With the World cup in full swing, one cannot help but compare the US to our neighbors around the world. The event begs it. We see our skills, our style, our strategy and our fans all juxtaposed with more established soccer powers from around the globe.
And, I have to admit, some things are just better in Europe: Soccer for one. If pressed, Ill concede fashion, sports cars, and public transportation as well. But what about Cloud Security?
Privacy: Europe 1 US 0
Given the concerns around the US Patriot Act and US government-issued blind subpoenas, there is a growing school of thought encouraging IT shops to use cloud services that are headquartered in privacy-friendly countries (i.e. EU).
Why? Well, under the US Patriot Act, US intelligence agencies are permitted to access data owned by non-US citizens stored on clouds hosted by US companies.
This perspective has been championed by European IT leaders such as John Finch, CIO of the Bank of England. Hes said, You need to think about where Cloud companies are domiciled. Even if that well-known cloud provider says dont worry, if theyre an American company, your data is linked to the American Patriot Act. That means if the FBI or CIA want it, theyve got it. Think about what youre giving and when.
Security: US 1 Europe 0
However, the data tells a different story. While privacy is important, one cannot ignore data security. Based on statistics from Skyhighs Cloud Registry, which uses a security framework developed in conjunction with the Cloud Security Alliance (CSA), 9% of cloud services headquartered in the EU are high risk, compared to only 5% of cloud services headquartered in the US. So, while EU-based cloud services provide some protection from the US Patriot Act, they do expose organizations to greater security risks.
WWJKD (What Would Jrgen Klinsmann Do)?
So, if using US providers isnt the answer, what is? Encryption is one effective solution that is gaining traction for many cloud consumers. Its important that your cloud provider provide encryption for data not just in transit, but at rest as well. Equally important, especially for European customers concerned with the privacy of their data hosted by US cloud providers, is encryption key management. If your cloud provider owns the encryption keys, the US government can subpoena your cloud provider, forcing them to de-crypt and share your data. Further, they can issue a gag order to your cloud service provider so this is done without your knowledge. In order to protect your companys security and privacy, make sure you encrypt sensitive data AND manage your own encryption keys.