Ross Schulman is a Policy Manager at Google
Earlier this week, Leviathan Security Group released three white papers that explore cybersecurity in cloud computing versus local storage. Each paper examines a different aspect of security and storage, including availability, cost, and talent acquisition. In general, Leviathan finds that cloud solutions are generally more secure, resilient, and redundant than local equivalents.
A few data highlights:
So what do these findings mean from a public policy point of view? Many countries, including Brazil and Russia, have proposed laws requiring that companies keep the data of that country’s users within national borders. This idea, known as “data localization,” purports to keep citizen users safer and out of the hands of spying governments and hackers.
However, forced data localization prevents companies, governments, and organizations from realizing many of the benefits afforded by cloud services. For example, if a local data center is impacted by a natural disaster, that data is not replicated elsewhere and thus is lost. And given the shortage of security expertise, there’s simply no way that every organization’s security infrastructure for locally stored data can keep up with the state of the art. Finally, preventing small enterprises like startups from using cloud services means that they must take on additional costs in terms of talent and infrastructure, and will likely end up with systems that are less secure than what cloud infrastructure would provide. In the end, data localization reduces opportunities, results in weaker security, and, in some instances, compromises the availability of data.
To learn more about data localization proposals around the world, check out Anupam Chander's paper, "Breaking the Web: Data Localization vs. the Global Internet."
Post a Comment