Can Domestic-Only Cloud Services Address Cloud Computing Risks?

Share on facebook
Share on twitter
Share on linkedin

The cloud technology landscape has grown more complicated and more fraught with FUD in recent months. This is being driven by the ever-changing landscape of data residency and data privacy laws, and the growing mountain of revelations of government agencies demanding cloud service providers (CSPs) to hand over private consumer and enterprise data. For markets outside the United States, fears are particularly strong that any data stored on US soil or by US-based CSPs is vulnerable to NSA surveillance.

Some CSPs headquartered outside the US are leveraging these fears to push a model of domestic-only data centers as a way of addressing the cloud computing risks surrounding data residency and privacy. North of the US border, for example, “German software giant SAP announced plans to open its first Canadian data center,” a decision made to “help the company accommodate Canadian customers looking for in-country SAP cloud solutions,” as Business Cloud News reported recently. In fact, according to IDC research, a whopping 60 percent of Canadian cloud customers prefer their cloud services “to be delivered within Canada”.


Unfortunately, the concept of cloud services constrained by national borders—sovereign clouds, as some call them—creates more problems than it solves, and it may not even solve the problems it claims to particularly well. Let’s take a look at some reasons why.

In the first place, one of the key benefits of cloud computing, particularly for large multinational enterprises, is its ability to consolidate data, unify operations, and standardize business rules, workflows, approvals, and visibility across the entire global organization. Splitting cloud services up by nation will end up creating too many silos as providers in each country adopt their own systems. And organizations don’t even have to be particularly large to suffer the consequences of these silos. Additionally, cloud providers could never fully meet multinational customers’ demand for a domestic data center in every country in which those customers have operations.

When it comes to fears of government surveillance, meanwhile, cloud customers anxious about US government surveillance should keep in mind that keeping data off of US shores will not mitigate that particular cloud computing risk. Those non-US CSPs will simply be classified as foreign entities subject to surveillance, and there may be even less transparency and less accountability around surveillance of a foreign CSP than there is around data requests to US-based CSPs. As far as insider threats and data leaks go, meanwhile, DBAs and other sysadmins with access to sensitive data pose the same risk no matter what country they call home.

Ultimately, the sovereign cloud model cannot solve the cloud computing risks created by data residency and government surveillance issues. CSPs pushing for domestic-only clouds aren’t thinking through the various implications of their actions. The cost associated with opening more and more data centers and hosting entire SaaS applications within each country would be prohibitively high, reducing or even eliminating the cost benefits of cloud technology. Effectiveness and agility drop, too.

The risks of government surveillance and forceful data disclosures are very real, but focusing on infrastructure locality isn’t the solution.

What do you think? Tell us your opinions in the comments.


About The Author

Questions? We'll put you on the right path.

Ask about CipherCloud products, pricing, implementation, or anything else. Our knowledgeable reps are standing by, ready to help.

OR CALL 1-855-524-7437

See How CipherCloud Can Help Secure Your Data In The Cloud.

Request a FREE trial today and learn why millions of users and global companies trust CipherCloud as their data security solution.


CipherCloud, Inc.
2570 North First Street
Suite 200
San Jose CA 95131

Visionary in Gartner 2020 Magic Quadrant for CASB

© Copyrights 2020 All rights reserved.