Road Warrior Journal
The security of cloud-based data has been front and center of the news recently. A continuing stream of highly personal celebrity photographs, taken from Apple’s iCloud service and published on the public internet, has grabbed the world’s attention. This event serves to intensify the fears that big companies have when trusting their data and intellectual property to the public cloud. My travels around the world meeting with energy organizations give me the opportunity to see how this issue is viewed from a national perspective and highlight the many inconsistencies and misperceptions.
Ensuring Data Security with Legislation
On a recent trip to Indonesia, I met with a number of companies involved in running major capital projects and operating assets in oil & gas, and energy production. Indonesian law states that data relating to these activities must reside on a data server in Indonesia. The same is true for many other countries including Brazil, Egypt, and China.
The apparent reasons for this restriction are twofold:
- When participating in joint ventures, Indonesia wants to gain control over the asset data.
- When dealing with data relating to energy assets, there is a data security risk, especially in a part of the world that is subject to regular terrorist attacks.
Indonesia believes that having this data within its boundaries and control lessens the risk of the data being accessed by unauthorized parties. From the Indonesian government’s perspective, this makes sense and serves to protect Indonesian assets and intellectual property.
Global Teams Increase Quality, Efficiency and Complexity
Working with a network of suppliers ensures quality equipment, maximum efficiency and cost control on projects and operations.
A report produced by the Business RoundTable, a US-based association of leading CEO’s, neatly summed up the paradox in Indonesia’s position:
“When governments impose blanket restrictions on trade such as local data server requirements, they fight the battle for economic growth with one hand tied behind their backs. … When trade barriers disrupt the free flow of lawful information, they can result in a slowing of technological innovation and prevent companies from offering certain products and services, consequently dampening economic growth.”
During a recent trip, I was fortunate to be able to discuss these issues with representatives from the Indonesian government. It appears there are now grey areas that may allow data to be more effectively managed. The scenario we discussed was using a secure, public cloud, hosted service for supplier collaboration, EMC Supplier Exchange, which integrates with a system to manage their project documentation and processes, EMC Documentum Capital Projects. The master project documents would be stored in the management system within Indonesia; however, documents that need to be shared with the global suppliers would be transferred to the supplier collaboration space. These documents are available in the public cloud, but they remain accessible only by designated companies and individuals. Because documents are encrypted while being transferred and encrypted when stored within the cloud solution, the security risk of storing documents outside of the corporate firewall (and, in fact, the country) is minimized. To assure all parties of that the proper processes and precautions are being followed, all activities performed within the cloud solution are fully audited.
So the question to the Indonesian authorities is, “Does the use of this public cloud solution constitute an illegal act?”
Using a secure cloud solution provides improved protection compared to email, while fostering extended collaboration between project teams.
Going forward, it is essential that the very real concerns of data governance and national laws are reconciled before the benefits of the cloud can be fully realized.
Has your organization reconciled data governance and the desire to collaborate using cloud solutions? Share your thoughts and experiences below.
Intrigued with this road warrior? Catch up on his other journal entries: