IT Brief New Zealand logo
Technology news for New Zealand's largest enterprises
Story image

Data sovereignty: the risks of assumption

Tue 1 Mar 2011
FYI, this story is more than a year old

A worrying trend in cloud computing is the way that providers cloak themselves in secrecy with customer security as an excuse. They store third party data behind a virtual wall that enables their customers to select server capacity and pay for it by credit card, but aren’t always upfront about where your data will be hosted. In my opinion, that detail is so important it should be known to both parties.By now, almost everyone knows cloud computing democratises technology and enables business transformation, but your process for selecting a cloud service provider should be as rigorous as choosing a vendor for any other IT implementation.Don’t be lulled into a false sense of security by those who say the beauty of the cloud is that you don’t know where your information is.The Inland Revenue Commissioner’s recent alert about cloud computing turns the spotlight on customer attitudes to the cloud and the need to be clear about where your data is stored, if for no other reason than to fulfil your organisation’s legal obligations. The purpose of the Commissioner’s alert was to inform businesses that only financial records stored in data centers located in New Zealand comply with the record-keeping obligations of the Inland Revenue Acts. The IRD says it’s concerned the use of cloud computing may mean businesses are not meeting those obligations. Section 22 of the Tax Administration Act 1994 says New Zealand businesses have to keep sufficient records in New Zealand to enable the commissioner to readily ascertain information about their tax affairs.My advice to businesses evaluating cloud providers is to seriously consider hosting all intrinsic information — such as financials and intellectual property — with a New Zealand based provider.As a business owner I wouldn’t be comfortable hosting that information outside New Zealand, and I’d want to go further than seeing a website with a few photos and a verbal assurance that my data will be stored onshore, before choosing a provider. Cloud providers may give their customers the impression that they’re hosting their data onshore — and may indeed do that for a time — but this industry changes quickly. How can CIOs and IT decision-makers ensure their data remains within national borders in the long term?Enter negotiations with your exit strategy: If you give your data to this provider, how will you get it back, what happens if it goes out of business? What happens if you want to switch providers? You might not be parting on the best of terms, so who actually owns the data in the event of a termination? Be sure there’s a clause that makes this clear. Some agreements go so far as to change ownership of the data.It’s impossible to guarantee the physical location of your data without entering into a service level agreement (SLA). In many cases, cloud providers work on a "best efforts” principle, and that isn’t good enough. But even an SLA is useless unless monitored and reported on regularly. Remember, too, that unless you’re a large organisation or government agency, SLAs with overseas providers are largely unenforceable because the cost of mounting a legal campaign against them would be prohibitive.Be clear about the warranties in the SLA regarding provider liabilities in respect of your data. If your provider merges with an offshore company, your SLA has to protect your information and explicitly state where it is to be held in the future.Don’t leave anything to chanceMembers of InternetNZ have expressed concern that moving financial data to New Zealand may not be effective or efficient for businesses with overseas customers, but what controls do companies with offshore cloud providers have over the end use of their information, the resilience of the data center, its employees and the rule of law in the jurisdiction that would apply to any conflict that may arise?The questions you’d ask of a prospective provider should be no less rigorous than those you’d ask about an on-premises system. If you were about to invest in a new system you’d undertake due diligence upfront. CIOs shouldn’t stop applying the level of rigour they customarily apply to projects just because cloud is the trend of the moment.Don’t leave anything to chance. For example, don’t assume data in the cloud is automatically backed up or that it’s stored offsite. Ensure your data remains secure in the cloud by evaluating how the provider’s backup routine works, whether backups are stored offsite and what their business continuity plans are. You should be able to select data retention policies in your SLA.The reputation of your provider is probably the most important factor. Do the research. It won’t take long to identify a shortlist of three providers. Trust is a critical factor in cloud computing success. You might decide to commission an independent security audit.One benefit of choosing a New Zealand provider is jurisdiction. Your SLA is enforceable under New Zealand law and, typically, there’s a better match between the resources of both parties to the agreement.Meanwhile, the IRD has cautioned that if taxpayers are thinking of using cloud computing services they may need to obtain an assurance from their service provider that their data will only be stored in New Zealand data centers and be able to guarantee availability of their financial records. Cloud infrastructure in New Zealand is currently limited. Many New Zealand providers use overseas data centers to host their customers’ information. ICONZ not only hosts its cloud infrastructure and backups exclusively in New Zealand but also retains direct control by managing its own onshore data centers.What we’re doing may be a departure from the international trend of secrecy around cloud services, but I’m urging customers to subject all cloud providers to this level of scrutiny. Where your data is held should be stipulated in your SLA, not simply to pacify the IRD. Demand that your data be held in New Zealand for your own peace of mind, and hold your provider to it.Working in the cloud brings organisations real tangible benefits but it also raises questions, and it pays to ask them. Don’t rely exclusively on what one vendor says: there are enough independent consultants and cloud experts in New Zealand who can provide you with impartial advice. Engage with the cloud community to make the right decision. 

Related stories
Top stories
Story image
Tech job moves
Tech job moves - ARMA International, Avec, Komo & YouGov
We round up all job appointments from August 15-18, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
CCL launches Managed M365 offering for NZ work environments
CCL, the cloud specialist within Spark Business Group, has recently launched its Managed M365 offering.
Story image
InterSystems releases updates to its IRIS data platform
Provider of next-generation solutions InterSystems has announced a series of new releases to its award-winning InterSystems IRIS data platform.
Story image
Cloud Security
Organisations struggling to secure new cloud environments
“In the wake of COVID-19, organisations substantially accelerated their digital transformation initiatives to accommodate a remote workforce."
Story image
Microsoft accelerating NZ tech sector with new data centres
Microsoft’s forthcoming New Zealand data centres are introducing hyperscale public cloud capabilities on a scale previously unseen in the country.
Story image
Exclusive: LawVu streamlines the in-house legal struggle
LawVu is a New Zealand-born company successfully transforming the in-house legal industry with its category-defining workspace.
Story image
Micro-mobility companies caught at a crossroads - study
Reformulating models, operations and goals, shared micro-mobility companies can tap into a market worth US$9 billion in ride revenues in 2030.
Story image
Cloudera launches all-in-one data lakehouse cloud service
CDP One makes it faster, easier and less risky for businesses to move to the cloud and migrate existing workloads to a modern data architecture.
Story image
Schneider Electric launches Connected Services with Claroty
Schneider Electric is teaming up with Claroty to assist in maintaining cybersecurity for physical assets - a critical issue.
Story image
8x more users attacked via old Microsoft Office vulnerability in Q2
"Criminals craft malicious documents and convince their victims to open them through social engineering techniques."
Story image
Collaboration app market revenue grows 28.4% year-over-year
IDC has found that global revenues in the collaboration applications market grew 28.4% year-over-year in 2021 to $29.1 billion.
Story image
Ivanti reveals potential ROI of 261% for Endpoint Management Solution
Ivanti has announced the results of a commissioned Total Economic Impact (TEI) study conducted by Forrester Consulting.
Story image
Customer experience
Exclusive: How Accenture is changing the customer experience game
Creating highly personalised real-world customer experiences using API, near-field communication, and spatial technology is about taking a traditional experience and elevating the customer journey into a digital world.
Story image
Virgin Money works with 9Spokes to create custom offering
Virgin Money has worked with Kiwi SaaS 9Spokes to build a custom version of its business dashboard offering, M-Track, to generate stronger insights for the bank and its customers.
Story image
Digital Transformation
Federated change is the best path to digital evolution
Businesses that can successfully manage the exponentially expanding masses of data produced by modern consumers will be the businesses that survive and prosper.
Story image
Data Protection
Safeguarding your financial data
As the digital revolution marches on, managing data security has never been more important. Here are five important steps to take toward better financial data security.
Story image
Demand grows for future-proof mobile access solutions
HID Global, in partnership with IFSEC Global, recently released the 2022 State of Physical Access Control report for the fourth year running.
Story image
Crypto crime: Illicit activity falls with rest of market
Cryptocurrency scams, which typically present themselves as passive crypto investing opportunities, are less enticing to potential victims.
Story image
Business Intelligence / BI
TIBCO ranks highly in 2022 business intelligence study
Dresner Advisory Services has recognised TIBCO as a Service Leader and a Credibility Leader in Business Intelligence in the 2022 Wisdom of Crowds Business Intelligence Market Study.
Story image
Lenovo launches CO2 Offset Service for SMBs across A/NZ
Lenovo has announced the rollout of a new, first-of-its-kind CO2 Offset Service for SMBs across Australia and New Zealand. 
Story image
‘Windows shops’ target admin rights to de-risk their environments
New data shows up to 75% of critical vulnerabilities could be mitigated through a rights and privileges crackdown
Story image
CM Group recognised as Best Overall MarTech Company
MarTech Breakthrough has ranked CM Group as the Best Overall MarTech Company for the third year running and Cheetah Digital as Best Overall Marketing Campaign Management Solution.
Story image
Artificial Intelligence
Concentric AI protects sensitive data with new capabilities
The new capability reveals sensitive data shared across email and business messaging platforms and highlights who has inappropriate access to content.
Story image
Email scams
HelpSystems shines light on impact of response-based threats
Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41% of all email-based scams.
Story image
Workday research finds A/NZ organisations becoming leaders in digital agility
New research from Workday and IDC has revealed that Australia and New Zealand are becoming leaders in digital agility.
Story image
Cradlepoint launches architectural extension of NetCloud solution
With this latest release Cradlepoint is focused on helping lean IT organisations with advanced SD-WAN and zero trust capabilities.
Story image
Verizon supports Fujifilm's cybersecurity advancements
Verizon Business is supporting Japan’s Fujifilm Holdings to strengthen its global cybersecurity monitoring and cyber intelligence capabilities.
Story image
Hybrid Cloud
The essential guide to digital transformation by SolarWinds
Digital transformation is a buzzword thrown around all the time by companies, but what does it actually mean and why is it important? SolarWinds breaks it down.
Story image
Arcion extends data replication platform with new capabilities
"Arcion is committed to investing in continuous innovation. Our goal is to be the first choice in whole-product solutions for large-scale data replication."
Story image
Facial recognition
Benefits vs risks of facial recognition technology
Once a distant, futuristic concept, facial recognition technology is now found in many technological applications with a variety of different functions. 
Story image
Worldwide 5G mobile data traffic exploding - report
"With 5G, there is a wider range of deployment scenarios, forcing vendors to provide comprehensive solutions to support every need."
Story image
Gartner Magic Quadrant
Spryker named Gartner Visionary in 2022 Magic Quadrant for Digital Commerce
Spyker has announced it has been recognised by Gartner as a Visionary in the 2022 Magic Quadrant for Digital Commerce.
Story image
CISOs need to consider a risk-based cybersecurity strategy
Rather than talking in terms of attack vectors and vulnerabilities, CISOs and security decision-makers must look at actual business risk.
Story image
Australian Grand Prix uses CENNZnet blockchain for fan experience
CENNZnet was employed by Power'd Digital to deliver the Formula 1 Heineken Australian Grand Prix's 2022 AusGP Access program.
Story image
Whispir reports significant revenue growth as CaaS market expands
Australian cloud platform Whispir has announced its financial results, reporting significant growth as it continues to introduce new Communications-as-a Service (CaaS) offerings to the market.
Story image
Contact Centre
Treasure Data launches new customer experience functionality
Treasure Data has introduced a new strategic vision and product positioning for Customer Data Cloud, reflecting the company's focus.
Story image
CDC hyperscale data centres now open in New Zealand
CDC Data Centres (CDC) says two new, state-of-the-art hyperscale data centres are now open for business in Auckland.
AWS Marketplace
Learn how security orchestration, automation, and response (SOAR) enhances your security strategy.
Link image
Story image
On-premise micro data centres an emerging option for storage
Digital transformation is occurring in all industries, resulting in unprecedented amounts of data. Explore the option of storing your information on-site using micro data centres.
Story image
DDoS activity rises dramatically - Radware report
The first six months of 2022 were marked by a significant increase in DDoS activity across the globe, according to a new report.
Story image
Cyber resilience
NZ’s Cyber Resilience Framework to be evolving and potentially automated
The government's already putting $2.4 million into the Cyber Resilience Framework in its initial stages, what is it and why is it important?
Story image
Unified Communications
MAXHUB reveals latest innovations for ANZ at Integrate 2022 in Sydney
Some of the most exciting and innovative updates from this year's Integrate 2022 event have come from the leaders at MAXHUB.