According to a new study from International Data Corporation (IDC), end users' concerns over foreign governments' access to cloud data, particularly data stored in the U.S., are misplaced. Many critics of cloud services say that the Patriot Act gives U.S. government agencies unprecedented access to information stored in the cloud. This concern is often heightened because the vast majority of leading cloud vendors are U.S.-based.
"Scare stories over the Patriot Act abound, but they are fallacious," said David Bradshaw, IDC research manager for European public cloud services. "The Patriot Act is nothing special, indeed data stored in the U.S. is generally better protected than in most European countries, in particular the U.K."
Almost all countries have similar legislation that gives the authorities a means to requisition data on cloud services - and stored anywhere in their jurisdiction - in order to investigate and prevent acts of terrorism. The issue is ensuring that these powers are used only when absolutely necessary.
The Gold Standard for Regulating Access to the Cloud
The "gold standard" is that government agencies are required to seek a court order for any access to data, and that cloud vendors are not allowed to give up customers' data without a court order, other than in truly exceptional circumstances such as imminent danger of loss of life. This is the case in the U.S., where all access to cloud data requires a court order.
However, most European countries are less stringent in their requirements. As a result, data stored in the U.S. is arguably better protected with legal safeguards than data stored in most European countries. In particular, the U.K. has weaker legal controls, and this may become a barrier to organizations in other European countries adopting services that store data in the U.K.
What do User Organizations Need to Do?
Users need to ignore the Patriot Act scare stories. Most large organizations will already be using services, such as outsourcing, where their data is stored on a service vendor's system. Adopting cloud services brings nothing new to these customers; indeed with many cloud vendors storing data in the U.S., your data will arguably enjoy far more stringent protection.
For smaller organizations, cloud services should primarily be evaluated on the business value they bring to you. Data location is a far smaller consideration, and should not be a big concern for the vast majority of users, particularly those in the U.K.
To Learn More
The study, Government Access to Cloud Data: Impact on Users, Vendors, and Markets (IDC #SP54U, October 2012), was written by David Bradshaw and is published on idc.com. Subscribers to IDC's European Public Cloud: SaaS, PaaS, and IaaS program and certain IDC services will have access to the study as part of their service. Otherwise, interested parties should contact their local IDC office.
"Scare stories over the Patriot Act abound, but they are fallacious," said David Bradshaw, IDC research manager for European public cloud services. "The Patriot Act is nothing special, indeed data stored in the U.S. is generally better protected than in most European countries, in particular the U.K."
Almost all countries have similar legislation that gives the authorities a means to requisition data on cloud services - and stored anywhere in their jurisdiction - in order to investigate and prevent acts of terrorism. The issue is ensuring that these powers are used only when absolutely necessary.
The Gold Standard for Regulating Access to the Cloud
The "gold standard" is that government agencies are required to seek a court order for any access to data, and that cloud vendors are not allowed to give up customers' data without a court order, other than in truly exceptional circumstances such as imminent danger of loss of life. This is the case in the U.S., where all access to cloud data requires a court order.
However, most European countries are less stringent in their requirements. As a result, data stored in the U.S. is arguably better protected with legal safeguards than data stored in most European countries. In particular, the U.K. has weaker legal controls, and this may become a barrier to organizations in other European countries adopting services that store data in the U.K.
What do User Organizations Need to Do?
Users need to ignore the Patriot Act scare stories. Most large organizations will already be using services, such as outsourcing, where their data is stored on a service vendor's system. Adopting cloud services brings nothing new to these customers; indeed with many cloud vendors storing data in the U.S., your data will arguably enjoy far more stringent protection.
For smaller organizations, cloud services should primarily be evaluated on the business value they bring to you. Data location is a far smaller consideration, and should not be a big concern for the vast majority of users, particularly those in the U.K.
To Learn More
The study, Government Access to Cloud Data: Impact on Users, Vendors, and Markets (IDC #SP54U, October 2012), was written by David Bradshaw and is published on idc.com. Subscribers to IDC's European Public Cloud: SaaS, PaaS, and IaaS program and certain IDC services will have access to the study as part of their service. Otherwise, interested parties should contact their local IDC office.
