Great story coming out of the UK last week: ” Toxic Cloud Computing, and How Open Source Can Help” by Glyn Moody. The central thesis of the story warns European companies (and other European institutions) of storing data with US companies. I’ve discussed this before and agree.
Moody writes:
“The set of relations currently defining cloud computing technologies encompasses negotiations and tensions between public authorities, private entities and public and private authorities. In this set of relationships, data protection and privacy are often objects of negotiation to the detriment of individual rights. Where cloud computing is possibly most disruptive is where it breaks away from the forty-year-old legal model for international data transfers, jeopardizing the rights of the EU citizens:
“Consumers’ rights are subsumed into a complex mesh of contracts among private entities. Therefore, from a legal perspective, the challenge of jurisdiction is central. The legal determination of both the responsibilities and legal liabilities of data controllers and processors and the rights of the individual as ‘data subject’ are paramount.
“Lack of legal certainty surrounding the concept of cybercrime and legal frameworks of cloud-based investigations, as well as inadequate tools to safeguard privacy and data protection increase the potential for misuses and abuses by law enforcement actors and agencies. European citizens’ data are not sufficiently protected in this regard. This aspect is enhanced by exceptional measures taken in the name of security and the fight against terrorism. The US context is here particularly illuminating, both in the case of the Patriot Act and in the case of the US Foreign Intelligence Surveillance Amendment Act (FISAA) of 2008. In this case, the question of the legal framework of data transfers/processing to third countries is critical.”
One way to mitigate such governmental intrusiveness is to keep company data in-house, on the company’s own servers.
But listen, that’s not the only protection keeping your own data in-house gives you. Why do you want to store — or have your employees store — your sensitive data on some third-party storage vendor? Why lose that control?
By using your own storage, you can seamlessly integrate into existing user directories, governance, security, monitoring, storage and back-up tools and follow existing data protection procedures, leverage existing intrusion detection and monitoring software to alert and correct problems, and provision new users from existing automation and directory services. AND STILL provide seamless, easy-to-use access to sensitive data users have come to expect from consumer grade services.
And because ownCloud is open source and open by nature, plug-in apps exist to extend ownCloud out of the box, enabling LDAP/AD integration, file versioning, file sharing, external file system mounts and much more. If an application or capabilities that you need is not there, simply create a new one and add it to your ownCloud server.
Don’t leave your data exposed – control your data.