Have you ever thought about moving the operation of your application into the cloud, but are unsure about data protection and security there? Don’t worry – you are not alone.
In discussions with our customers,the cloud is increasingly being seen as an alternative to in-house infrastructure or outsourcing to external providers in local data centers. Customers are nevertheless concerned about data protection – something that’s easy to manage with an in-house infrastructure or an external provider thanks to the location, but often more complicated with cloud providers.
This blog post informs you about the risks you should be aware of and what you need to consider in order to run your application in the cloud without any concerns about data protection.
Reasons to be concerned?
Outsourcing data always involves risks – regardless of the infrastructure you use. When talking with our customers, they often mentioned the following as causes for concern:
Location of data
Due to global networking and the virtualization of the cloud, it is difficult for you to see where the data is located.
You cannot conclusively confirm compliance with legal obligations such as the retention periods, the burden of proof or ensuring data protection and data security, since the data is stored in data centers around the world.
Access by public authorities
As the data is distributed across different data center locations worldwide, it can also be stored (or processed) in countries that have no or insufficient data protection. Authorities in these countries may also demand data disclosure based on the legal foundations of their respective countries. These usually differ by country. And that, in turn, is often unknown to you as the owner of the data.
Do you already know our latest whitepaper? Here, you can download it for free.
How to stay in control
As running applications is not only a business-related issue, but also one that has a lot to do with the trust between customers and providers, cloud providers have recognized the concerns of their (potential) customers and responded accordingly in terms of data protection.
Many public cloud providers therefore now transfer total ownership and control of customer data to their customers. This includes the following:
- access management to customer content, services and resources
- storage in cloud locations selected by the customer (see AWS: EU Data Protection and ISO 27018-Compliance)
- the method of securing and encrypting customer content
Transferring ownership and control of data from the provider back to the customer helps dispel the previously mentioned concerns about running an application in the cloud. Above all, this is because you, as a customer, can decide for yourself which content should be stored where and in what way, as well as who should have access to it.
Another important point is data disclosure. In this case, cloud providers take a clear stance and affirm their position by ensuring that no customer content is disclosed, except
- upon customer request
- if based on a “valid and binding order of a governmental or regulatory body” (see AWS)
- if disclosure “is required by law” (see Microsoft Azure)
Conclusion: (data) protection even in the cloud!
Concerns about data protection in the cloud are justified and, above all, important. However, as a precautionary measure, cloud providers have responded accordingly by setting the requirements for running an application in the cloud at the same level as in a local infrastructure. Our opinion: Data protection must always play a role when you are looking for a provider – whether in the cloud or elsewhere. As large providers now allow customers to participate in the handling of their data, data protection is no longer an argument against the cloud.
PS: Are you interested in further cloud infrastructure topics? Simply sign up for our blog now and receive regular updates.