Last week, the BBC reported that the Court of Justice of the European Union issued a ruling that highlights the growing opportunities for sovereign cloud providers around the globe. In this ruling, the Court invalidated the US-EU Privacy Shield Agreement which allowed US companies to receive personal data from the EU if they adhere to EU standards on data protection and privacy. The Court found that the US legal system doesn’t provide adequate protection for personal data, particularly from US legal entities.
This ruling has again amplified the issue of data sovereignty, in which data is subject to the laws of the country in which it is collected or processed and must remain within national borders. Data sovereignty is a critical factor for organizations outside the US to consider when storing data with US-based cloud providers. Although these cloud providers may offer assurances that a customer’s data will be stored within that customer’s national borders, that doesn’t guarantee full protection from access by US law enforcement.
Under the US Clarifying Lawful Overseas Use of Data Act (the CLOUD Act), American cloud service providers are required to hand over data to US authorities if commanded to do so, even if the data is stored in another country. Further complicating matters, the CLOUD Act appears to contravene GDPR – the European law governing data protection and privacy – posing legal risks for European organizations using American cloud providers.
All of this suggests that non-US organizations should think twice before using US cloud providers for data storage, even when those providers have in-country data centers. Fortunately, there are excellent alternatives in the form of Cloud Service Providers (CSPs) that operate only within a given country, thereby ensuring data sovereignty. Cloudian has a number of CSP customers that use our HyperStore S3-compatible object storage platform as the foundation of their storage service offerings.
Two examples are AUCloud and HostedBizz. AUCloud, Australia’s sovereign cloud IaaS provider, focuses exclusively on serving Australian federal, state and local governments and Critical National Industry communities. AUCloud’s offerings include Storage-as-a-Service, Backup-as-a-Service and Disaster Recovery-as-a-Service, and it’s planning to implement a new ransomware protection service powered by Cloudian and Veeam that can be managed within a VMware environment. HostedBizz is one of Canada’s premier cloud IaaS providers and recently launched a new sovereign cloud data protection offering based on our HyperStore platform.
Both AUCloud and HostedBizz turned to Cloudian because we provide limitless scalability, fully native S3 compatibility, multi-tenancy and integrated management tools such as billing and quality of service controls. HyperStore is also certified with the most rigorous international security requirements, including Common Criteria, Federal Information Processing Standard (FIPS) and SEC Rule 17a-4(f). CSPs interested in learning more about providing Cloudian-based storage services can go here for further information and also read our AUCloud case study and HostedBizz press release.
In addition, for users concerned about data sovereignty that want to keep their data on-premises rather than in a cloud service, we can deliver cloud-like scalability, flexibility and economics in their own data centers. To learn more about these private cloud solutions, go here.