It’s no secret that Canadian businesses took a close look at their customer data privacy following the Snowden revelations more than a year ago. In fact, a full one third (33 percent) planned to move data outside of the US this year over concerns around the NSA, according to research from Peer 1 Hosting.
However, the Canadian inclination to keep data within Canadian borders didn’t begin with Snowden. In fact, discussions were popping up around Canadian hesitation to use US-based cloud services well before the Summer of Snowden, largely due to the USA Patriot Act (passed in October 2001).
At the same time, the Canadian appetite for cloud continues to grow, after a slow start. In fact, a recent report found 54 percent of businesses in Canada planned to invest in cloud computing this year. The lingering reluctance of some organizations to move IT operations to the cloud has a lot to do with data privacy concerns, and a recent IDC report confirmed that security and compliance are the top two concerns for companies that still don’t use a public cloud. Since most global cloud providers utilize data centers and networks within the United States, potentially exposing customer data to unwanted snooping, these concerns have been difficult for Canadian companies to overcome.
Such privacy concerns are valid, especially because businesses can face serious compliance issues if they compromise customer data privacy. For example, Alberta, British Columbia and Nova Scotia all place restrictions on the storage of data outside Canadian borders under various circumstances.
But Canadian businesses should not have to choose between two extremes: using cloud services that compromise on data privacy and security, or avoiding the cloud (and its cost efficiency, scalability and agility benefits) completely. Fortunately, the market is responding to Canadian privacy concerns, and secure, Canadian-based clouds are now able to keep data entirely within Canadian borders.
What makes a Canadian cloud secure?
Some Canadian businesses that are concerned about privacy and data residency only think about the geographic location of servers where their data is stored. Yet more and more businesses – with good reason – aren’t satisfied to hear that their cloud vendor uses a Canadian data center. They also want to be sure their data doesn’t pass through any networks or failover zones in any country, including the US, where it could be exposed to unwanted surveillance or seizure.
This is why, in order to offer true data residency, a Canadian cloud can’t rest on its laurels for having all its servers inside Canada – with today’s highly connected global infrastructure, that’s no longer enough to protect data. A secure Canadian cloud must also be connected by networks that are entirely within Canada, and similarly, the disaster recovery zones where customer data is relocated in the event of an outage must also be located entirely in Canada.
That means there are three fairly straightforward requirements for a Canadian cloud:
1. Physical storage of data in Canada;
2. Networks inside Canadian borders;
3. Disaster recovery points local to Canada.
Satisfy these three requirements, and your cloud will satisfy (most) Canadian privacy concerns.
Choice for Canadians
While data privacy and residency aren’t deal-breakers for all Canadian business, it’s important that Canadian customers have choices when it comes to cloud services. Canada can’t afford to miss out on the cloud’s many benefits simply because previously lax approaches to cloud infrastructure have left customer data exposed. Fortunately, a healthy Canadian cloud market is emerging to offer alternatives that keep data local, safe and secure. Of course, the most determined hackers and intelligence agencies around the globe will always develop new methods of attack, but that’s all the more reason the Canadian tech industry must be vigilant and constantly redefine the meaning of “security” for its stakeholders.
About the Author: Ben Young is General Legal Counsel at Peer 1 Hosting, where he defends, protects and enforces Peer 1’s legal and business interests, advising and supporting each business unit across the company. Ben ensures that the legal team adds value to every interaction at Peer 1 by identifying risks and finding the right solution to mitigate them.