In a move I have predicted long ago, Canada is one of many countries making moves to establish cloud computing guidelines to protect end-user data. While some countries are making very superficial steps, Canada is actually following the path of Germany, Brazil, and other nations, by wanting to establish transparency guidelines to know precisely where Canadian cloud data resides and who is accessing that data.
Oh, Cloud Canada!
The proposed guidelines seem to deal only with cloud computing as it relates to Canadian government projects involving the cloud. However, if the government adopts such a framework, it could be likely that private industry within Canada could also adopt such a stance, at least regarding certain types of data.
According to an article in IT World Canada, part of the proposed requirements include:
- Require that all domestic data traffic be routed exclusively through Canada;
- Require that all databases in which data is stored be running on servers located in Canada;
- Ensure that there are no connections from the Canadian database(s)/servers to any supplier database located outside Canada, with no way (short of hacking) of accessing the Canadian database(s) from a location outside of Canada;
- Encrypt the data (in transit and at rest) and ensure that encryption keys are held only by Canada;
- Require physical segregation of Canada’s data as part of the design of the solution
What MSPs need to realize is this is more than a trend; this is a reality and it is coming to a country near you. The point is, MSPs will be faced with more companies seeking to copy these cloud computing guidelines. As a result, MSPs will need a new approach to handling cloud computing, including how they deliver their managed services.
MSP/Cloud Verify Has you Covered
MSPs who are part of the MSP/Cloud Verify Program do not have to worry about these upcoming cloud guidelines. These certified MSPs can already prove where data resides and who has access to it, meeting all the major aspects of the Canadian framework. Certified MSPs will be able to close more business with organizations who have security or data privacy needs and want to be assured that their provider is qualified and adhering to current best practices.
Remember, Canada is not the first country to go down this path, and they certainly won’t be the last. This is the future of managed services. Are you ready?