As businesses come to rely more on cloud technology for their operations, issues of data storage, data security, and data sovereignty are coming to the forefront of risk management within businesses.
For startups cloud services can be of huge value.
For one thing, it’s cheaper and more efficient to host your company’s data in an offsite location. It’s also often safer, from a security point of view, but also from a physical asset point of view. Insurance companies are beginning to offer lower premiums for companies with offsite servers – there’s less likelihood of them overheating and inflicting serious property damage if they’re in a dedicated server storage facility, rather than in a cupboard in your office.
When it comes to talking about the cloud, many business decision makers and C-suite executives are in uncomfortable territory – it’s hard to know what you don’t know and to ask questions about it.
But it’s imperative that senior decision makers cultivate technological literacy with regard to data storage – the implications are too significant for the issue to be left solely in the province of the IT department.
When it comes to offsite data storage, businesses have a few options. Public cloud services, like Amazon Web Services, house your data on server infrastructure owned by AWS that could be anywhere in the world, and your data is stored with other people’s data.
By contrast, with private cloud services businesses own the infrastructure that stores the data, or at least they have effective control of infrastructure leased through a third-party infrastructure as a service provider.
That server infrastructure can be physically located and serviced by a dedicated data storage site, but ultimately, the business owns whatever data is stored in its private cloud server.
The question of who owns the data, and hence who is allowed to access it, is a critical one for business. For example, data hosted by Amazon Web Services is effectively owned by AWS. And since the enactment of the USA PATRIOT Act in 2001, any data storage physically housed in the US can be accessed by US government authorities.
So businesses – and their customers – want to know that their data is stored safely, and locally. And aside from the security impacts, if cloud server infrastructure is housed relatively close by to a business, latency, or the time it takes information to travel between the server and the business’ computing equipment, is lower – so there’s less likelihood of an annoying lag when trying to access data.
When it comes to trying to get answers out of your IT department on where your data is physically stored, it can be difficult.
But CFOs and COOs have a responsibility to lead on data storage and security considerations – and any ISO accredited business will need to prove where its data is.
There are some key things you should ask of your IT department:
- Get IT to draw a map of your network, showing interaction between the computing equipment in your business and your data servers
- Find out where the servers are, where the data is stored and through whom, and whether it’s in Australia
- You need to know you what your obligations are in terms of disclosing where your data is held. Do customers and clients expect their data to be stored in Australia?
- Find out who has the maintenance contracts for your data storage facilities
Perhaps most importantly of all, if the server systems fail, business leaders need to know what their company has in the way of backup and disaster recovery, and how long it will take the business to get back online.
The problem is that no one tends to think about server failure until it happens. But like any form of insurance, it’s significantly cheaper to house your data in purpose-built facilities, with proper redundancies and fail-safes, than to wait for something to go wrong.
Senior leadership and boards can often fail to see the need to invest in this sort of infrastructure as it’s not immediately visible, and it can be hard to explain how it impacts the business.
But in a time when customers expect to be able to access your products and services online at any time and your business depends on that reliability, it’s not good enough to turn a blind eye to the question of data storage.