Technology in Focus | Where does my data go? - An inside look at virtual networks
Given the global scandals on data misuse, information and communication technologies experts are urging Internet users to be more conscious about where and their data is being stored.
Cloud storage is becoming increasingly popular nowadays and Dyllon Chambers, systems administrator at MC Systems, it as “a computing model in which data is stored on remote servers and can then be accessed over the Internet. These remote servers are usually spread out over several locations around the world and are built using virtualisation technology”.
Further simplifying the term, Henry Osborne, technical services manager at Contax 360 BPO Solutions, said, “In general, the cloud is simply a collection of servers housed in massive, acre-filling complexes and owned by some of the world’s largest corporations. That, essentially, means that your data sits on computers which you do not have access to.”
Both Chambers and Osborne underscored the importance for internet users to be more vigilant in protecting their data.
“If you have any doubts about your data hosts’ security setup, keep your confidential data off their servers,” warned Osborne.
Osborne noted that while the user owns the data, the cloud service provider has ultimate control over it.
However, Chambers explains that different cloud platforms have different user policies, and there are also laws governing storage in countries where these cloud service providers set up base.
He said Office 365, one of the cloud storage platforms, set the right example. Its policy states that: “ he noted that Office 365 was one such platform whose policy states: “You own your data and retain all rights, title, and interest in the data you store with Office 365. You can download a copy of all of your data at any time and for any reason, without any assistance from Microsoft.”
But Chambers cautioned that there are US laws, such as the Stored Communications Act (SCA), which give the government the right to seize data stored by an American company, even if the data is hosted elsewhere.
He stated that the enactment of the SCA resulted in Microsoft and other technology giants taking the government to court, claiming that it was illegal to use the act to obtain a search warrant, to peruse and seize data stored beyond the territorial boundaries of the United States. However, a district judge in New York ruled that the US government’s search powers extended to data stored in foreign servers.
“In the end, truthfully, data ownership in the cloud is a complicated issue. Determined by both government and company policies, data ownership in the cloud is not always retained,” he said.
Google, Amazon Web Services set right tone data-ownership tone
Osborne cited Google and Amazon Web Services as other platforms which set the right tone as it relates to personal data.
Amazon states in its terms and conditions that “other than the rights and interests expressly set forth in this agreement and excluding Amazon Properties and works derived from Amazon Properties, you reserve all right, title and interest (including all intellectual property and proprietary rights) in and to your content”.
Meanwhile, Google states: “Some of our services allow you to upload, submit, store, send or receive content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you remains yours.”
Osborne pointed out that where the data is stored is also critical. However, since cloud providers typically store data in different locations, but it is unknown where exactly or how many copies of it they retain.
“In fact, identifying the exact location of all your data in the cloud is a near-impossible feat,” Osborne said. “Only a few cloud providers allow users to choose which countries their data is stored in, although more providers are slowly catering to such needs.”
The location of your data subjects it to various changing national and international laws. Data held in the European Union (EU), for example, is subject to the Data Protection Law Enforcement Directive and the General Data Protection Regulation, to which companies transferring data in and out of the EU must conform. The EU Charter of Fundamental Rights also stipulates that EU citizens have the right to the protection of their personal data.
Storing your data online
Osborne and Chambers advised that the following precautions should be taken to protect personal data:
• Read all terms and conditions from the provider to know how your data will be used.
• Never stop backing up locally. Your files may be on the cloud, but if the provider goes under, you could lose everything if you don’t have a local copy.
• Be careful which files are placed in the cloud. If your online account is compromised, it’s possible that your files might become accessible to hackers or others.
• Secure your account. It’s critical that as many techniques are used to keep your account as secure as possible. Security steps include using strong passwords, never sharing passwords, and using multifactor authentication as well as knowing when and how to use public Internet connections safely.
• Encrypt your data. Encryption converts your data into an unreadable form and requires a key to access it.
• Use a VPN. This gives you a secure connection to your data. A lot of data is actually stolen while in transit.
• Check, if possible, where your data will be stored. If in a foreign country, ensure that their data regulations at least match up with your own.
• Read carefully. Ensure the cloud storage provider is suitable for your needs. If your business stores highly confidential data in the cloud, it is best to seek legal advice prior to selecting a cloud provider.
Send feedback to solutions@mcsystems.com.