet – and no data protection laws either.

Some of the world’s largest cloud providers, such as Openshift and Heroku, for instance, still have their data centers in the U.S. (Heroku did open a European region this year that runs through Amazon’s Irish data center, but some personal data could still be routed through the U.S.). But currently neither of those companies are part of the Safe Harbor Program for American companies whose services manage EU citizens’ personal data according to EU standards, and we’ll have to see how the fallout from PRISM could affect their business. The fact is that most advanced cloud providers are already opening new data centers outside the U.S., and for good reason.

Specifically, Amazon has several data centers in North America, one in South America, nine in Asia Pacific and twelve spread across Europe, the Middle East and Africa. And Windows Azure has four data centers in the U.S., one in East Asia, one in South East Asia and two in Europe. (Jelastic’s cloud platform operates from one data center in the U.S., one in South America, one in East Asia and another seven in various European countries.)

PRISM may alter cloudscape

One day unified international standards will be adopted, and working in the cloud will become much simpler. For now, the situation with national statutory requirements is unclear. Just this week the Australian government announced that it will assess the impact that the PRISM program has had on Australian’s private data held by the various U.S. tech giants. Presumably other countries will follow suit soon.

Amy Armitage is director of strategic partner development at Jelastic, Inc., a cloud provider.

Have an idea for a post you’d like to contribute to GigaOm? Click here for our guidelines and contact info.

Photo courtesy phloxii/