Data sovereignty and security should no longer make companies hesitant about backing up data to the cloud
12 Jul 2018
South African businesses are still operating under a few misconceptions when it comes to the issues of data sovereignty and security in the cloud, making organisations hesitant about migrating their data. While these misconceptions are not entirely unjustified in that there have certainly been a number of public cloud providers that have been hacked, it must be pointed out that these providers have had their data centres located in foreign countries. In anticipation of the Protection of Personal Information Act (PoPI) that makes it necessary to be able to prove that personal client data is protected and requires storage thereof to be in South Africa, there are growing numbers of maturing service providers hosting their solutions ‘as a service’ in local data centres. This should serve to eliminate much of the concern around data sovereignty and security of cloud backups in a local context and lay to rest the lingering concerns about the cloud being risky.
Clarifying lingering misconceptions
It’s understandable that the issue of data sovereignty would be a concern for businesses, given that the legislative requirement for data to be stored in South Africa has been created in order to comply with PoPI. As different countries have different laws applying to data, keeping it within local boarders makes sense. South Africa has the local expertise to clarify for organisations what our laws stipulate regarding data sovereignty, so moving data to the cloud for storage in other countries is not always the smartest move. This is because other jurisdictions might have regulations that permit the cloud storage service provider to access stored data without permission, essentially making it the property of the service provider. With South African laws, particularly PoPI, the issue of data sovereignty is clarified and the issue laid to rest, as it is necessary to store personal information locally to prove to clients that their personal data is protected. When evaluating why organisations might be hesitant to move to the cloud, most companies have voiced concern with data security. Organisations are worried that their data will be sent to the “cloud” and essentially their concern stems from being unsure where the organisation’s data is physically located, and who has access to it. This concern can be allayed, especially in a local data centre scenario, by mature cloud service providers hand-holding their clients through the process and showing them exactly where their data will be stored and how the migration will take place. By showing clients that ‘the cloud’ is in fact real – comprised of physical data centres – this provides reassurance and enables them to consider the benefits of leveraging cloud backups that are locally stored.
Benefits of keeping it local
What was previously a concern for most businesses when it came to cloud backups – the issue of security – should actually be considered the biggest incentive to do so. This is because the physical security built into custom-built local data centres is often far superior to that of most other ordinary company’s data centres. Security is a top priority for local data centres as it is a core part of their business. It’s also their business to ensure they have high power availability as well as the requisite infrastructure services – something that is often beyond the scope of smaller to mid-size companies to achieve on their own. By making use of a locally hosted data centre, organisations are able to leverage the skills, security and ensured availability, without having to shell out capital to get it. Furthermore, by outsourcing data protection and storage, companies can also start to build a Disaster Recovery (DR) plan for their businesses.
It’s no longer just about being protected against accidental deletion. By storing data off-site, there is protection against physical damage to company property. If, for example, the building is burned down, or a device falls victim to ransomware, there is a copy of such data in another physical location that can be used to rebuild the data needed to run the business. An even more lucrative benefit of backing up an organisation’s data to the cloud lies in the fact that doing so enables the back up to be used like a file server or data source. Essentially file-sharing on steroids, technology has made it possible to take the business’ file server and move it to a backup repository. This enables IT to remove the local file server, granting users access to backup copies inside the cloud file system, instead.
In short, given that cloud backup services providers have matured significantly in the last few years and in light of the fact that they will be required to comply with PoPI, organisations that have hesitated about cloud migrations should hesitate no longer. Choosing a local data centre will make their journey to PoPI compliance that much easier, and the organisation is able to tick the issues of data sovereignty and protection off their lists of concerns in doing so.