LONDON, July 17, 2013 /PRNewswire/ -- Recent leaks of the U.S. National Security Agency's (NSA) PRISM surveillance program are the latest in a string of disclosures that have sparked growing data residency concerns for EU and global corporations regarding using U.S. headquartered - cloud service providers.
European Union Vice President and Commissioner for Justice Viviane Reding said it was "a wake-up call" that would boost efforts to strengthen existing privacy laws. Speaking at a conference in Munich, Reding issued an appeal for member states to move forward on a data protection bill that includes cloud service providers, and place the bill on the agenda of an EU summit in the autumn.
While policy makers move forward, however, these events make it clear that EU and global businesses need to act immediately to resolve data residency issues themselves and protect their sensitive information in transit and at rest with cloud service providers.Due to the dynamic nature of cloud operations, it may not be known in which country the information is actually stored and whether it's accessible by foreign government agencies and system administrators. This may result in concerns over data ownership and potential conflicts between domestic or international jurisdictional and regulatory requirements. "U.S. cloud service providers are subject to U.S. laws including the Foreign Intelligence Surveillance Act (FISA), which means the government can get access to cloud-stored information without the data's owner even knowing it," according to Paige Leidig, senior vice president at CipherCloud. Leidig further emphasized, "This underscores how critically important it is that businesses control and secure their own data in the cloud, and not rely solely on their cloud service provider. It boils down to encrypting sensitive information in the cloud and making sure the business retains exclusive control of their encryption keys. This is the only way to prevent any cloud service providers from revealing confidential information without involving the information owner."