Cloud computing services have undergone massive growth with increases tipped to continue into the future. The proliferation can be attributed to benefits provided using pay as you go services as opposed to maintaining the traditional inhouse IT systems and support.

 

One question that often arises with the transition to cloud services is “where is my data stored”? This concern should be directly proportional with the value placed on your data.

The “cloud” is mostly made up of large datacentres which are used to house the servers and data storage equipment that provide cloud based services.

 

Data replication is where data is transferred between geographically separated datacentres in order to provide fast access and redundancy. Should a particular datacentre undergo an outage the end user can continue working oblivious to any datacentre issue.

Connection to the datacentres should be seamless, so in effect it makes little difference to the end user where the data is physically located.

With many large international companies vying for a market share the choice for customers is broad and location of datacentres equally so.

 

But where are these company’s datacentres located?

This depends on the vendor hosting the service. For example, a quick look at Google Drive’s Storage and Content Policy states that you can specify if you want your data stored in the United States, European Union, or Asia. However the selection of a location in Asia “does not guarantee that your data at rest is kept only in that specific location”.

 

You may think what difference does this make? And on the surface it generally won’t concern the end user.

Delving deeper into the situation and looking at the legal ramifications can be interesting. When data is stored in foreign countries, those countries may have legal rights and jurisdiction over your data. For instance the US Patriot Act allows the US government access to data stored on its shores.

 

Other countries have their own rules and regulations associated with data stored in their jurisdictions.

If using a foreign based vendor, steps should be taken to ensure compliance with Australian privacy laws, as your business can be held liable if in breach.

The Australian Government’s intelligence agency; Australian Signals Directorate (ASD) recommends against outsourcing information technology services and functions outside Australia, unless you are dealing with data that is publicly available.

 

When looking at cloud computing options for your business it is wise to ensure you know the potential geographic location of your data and whether information will be sent offshore.