Recent Whitepapers Indicate Data Localization = Data Vulnerability

Share |

In a series of white papers released this week, Leviathan Security Group assesses the security of world-spanning cloud storage services, versus storing data in localized datacenters.

In a white paper prepared by SIIA several years ago, we highlighted the effect cloud computing will have as an engine for driving growth across other sectors—growth made possible by greater access to advanced computing resources, often at lower prices. Cloud computing provides an IT environment where technology can be located in accordance with infrastructure and labor efficiencies, rather than being localized and provisioned independently, capitalizing on the economies of scale of network computing like never before.

It is widely accepted that cloud computing presents inherent security benefits, including increased opportunities for threat detection, mitigation, and remediation, compared to storing data locally on an organization’s own premises.  The reason is scale economies: companies that maintain many data centers housing vast amounts of information from many different clients can obtain the best in data security services at a fraction of the cost available to smaller on-premises data storage facilities.

Leviathan’s extended research on data security is particularly useful as many countries around the world consider data localization mandates, where all data produced by or on behalf of a nation’s citizens need be stored within that nation’s boundaries.  Since adequate storage services do not yet exist to address requirements of localization laws, these laws effectively mandate entities and governments to store their data on premises, or through the creation of new, localized data centers, instead of world-spanning cloud computing services. Jurisdictions considering these laws can draw on the findings of this research in the areas of data availability, the supply of expert security talent, and the infrastructure and hardware investment to set up new data storage solutions.

The over-arching conclusion is that localization policies pose a considerable threat to data security. Here are some conclusions when comparing cloud storage services to localized solutions:

  • Increased costs and the limited availability of necessary technologies pose considerable threats to setting up and operating reliable, redundant, and resilient data services in a localized environment.  Compared to cloud computing, documented models illuminate the true vulnerability of local storage as utilized by a significant majority of small and medium businesses.
  • The global talent pool is lagging global cybersecurity needs—currently, more than one million cybersecurity positions unfilled worldwide.  This cybersecurity scarcity suggests that any single country is unlikely to recruit sufficient talent to meet their security needs for a localized data solution.
  • Geographic redundancy is a critical benefit to cloud computing. Using cloud-based storage allows replication between separate geographic regions. When incidents curtail availability from one datacenter, a correctly-used cloud provider should allow businesses to continue to access their data from other sources.

While we have known that data localization creates inefficiencies and causes higher costs, now we also know that this approach increases data security risks.

David David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.