Welcome!

Cloud Security Authors: Elizabeth White, Zakia Bouachraoui, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Cloud Security, @DXWorldExpo

@CloudExpo: Blog Post

You Don’t Have to Be a Tech Giant to Navigate the End of Safe Harbor By @ttul | @CloudExpo #Cloud

A sovereign cloud strategy mitigates privacy restrictions that prevent Europeans from using services

For the last 15 years, companies operating in the United States and Europe have benefited from Safe Harbor - a streamlined process that allowed U.S. companies to transfer and store European citizens' data in the U.S. provided a level of privacy protections were adhered to according to outlined European standards. Recently, however, an Irish court has ruled, in a case brought by an Austrian citizen concerned about how Facebook was handling his private data, that the Safe Harbor agreement is inconsistent with European privacy law, as it did not require all organizations entitled to work with EU privacy-related data to comply with it. The court's decision means Ireland's Data Privacy Commissioner must review the merits of the case and make a final determination about whether Facebook is allowed to transfer private data from its European users to the United States. In the mean time, companies that had relied on the Safe Harbor process can no longer do so. In today's data-centric business world, the ruling comes as a blow to thousands of companies operating at the global scale that are now faced with navigating new, complicated individual standards - across multiple regions.

Tech giants like Microsoft, Google, Amazon and Netflix have assured customers that the ruling won't impact their ability to continue to provide services as usual. However, the same isn't necessarily the case for smaller players that have relied on Safe Harbor to grow their business and cultivate an international customer base. In fact, The Internet Associate, an alliance made up of many some of the biggest names in tech, stated that while large enterprises have put the proper mechanisms in place to prepare for any end of Safe Harbor, "smaller companies and consumers" across both continents could "experience significant challenges going forward."

Now the question for these smaller companies is "how do we continue to operate globally and comply with more than 20 disparate standards, when we lack the ability to allocate the same level of time and resources that large companies have." One potential solution companies may initially consider is coding - having programmers rewrite code that treats users differently based on IP addresses in order to meet compliancy standards by region. While it would address the individual need to meet privacy standards specific to each nation-state, the solution stands to cost tremendous amounts of time, money, and mental energy.

Novatrend, a Swiss based web-hosting company, is subject to strict privacy compliancy laws due to their location. Swiss data privacy law makes it difficult for Swiss companies to outsource data processing to foreign-operated services. In 2014, Novatrend was looking for a service provider to handle its outgoing email delivery (small providers often outsource email delivery because it's a challenging service to offer in-house). But Swiss data privacy law prevented Novatrend from sending its client's email outside of Switzerland for processing. This situation is one similar to that which many service providers will now encounter with the end of Safe Harbor. Novatrend initially contemplated outsourcing email delivery to Canada-based MailChannels; however, the physical location of MailChannels email processing infrastructure in the United States presented a problem.

To solve the problem, MailChannels set up a small "sovereign cloud" of email processing servers within Novatrend's own data center in Switzerland. With this small change, Novatrend was able to send their email through the sovereign cloud within their own data center, where it is processed using MailChannels' proprietary email delivery and anti-spam technology. As a result, Novatrend now gets the exact same benefits it would get if the data was being processed in the United States, while maintaining its adherence to Swiss data privacy laws, since the email data is kept within Switzerland while being processed.

Many non-European based cloud application providers and Software-as-a-Service providers (SaaS) should probably consider a sovereign cloud strategy as a way of mitigating privacy restrictions that prevent Europeans from using their services. They may not have to move everything to Europe, maybe just a small part - the part of an operation that actually stores and processes European citizen's data. For many applications, that means just moving a database to Europe, but keeping the command and control aspect hosted in their country of origin. The sovereign cloud approach enables providers to continue operating globally without heavy infrastructure investments, while reducing the potential of violating privacy laws with the end of Safe Harbor - and any other changes in privacy coming down the pipe.

More Stories By Ken Simpson

Ken Simpson is the co-founder and CEO of MailChannels, the world’s foremost provider of outbound anti-spam and email delivery technology. He also runs the botnet and web abuse sub-committees at the Messaging Anti-Abuse Working Group (MAAWG).

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
Machine learning has taken residence at our cities' cores and now we can finally have "smart cities." Cities are a collection of buildings made to provide the structure and safety necessary for people to function, create and survive. Buildings are a pool of ever-changing performance data from large automated systems such as heating and cooling to the people that live and work within them. Through machine learning, buildings can optimize performance, reduce costs, and improve occupant comfort by ...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Poor data quality and analytics drive down business value. In fact, Gartner estimated that the average financial impact of poor data quality on organizations is $9.7 million per year. But bad data is much more than a cost center. By eroding trust in information, analytics and the business decisions based on these, it is a serious impediment to digital transformation.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Predicting the future has never been more challenging - not because of the lack of data but because of the flood of ungoverned and risk laden information. Microsoft states that 2.5 exabytes of data are created every day. Expectations and reliance on data are being pushed to the limits, as demands around hybrid options continue to grow.
Digital Transformation and Disruption, Amazon Style - What You Can Learn. Chris Kocher is a co-founder of Grey Heron, a management and strategic marketing consulting firm. He has 25+ years in both strategic and hands-on operating experience helping executives and investors build revenues and shareholder value. He has consulted with over 130 companies on innovating with new business models, product strategies and monetization. Chris has held management positions at HP and Symantec in addition to ...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities - ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups.
As IoT continues to increase momentum, so does the associated risk. Secure Device Lifecycle Management (DLM) is ranked as one of the most important technology areas of IoT. Driving this trend is the realization that secure support for IoT devices provides companies the ability to deliver high-quality, reliable, secure offerings faster, create new revenue streams, and reduce support costs, all while building a competitive advantage in their markets. In this session, we will use customer use cases...