It seems that all this cloud talk has made some people believe that the location of customer data will increasingly be less relevant in the near future. Data location is extremely important, and for a lot of reasons which have not yet been fully discussed in the public arena.
Gartner recently issued a press release stating that the location of data will be viewed in the following contexts:
- physical location – where is the data physically?
- legal location – what laws affect the data?
- political location – what law enforcement could be taken related to that data?
- logical location – who has access to the data?
While I may take issue with the way in which Gartner describes this issue, I am generally in agreement that physical location alone is no longer the sole determinant when it comes to data privacy and security. There are other issues to consider. But, many of these issues are as a direct result of new technological advances, as well as changes in the way managed service providers perform their services.
For example, the use of cloud backup solutions has made significant improvements from tape backup models that had been woefully in need of updating. With these new cloud backup models, however, came the inevitable question of just where is the cloud located and who is touching the data. These questions had never really been asked before, since the majority of MSPs were remotely managing and monitoring data and infrastructure that was under the control of the customer.
Virtual Network Operation Centers and help desks have also brought tremendous advances in managed services business process improvements. We have also seen these advances stretch the ways in which data can be access. This also means that data is now more accessible to those we do not want to have it!
The UCS Answer to Data Location
If Gartner believes data location may be more complex in the near future, there is some good news we should mention. MSPAlliance has addressed these data location issues via its certification program, the UCS.
UCS control objectives 5 “logical security”, 6 “data privacy, security, and integrity”, and 7 “physical and environment security” collectively address all the 4 Gartner data location issues. Specifically, UCS audited MSPs can affirmatively prove to their customers that these issues have been addressed in the policies and procedures of the MSP and that they have been confirmed by a 3rd party.
I would close by saying Gartner is correct in identifying these “location” issues but that we have always known data location is an issue. The larger issue we have identified is getting the customer to be aware of these issues and allowing their MSP to effectively address the problem. The more customers are aware of how cloud can impact their data privacy and security, the better they will be at protecting it.