The EU has recently looked to shake up its existing rules on data protection with two landmark actions; the General Data Protection Regulation (GDPR) and the revocation of the ‘Safe Harbour’ ruling, a vehicle for US companies to transfer personal data from the EU to the US while still meeting European data requirements. The latter is particularly important – without the Safe Harbour ruling, individual European nations are able to set their own regulations on how foreign businesses can handle their citizen’s personal data.
So why does this matter? In brief, any business which previously relied on Safe Harbour to transfer data from the EU will now need to rethink its approach, and will potentially need to negotiate individual agreements with each European nation it trades in. European businesses running cloud systems can no longer send data to the US for processing and storage, for example.
As more and more businesses move away from legacy storage systems and towards cloud storage (which may be reliant on US data centres), cloud service providers must adapt quickly to remove their dependence on the Safe Harbour framework. Some already have; both Amazon and Microsoft have recently announced plans to build UK data centres, partially in response to the EU’s ruling.
Cloud service providers that don’t adapt could leave their customers in a complicated situation; those using cloud storage would find their supplier doesn’t comply with the new regulations, while those tempted to rely on legacy storage systems will not enjoy the same security guarantees that some of the larger US-based cloud providers can offer.
To muddy the waters further, it can be difficult for CIOs to know which cloud providers can still meet both their requirements and the new legal regulations imposed by each EU nation. Even the most prominent Cloud service providers can offer little information, and may require the end-user to opt-in to contractual arrangements. With less information to work from, it’s hard to judge CIOs for erring on the side of caution and avoiding the public Cloud, even though more breaches occur in on-premise data centre environments.
With this in mind, hybrid cloud is increasingly seen as a viable alternative; combining the security of private cloud storage with the flexibility to scale up to a multi-tenant environment where required. On this point, CIOs unsure of what the right solution might be may benefit from third-party support, and a partner which can identify a range of different hybrid options tailored to the business’ unique needs.
Cloud computing isn’t likely to diminish in popularity even after the EU’s ruling. However, CIOs may find the process of choosing the model that fits their needs increasingly challenging. In this new landscape, the needs of the business could range from on-premise, private cloud technology, through to multi-tenant IaaS tools. The CIO should therefore consider the support available in finding and deploying the right Cloud for their business.
Unsure about how to adapt your cloud framework to the post-Safe Harbour landscape? Visit Trustmarque.com or get in touch to find out more about our range of Cloud support services.