Cloud computing has long faced curly geopolitical questions when it comes to data location and sovereignty – and 2015 is shaping as a year where Australian organisations test those assumptions.
Enter Macquarie University: the institution is making a hasty change from Gmail to Microsoft Office 365 after Google apparently reneged on a deal over where the data was hosted.
When Macquarie signed the deal with Google in January 2010, it trumpeted the “millions” of dollars it would save, along with some geopolitical protections it managed to negotiate.
To address concerns over exposure to the Patriot Act and Digital Millenium Copyright Act (DMCA) in the US, Google “agreed to store data under EU jurisdiction” instead of in US-based data centres.
The university kept a separate offline data store on campus to satisfy state-based laws.
Five and a half years later, Macquarie University has been forced to change providers.
“Data security is our top priority at Macquarie University, and following a decision made by Google to move our stored data from Europe to the United States, we initiated a market search to look at alternative options,” chief information officer Mary Davies said.
“The result: Office 365 – a Microsoft cloud product suite with services hosted locally in Australian data centres” will be in place by the end of the year, following a six-month trial, she said.
Earlier this year, jurisdictional issues also forced the Bank of Queensland to abandon a cloud-based customer relationship management (CRM) project.
The bank said the project had failed to meet “operational and regulatory requirements”. Those requirements include keeping data hosted onshore, and the bank’s chosen vendor Salesforce had no local data centre presence.
Internationally, a court battle between Microsoft and the US Government is being watched keenly by cloud customers and legal observers alike.
US authorities are attempting to force Microsoft to hand over customer emails stored on servers in Ireland – testing how far the US can reach for information held by a US company that is physically outside its borders.
In 2009, Gartner managing VP Andrea Di Maio noted the frequency with which end users raised data sovereignty as a challenge to cloud adoption.
Di Maio raised the prospect of customers being able to influence where data was stored but was unsure if that undermined the value proposition of the cloud.
“The question is whether cloud computing can still deliver its potential benefits if clients are granted data location control at a pretty granular level,” he said.
A study by the Cyberspace Law and Policy Centre at UNSW in 2013 noted sovereignty complications could outweigh the benefits of public cloud.
“In concept, using a public cloud on a multinational scale should be highly flexible and cost effective for a business,” the report noted.
“However, the multitude of data sovereignty restrictions to which a company must adhere creates a daunting challenge.
“Despite the notable benefits, many companies can be reluctant to utilise cloud technology because of fears regarding their inability to maintain sovereignty over the data for which they bear significant legal responsibility.”