American cloud service providers have been under pressure to assure their international customers that their sensitive data is not hosted outside their borders, and that it is safe and out of the reach of government agencies such as the NSA and GCHQ.
A new invention patented by researchers at IBM Labs can provide the answer to the problem, giving network administrators a clear view of their exposure on the cloud, and provide the flexibility to move data between locations, knowing exactly where it is geographically retained.
The invention, Geographic Governance of Data Over Clouds, patent No. 8,676,593, allows data administrators to tag specific files and records and define geographic criteria for where those files should be stored.
Cloud computing storage is growing exponentially and enables organizations and individuals to access information often located in remote data centers, but the security of that data is critical. That means systems are needed to let users know the exact location of different chunks of data and specify where that information can be stored.
Many countries, especially in Europe, are requiring that some types of data stored in public clouds be within national borders. They are also limiting the possibility of accessing that data from abroad. Last year's revelations from the NSA whistleblower Edward Snowden helped to increase government scrutiny of cloud data providers and fueled the introduction of several laws to that effect.
Several European countries are already requiring that certain types of sensitive data -- such as financial statements and personally identifiable information -- not be stored in cloud servers outside the country. The EU is also requiring cloud providers to be able to provide detailed records of the whereabouts of data related to European citizens. For example, in June 2007, well before the NSA scandal, France prohibited government officials from using BlackBerry smartphones, because the servers that hosted messaging and email data for the devices were located in the US, the UK, and Canada.
The IBM Labs technology is a combination of hardware and software. The process, as explained in the patent, includes:
- Receiving a request from a local computing device to save data on a network including a plurality of data storage locations in a plurality of different geographic regions; determining a specified geographic region of the plurality of different geographic regions by analyzing at least one of: (i) file attributes associated with the data, and (ii) predefined rules; identifying one of the plurality of data storage locations within the specified geographic region based on the determining step; and routing the data to the identified one of the plurality of data storage locations within the specified geographic region.
Theoretically, organizations would be able to analyze and manage the location of every piece of data they store in public and private clouds. This would not only help to comply with regulations governing where data can be stored, but it also could help organizations save time and money by optimizing resources and choosing between public cloud providers.
"During the early years of cloud computing, it was evident that storing and accessing business data across geographically dispersed cloud computing environments could present logistical and regulatory challenges," Sandeep Ramesh Patil, co-inventor of the IBM Labs technology, said in a press release. He stressed that his research team was intentionally focused on the challenge of moving data in the cloud while meeting compliance requirements for many different countries.
IBM would be able to provide customers with sensitive data, no matter their location, along with the assurance that their data will be stored only in the data centers they choose. Other organizations providing public cloud services could license the technology and provide similar functionality.