Gartner Says the Physical Location of Data Will Become Increasingly Irrelevant in Pos

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
#1
Physical location, Legal location, Political location, Logical location - Data Residency and Data Sovereignty - Interesting stuff indeed !
________________________________________________________________________________________________________________
Gartner Says the Physical Location of Data Will Become Increasingly Irrelevant in Post-Snowden Era

Sydney, Australia, July 2, 2014

Analysts to Discuss Data Security Issues at Gartner's 2014 Security and Risk Management Summits August 25-26 in Sydney, September 8-9 in London and September 15-16 in Dubai

The physical location of data still matters, but will become increasingly irrelevant and will be replaced by a combination of legal location, political location and logical location in most organizations by 2020, according to a report from Gartner, Inc.

Gartner research vice president Carsten Casper said that the number of data residency and data sovereignty discussions had soared in the past 12 months, stalling technology innovation in many organizations. Originally triggered by the dominance of U.S. providers on the Internet and the Patriot Act, the perceived conflict was then fueled by revelations of unexpected surveillance by the National Security Agency (NSA) made public by Edward Snowden.

“IT leaders find themselves entangled in data residency discussions on different levels and with various stakeholders such as legal advisors, customers, regulatory authorities, employee representatives, business management, and the public,” Mr. Casper said.

“Business leaders must make the decision and accept the residual risk, balancing different types of risk: ongoing legal uncertainty, fines or public outrage, employee dissatisfaction or losing market share due to a lack of innovation, or overspending on redundant or outdated IT.”

In the report, Gartner identifies four types of data location:

1) Physical location: Historically, people equated physical proximity with physical control over data and security. Although everybody knows that locally stored data can be accessed remotely, the desire for physical control still exists, especially among regulatory bodies. Gartner advises organizations not to dismiss concerns about physical location, and instead balance the discussion with other types of risk.

2) Legal location: According to Gartner, many IT professionals are not aware of the concept of legal location. The legal location is determined by the legal entity that controls the data (the organisation). There could be another legal entity that processes the data on behalf of the first entity (such as an IT service provider) and a third legal entity that supports the second one in that endeavor (possibly a captive data center in India).

“Statements like ‘it's illegal to store such data outside the country’ are often interpretations of legal language that is far less clear,” said Mr. Casper. “Each organization must decide whether they accept those interpretations.”

3) Political location: Considerations such as law enforcement access requests, use of inexpensive labor in other countries that puts local jobs at risk or questions of international political balance are more important for public sector entities, nongovernmental organizations (NGOs), companies that serve millions of consumers or those whose reputation is already tainted.

“Unless you fall into one of these categories, you can discount media reports on data residency concerns,” Mr. Casper said. “While public outrage is still high about data storage abroad, there is little evidence that consumers really change their buying behavior.”

4) Logical location: This is emerging as the most likely solution for international data processing arrangements and is determined by who has access to the data. For example, a German company signs a contract with the Irish subsidiary of a U.S. cloud provider, fully aware that a backup of all data is physically stored in a data center in India. While the legal location of the provider would be Ireland, the political location would be the U.S. and the physical location would be India, logically, all data could still be in Germany.

For that to happen, all data in transit and all data at rest (in India) would have to be defensibly encrypted, with keys residing in Germany. With such an architecture there is an increase in cost and complexity and a reduction of usability through functions like preview and search, mobility and latency.

“None of the types of data location solves the data residency problem alone,” Mr. Casper said. “The future will be hybrid — organization will be using multiple locations with multiple service delivery models. IT leaders can structure the discussion with various stakeholders, but eventually, it's the business leader who has to make a decision, based on the input from general counsel, compliance officers, the information security team, privacy professionals and the CIO.”

More information is available in the report ‘The Snowden Effect: Data Location Matters’, available on Gartner’s web site at: http://www.gartner.com/doc/2724017

http://www.gartner.com/newsroom/id/2787417
Research, research and research - Please do your own due diligence (DYODD) before you invest - Any reliance on my analysis is SOLELY at your own risk.
Reply
#2
5 July 2014

Russian MPs back law on internet data storage

Russia's lower house of parliament has passed a law requiring internet companies to store Russian citizens' personal data inside the country.

The Kremlin says the move is for data protection but critics fear it is aimed at muzzling social networks like Twitter and Facebook.

The Russian government is thought to be seeking greater access to user data.

Social networks were widely used by protesters opposing President Vladimir Putin's return to the Kremlin in 2012.

Analysts say there are fears that Russia may be seeking to create a closed and censored version of the internet within its borders.

The new bill must still be approved by the upper chamber and President Putin before it becomes law.

If passed, the new rules will not take effect until September 2016 but will give the government grounds to block sites that do not comply.

"The aim of this law is to create... (another) quasi-legal pretext to close Facebook, Twitter, YouTube and all other services," internet expert and blogger Anton Nossik told Reuters news agency.

"The ultimate goal is to shut mouths, enforce censorship in the country and shape a situation where internet business would not be able to exist and function properly."

But introducing the bill to parliament, MP Vadim Dengin said "most Russians don't want their data to leave Russia for the United States, where it can be hacked and given to criminals".

"Our entire lives are stored over there," he said, adding that companies should build data centres within Russia.

http://www.bbc.com/news/world-europe-28173513
Research, research and research - Please do your own due diligence (DYODD) before you invest - Any reliance on my analysis is SOLELY at your own risk.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)