The U.S. Patriot Act has an impact on cloud security

Cloud security includes the obligation to meet regulations about where data is actually stored, something that is having unforeseen consequences for U.S. firms trying to do business in Canada.

Recently several U.S. companies that wanted contracts to help a Canadian program to relocate 18,000 public workers were excluded from consideration because of Canadian law about where personally identifiable information about its citizens can be stored.

The rule is that no matter the location of the database that houses the information, it cannot place the data in danger of exposure. From a Canadian perspective, any data stored in the U.S. is considered potentially exposed because of the U.S. Patriot Act, which says that if the U.S. government wants data stored in the U.S., it can pretty much get it.

That effectively rules out cloud service providers with data centers only in the U.S. from doing business in Canada.

Checking out where data physically resides in a service-provider cloud is part of the due diligence regulated businesses anywhere have to perform. In clouds that rely almost exclusively on virtual environments, this can be a difficult task to document.

This is particularly true if the data is automatically replicated to other host machines in the cloud environment and the cloud hasn’t been designed with this parameter in mind. The implications for cloud service customers is apparent.

For providers that want to woo international customers, these geographic restrictions will have an impact on how their networks are designed and segmented. They must build in assurances that data meant for only one sector of the political map stays there. Presumably they will also make it possible to document this segmentation for customers that need to comply.

Learn more about this topic

Apparent Networks manages net performance in the cloud for free

IT not convinced about cloud's green credentials

Cloud Computing: Is it Time to Invest in Cloud Storage?

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT