Giving data a 'Safe Harbour' that's close to home
As a result of regulatory changes in Europe companies are investigating ways of keeping sensitive data in-country while still being able to use the cloud
Since 1995, the European Union (EU) has led the world in setting some of the most stringent standards on data privacy and security laws. With the recent overturning of the EU-US Safe Harbour agreement, the EU's highest court has further tightened the reins on consumer data transfer agreements in order to provide better protection of data. For businesses in the UK and across the EU, the decision has created a major roadblock to the global exchange of data, and they are scrambling to find solutions that ensure they are now compliant with the changing regulations.
Politics of privacy
The Safe Harbour agreement was passed into law in 2000 to allow US companies doing business in the EU to transfer data from EU-based consumers to US servers in a way that complied with EU data protection laws. The objective was to make international business transactions more seamless, however the regulation was deemed inadequate in the protection it provided to consumer's personal data.
Under the new regime the Safe Harbour framework has become invalid, and EU organisations conducting business with any of the 4,500 companies registered under the Safe Harbour agreement, must also retrieve consumer data shared and stored on US servers.
While the decision handed down by the European Court of Justice (ECJ) on the Safe Harbour framework has thrown the issue into sharp focus, data privacy and security has been a hot topic for decades. Regulation, policy, the ability to collaborate on files, and the security implications of losing sensitive data are causing companies to reassess their data management options.
Think inside and outside the cloud
The demand for secure file sharing is on the rise. According to IDC, business file share spending will grow at a 27 per cent to £1.1bn by the end of 2018, with business adoption accounting for 80 per cent of the total file sync and share spend.
At the same time, however, mounting concerns over data privacy and security and the recent ECJ ruling will cause data localisation to become standard practice throughout business. When selecting a data management and file sharing solution, businesses have traditionally had the choice of bringing their data under one roof on their home soil, or have it stored in the cloud, often thousands of miles away.
Today, most businesses want to be close to their data and have full control over where it resides and who has access to it.
As businesses consider data management solutions for localising their data, they are presented with a number of options. One is to build their own data centre, which is costly in terms of time and resources. Another is to work with an outside resource that has the expertise to migrate customer data to a cloud solution or an in-country data centre and infrastructure already in place.
A third option is a hybrid solution that provides cloud-based access to data stored in a local data centre and on-site of the business.
Enabling secure collaboration
For businesses to implement better collaboration between staff and customers, content access and data fluidity is vital. Many businesses are improving file collaboration by adopting comprehensive content strategies in the form of next-generation files services, which intelligently support the needs of both the business user and IT department. These services are an example of a hybrid-cloud solution mentioned above. They centralise company data so that IT can have greater control over its processes. This also makes data easier for the end user to access, and as a result can make them more productive. These solutions can also:
- Maintain compliance with standards and evolving regulations to ensure privacy and data protection for customers
- Give enterprises complete control over encryption and where the data resides
- Identify which data was created in Europe and which was moved to the US, while ensuring data created in Europe is kept in Europe
Keeping data local and centralised
Ultimately, businesses want complete control over data with the ability to track it throughout its entire lifecycle, regardless of the platform it is stored on. Tracking data is essential to ensure that it remains secure and protected, and to ensure that businesses meet compliance and regulatory requirements. If businesses lose track of their data and it falls into the wrong hands, they can be liable for huge fines costing them millions of pounds.
As data privacy takes centre stage, driven by changes to industry regulations like the Safe Harbour agreement, we will see the trend towards businesses localising and centralising their data increasing, particularly in highly regulated industries such as finance, healthcare and government.
Whether they accommodate this change by building their own data centres, working with local hosting partners or by partnering with next-generation file service providers will depend on individual circumstances. But it is something they need to look at now to ensure they can keep sensitive data local while minimising the impact on the agility of their business, particularly in a regulatory environment that is always changing.
Vineet Jain is CEO of Egnyte