Why you should not store your data in the Public Cloud

The Public and Private Cloud

The “Public Cloud” refers to data storage in a shared facility, often with multinational providers.  Your data is typically located on infrastructure shared with other organizations.  You may or may not know the location of your data; it could be located in Australia or anywhere in the world.

The “Private Cloud” can be either “On-Premise” or “Off Premise”.   As the names suggest, on premise means that the data is located on the premises of the organization that owns it.  Some smaller organizations have their own server rooms, whereas, larger organizations might have their own data centre.  An off-premise facility would generally be a data centre either owned or leased by the organization, or a data centre used by the organisation’s IT provider.  By definition, on-premise data storage is not shared with any other organization. However, off-premise data storage, may or may not imply sharing of infrastructure.

Why is the public cloud a security concern?

There’s a few reasons. First, in the public cloud your data could reside anywhere; on or off shore.  Wherever your data resides, you may be bound by the local laws of that country.  Secondly, you may have little control over the security of your data. Thirdly, any data that belong to a third party which you acquire and store on their behalf is protected by Australian privacy law.  This means that you are responsible for the security of that data.  To help understand this, and what can sometimes go wrong a few real life examples are described below:

Case Report 1:

In 2013 The USA Department of Justice requested Microsoft to provide access to customer emails stored on servers in Ireland. The emails were linked to a criminal investigation at the time.

Microsoft declined to hand over the emails.

The Department of Justice took Microsoft to court to force the handover. The judge found in favor of the US Government. However, Microsoft appealed and subsequently won the appeal.

In the interim the US government introduced legislation to the congress which, if passed would enable compulsory acquisition of data stored offshore.

This has security implications for a vast amount of data stored in the public cloud all over the world.

Case Report 2:

In 2016 a major web services provider was accused by a few of its employees of secretly using software to scan its customer’s emails.

The claim stated that more than 100 million accounts were accessed by the web giant and handed over on demand to the US FBI.

The accusations were not denied, but the accused provider claimed to be “a law abiding company”.

Read More

Incarta recommends and supports on-premise and off-premise private cloud data storage.  Our infrastructure is virtualized; meaning that even though your data might physically reside on shared hardware, each virtualized server is isolated.  Incarta gives you the peace of mind of managed data storage in a Tier IV security Next DC data centre, located 100% in Australia, by an Australian provider.

Share this post