For a majority of companies the most important elements of IT are the connection itself, and data. I am going to concentrate on data, and how some emerging services can enhance your business. Due to the drop in the prices of connectivity and hard drive space recently, an opportunity has emerged for small and medium businesses to generate additional revenue by reselling services provided by larger organizations. These are referred to as, 'servers as a service' or 'cloud computing'.
There are a number of vendors out there providing ‘servers as a service’ setups. The servers provided range in everything from simple storage, to online back-up, MS Exchange, Customer Relations Management (CRM), and a wide range of databases. Some of these new services vary from the previous shared computing model in one major way. Each client is in a silo rather then simply a user on a large system. While systems such as these promote productivity through availability there are certain things which must be kept in mind before proceeding. The strongest one that comes to my mind is regional jurisdiction.
The ‘laws of the land’ vary from land to land. Your data should be under the laws of your land and in a place where your laws apply. Most Canadians have little to no understanding of the US Patriot Act. I consider this a good thing. When you store your data in a foreign land you place your data under foreign policy and jurisdiction. For many companies these jurisdictional concerns may not be a problem. The data involved has little to no legal concern and the focus is on availability. However other organizations need to take heed of these concerns and ensure that no problems arise. I am in this case specifically thinking of law firms and companies which deal with medical information.
Law firms have a special commitment to their clients, solicitor-client privilege, specifically in the area of confidentiality and need to maintain an environment where they maintain 100% control over data and stored communications. This concept was upheld in the Supreme Court of Canada ruling of September 2002, which stipulates to the seizure of any documents in the possession of a lawyer. The Court stated that, "a client has a reasonable expectation of privacy in all documents in the possession of his or her lawyer, which constitutes information that the lawyer is ethically bound to keep confidential and an expectation of privacy of the highest order when such documents are protected by the solicitor-client privilege."
Lawyers are constantly in possession of innumerable digital documents; when hard-drives at an out-sourced service provider are retired or damaged, what happens, is the appropriate red-flag raised? It should be. As the firm or lawyer using an out-sourced provider, this is key as they, not the provider, are tasked as the “privilege keeper”. I recommend that when considering the usage of out-sourced providers that the question of jurisdiction be of prime importance.
Some providers understand this concern and provide encrypted storage and strongly worded policies for the protection of the data owner. Amazon Web Services LLC (AWS) provides both encryption for storage and a comprehensive Acceptable Usage Policy (AUP). Of course you have to travel to King County in Washington State, USA if you are looking to pursue damages which exceed $7,500.00. In working with a colleague who has extensively used the Amazon S3 product, the storage offering, we briefly looked at the encryption methods and found that files were not easily identifiable.
Does this mean that you should not consider out-sourced services? Of course not, however, when you do consider the 'server as a service' model for your business, do so with the whole picture in mind. Taking into account those previously mentioned price drops in storage and bandwidth can also mean that 'in house' hosting is becoming more and more the expedient choice for those who value security.
Originally published January 2009
PDF this Page