back to article Servers: My place or yours?

It’s practically easier to have your DC in your basement, but strategically silly. If you don’t need physical servers, it’s time to decide if it’s better to locate the virtual servers outside your building. From a practical standpoint, locating servers in your own data centres and offices would seem to be a good idea. You know …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Stop

    Always read the footnotes

    "The security and legal implications are immense"

    And yet only worthy of a single sentence right at the bottom of the page.

  2. Ralthor

    Its a matter of trust.

    Do you trust someone else to back up your data properly? Your data. Your business life.

    1. Anonymous Coward
      Black Helicopters

      Given that there have been stories about US jurisdiction

      in the Register this week, you must be absolutely certain that if you are using a Cloud service, that you understand that not only do you have to trust your supplier, but that you must agree to the legal processes in place where-ever the server(s) that hold your data are located.

      For instance, if a copy of your data exists in a US hosted data centre, you must be prepared for the US government to be able to look at that data.

      My worry is that if you engage a cloud service that hosts data in a number of countries that could include the US without you specifying that the data must not be on US soil, that the provider could be compelled to transfer the service into a US data centre so that the US government could then look at it. The same would be true about any backup solution. I know I'm being close to paranoid, but bearing in mind the way that the Patriot act is written, and the behaviour of the US Department of Homeland Security, I'm not sure if it is not justified.

      1. Anonymous Coward
        Anonymous Coward

        @AC

        You haven't been paying attention have you.

        It doesn't matter where the data is stored, the patriot act applies to US companies and probably companies that have a presence in the US. So if, for example, a US company has a data centre in Paris the DHS can ask for all that data to be made available to them.

        1. Anonymous Coward
          Meh

          Chris W.

          I'm not sure whether this is really the case, even though it is only a little further down the path of paranoia than my comment.

          It's debatable whether a US company can actually be compelled to make data available when it is stored out of the US. The DHS may like it to, but them desiring this does not make it a requirement under international law. The US must at some point accept that they don't have jurisdiction across the world (yet?), even if some of their legislators think that they do.

          They may try to blackmail their companies by making it difficult to operate in the US, but any company operating in a country is subject to the national laws of that country. No US bill can over-rule that.

          This may cause a conflict, and I don't know how that would be resolved (I don't think that there is an international court that covers this), and it would probably end up as an international incident at the governmental level.

          I have worked for a US company on UK secure sites, and there has been nothing in my T's & C's with said US company that said that I must make information available from the UK customer to the DHS, and everything to say that I *MUST NOT*, both in the UK government security policies, and the companies own operating policies for working on UK secure sites. If this were not so, do you think that GCHQ, MOD, DVLA etc would allow *ANY* US company to do work on their site, even performing hardware maintenance? And yet, patently, they do.

          I can't make out whether you are more paranoid than I, or whether you are trying to set up a straw man argument to encourage debate.

          1. Anonymous Coward
            Anonymous Coward

            @AC Re: Given that there have been stories about US jurisdiction

            I assume this is the article you were referring to

            http://www.theregister.co.uk/2011/07/04/eu_customer_cloud_data_may_be_handed_over_by_microsoft/

            In which case you'd do well to read it again, although I'll point out the relevant sentences

            1. The USA Patriot Act gives law enforcement authorities the right to access personal data held by US-based companies, regardless of where it is stored in the world

            2. Microsoft can already transfer personal data from Europe to the US under a special agreement drawn up by the European Commission and US Department of Commerce.

            3. EU companies are generally prohibited from transferring personal data to countries outside the European Economic Area unless there is adequate protection for that data.

            No doubt there are similar agreements as in point 2 with other companies and the DHS directly.

            Note that point 3 does not prohibit the transfer of data.

            The conflict is not whether data can be transferred to the US at the request of the DHS, but if done so, should the entity who the data belongs to be informed.

            If you take correcting the perception of something you already brought up to be paranoia then so be it.

    2. ZweiBlumen

      re: trust others with your data

      Actually: do you trust yourself to do this?

      Are you a security expert? A network specialist? If not, do you hire someone? And do you trust them MORE than an outfit how specialises in just this.

      Of course it's all about trust. But if I'm going to trust someone with MyData I might prefer it to be an experienced hosting company than the little shop down the street, let alone myself.

  3. Anonymous Coward
    Anonymous Coward

    Outsource my headache...

    I supposed if I outsourced myself and the handful of servers I look after then the SME I work for could justify the cost of a 'fat pipe' and the colo space but someone would still have to look after all the contractual aspects and SLAs of both (which would be tarred with the IT brush so no one would actually want to look after it). Then who would look after the desktop estate and teach users how to attach word docs to their emails? I suppose that could be outsourced too. Sounds expensive...

  4. Velv
    FAIL

    Worst Article - EVER!

    Has Alan Stevens been on the Carlsberg this morning, as this probably the best example of a really bad article I've eve come across.

    "And you don’t have to worry about building and running the data centre, with all that entails in terms of supplying power, cooling and the like."

    With all the recent examples of cloud failures, lack of backups, outages, security concerns and governement intrusion, worrying about your "data centre" is one of the highest priorities for any CIO right now.

    Just because you "outsource" some of the operation to a third party you do not devolve responsibility for your data and your operation. I would actually argue that you need to be even more in control of the situation.

    All the options mentioned are useful tools in reducing the costs of providing IT. The article however gives the impression that the cloud can remove all your headaches, when in fact it simply shifts the pain to your balls.

    1. maclovinz

      Couldn't have said it better....

      "....when in fact it simply shifts the pain to your balls."

      Perfect.

  5. Peter Fox
    FAIL

    Blame-tastic

    When something goes wrong 'in the cloud' there are so many confusions, difficulties getting to the bottom of things, difficulties of applying pressure to get things fixed that the people who should be taking responsibility have no way of doing so. The cloud is nice and elastic for variable demand but otherwise a cop-out as there isn't a definite boundary between technical hardware support, technical apps support and user or use-related issues.

  6. Anonymous Coward
    Anonymous Coward

    Extra-territorial data

    Canadians mistrust foreign businesses as much as they mistrust foreign gov'ts.

    From http://www.priv.gc.ca/speech/2005/sp-d_050511_e.cfm :

    "We have a problem. We know that a considerable amount of personal information about Canadians is transferred abroad. We don't know exactly how much. We often don't know what safeguards are in place to protect the information from misuse by foreign governments or foreign corporations. In the case of the USA PATRIOT Act, we know that the safeguards are relatively few once that information moves outside Canada."

    From http://www.priv.gc.ca/speech/2005/sp-d_050928_ts_e.cfm :

    "The ease with which the personal information of Canadians — remember, the huge majority of whom are law-abiding — can be accessed by the U.S. government through the extra-territorial impact of American commercial legislation. This is a matter of continuing concern, and is seen by many in Canada as a serious threat to the fundamental right we call privacy. "

    Not much has changed in the last 6 years.

    1. maclovinz

      Separate countries...

      Thus making the idea of separate countries even more pointless, as it doesn't really matter.

      The problem, ultimately, is that the individuals making the majority of internet transactions/actions don't understand "The Internet" conceptually.

      It's something mankind has yet to really understand the full implications of.

  7. Anonymous Coward
    Thumb Up

    COKE-O-LOCO

    I choose" yours"

    the unlimited plan

    200 cement trucks are on the way for "yours hosting (TM)" right now and um... The servers will rest inside these cement cooling structures with the spent fuel rods for dual cooling stored underneath all the sparks, heat and weight, and cigarrette butts.

    You will officially be homeland security now mostly to watch nobody crash into the cement, but...

    you get to feed on the citizens, peasants, and stuff and cover it up

    Now uh, I'm off to the gum wrapper fused 500,000 KW power distrubution vaults I've got to sharpen my golden screwdriver and haven't had my coffee.

    -- JULY 2011 SNUKEY THE BEAR SAYS:

    Keep your spent fuel safe!

    Please prevent Nuclear Earthquakes

    ... How much does that crane over the spent fuel pool weigh?

    ... How could we coffer dam the thing with clean water in a hurry?

    ... Building on an Earthquake / Tsunami Zone?

  8. Anonymous Coward
    Anonymous Coward

    Isn't the connection speed vs the spying becoming the problem?

    Just sayin

This topic is closed for new posts.

Other stories you might like