GCN Tech Blog

By GCN Staff

Blog archive

Data location not the overriding factor in cloud security

One of the criticisms usually weighed against cloud computing is that, with many cloud services, the actual location of where they store your data is unknown. Google, for instance, does not divulge the location of its servers that handle Google Docs. For government agencies that need to keep track of the location of the data for policy and regulatory reasons, this is a major deal-breaker.

But should it be? Knowing where the data is located, and that proper protective measures are in place there, is certainly instrumental in safeguarding the data. But location may not be the correct way to think about these concerns, said Lew Tucker, who is the chief technology officer for cloud computing initiatives at Sun Microsystems. He brought up this point June 1 in a cloud computing panel at the CommunityOne conference.

The question of "where the bits reside, of what geography or national boundary these bits exist within," is somewhat moot, given that "we are totally connected by networks," he said.

In fact, access, rather than location, may be the better way of thinking about things.

"It really is who has access to these bits that is the really critical question, not the locale where they reside in," Tucker said. "But right now we are governed by rules about the locale of the disk drive."

It's a good distinction. When you think about the location of a particular document, or anything else, what you are really thinking about a series of bits residing on some physical medium, such as a hard drive or tape drive, which itself is probably located in a network-connected data center.

But no one who is actually inside the data center can view the data with any more ease than any than anyone else on the network, In fact, if the data resides on a server without a monitor, everyone can access the data in exactly the same way, by a terminal from some other location. Sure, a wrongdoer could sneak inside the data center and steal the server with sensitive data. But again, any data center breach can be described just as well in terms of who had access to the data center, as well as the location of the data itself.

Posted by Joab Jackson on Jun 02, 2009 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.