• 08/12/2014
    8:00 AM
  • Rating: 
    0 votes
    Vote up!
    Vote down!

IBM Labs Invention Pinpoints Data In The Cloud

A new patent allows IT to tag specific files and specify exactly where in the cloud that data will be stored.

American cloud service providers have been under pressure to assure their international customers that their sensitive data is not hosted outside their borders, and that it is safe and out of the reach of government agencies such as the NSA and GCHQ.

A new invention patented by researchers at IBM Labs can provide the answer to the problem, giving network administrators a clear view of their exposure on the cloud, and provide the flexibility to move data between locations, knowing exactly where it is geographically retained.

The invention, Geographic Governance of Data Over Clouds, patent No. 8,676,593, allows data administrators to tag specific files and records and define geographic criteria for where those files should be stored.

Cloud computing storage is growing exponentially and enables organizations and individuals to access information often located in remote data centers, but the security of that data is critical. That means systems are needed to let users know the exact location of different chunks of data and specify where that information can be stored.

Many countries, especially in Europe, are requiring that some types of data stored in public clouds be within national borders. They are also limiting the possibility of accessing that data from abroad. Last year's revelations from the NSA whistleblower Edward Snowden helped to increase government scrutiny of cloud data providers and fueled the introduction of several laws to that effect.

Several European countries are already requiring that certain types of sensitive data -- such as financial statements and personally identifiable information -- not be stored in cloud servers outside the country. The EU is also requiring cloud providers to be able to provide detailed records of the whereabouts of data related to European citizens. For example, in June 2007, well before the NSA scandal, France prohibited government officials from using BlackBerry smartphones, because the servers that hosted messaging and email data for the devices were located in the US, the UK, and Canada.

The IBM Labs technology is a combination of hardware and software. The process, as explained in the patent, includes:

    Receiving a request from a local computing device to save data on a network including a plurality of data storage locations in a plurality of different geographic regions; determining a specified geographic region of the plurality of different geographic regions by analyzing at least one of: (i) file attributes associated with the data, and (ii) predefined rules; identifying one of the plurality of data storage locations within the specified geographic region based on the determining step; and routing the data to the identified one of the plurality of data storage locations within the specified geographic region.

Theoretically, organizations would be able to analyze and manage the location of every piece of data they store in public and private clouds. This would not only help to comply with regulations governing where data can be stored, but it also could help organizations save time and money by optimizing resources and choosing between public cloud providers.

"During the early years of cloud computing, it was evident that storing and accessing business data across geographically dispersed cloud computing environments could present logistical and regulatory challenges," Sandeep Ramesh Patil, co-inventor of the IBM Labs technology, said in a press release. He stressed that his research team was intentionally focused on the challenge of moving data in the cloud while meeting compliance requirements for many different countries.

IBM would be able to provide customers with sensitive data, no matter their location, along with the assurance that their data will be stored only in the data centers they choose. Other organizations providing public cloud services could license the technology and provide similar functionality.

Figure 1:
(Source: US Patent Office)
(Source: US Patent Office)


international regulations

It seems this IBM technology would go a long way towards addressing international privacy regulations. Even before Snowden, the Patriot Act fueled European privacy concerns with US cloud providers. 

Re: international regulations

Marcia, I do believe so. Last year Neelie Kroes, vice president of the European Union for the Digital Agenda, warned that American cloud companies could lose $35 billion because of the NSA spying scandal under the Foreign Intelligence Surveillance Act (FISA):

If European cloud customers cannot trust the United States government or their assurances, then maybe they won't trust US cloud providers either. That is my guess. And if I am right then there are multi-billion euro consequences for American companies.

One year later $35 billion is not even close!

Re: international regulations

Right Pablo, Forrester Research estimated that the loss to the US cloud computing industry could be as high as $180 billion. There have been reports that Microsoft has lost customers due to the NSA spying disclosures.

Re: international regulations

Unfortunately for Microsoft the recent court order that forces them to hand over emails stored in Ireland doesn't help.

If US courts can order cloud providers to deliver information stored elsewhere the fact that data is in European data centers or any other country is not enough for foreign customers to trust them.

I want to clarify that I'm not against legal requests from American courts to get access to data stored in Europe, but the normal procedure should be requesting an European court to authorize the transfer of such data, within the limits of European law.

Re: international regulations

If that court order holds, it would be a major setback for US cloud providers. I agree, the process should require the US authority to go through a European court to authorize the data transfer.