When we think about data being “in the cloud,” for those outside of the realm of IT, it might be easy to think of the files as floating somewhere above our heads in cyberspace, just waiting to be plucked from the air when we need them.
Obviously, that’s not the case, but many people fail to realize that even though data is stored virtually offsite, all of those files are actually on a server somewhere (you can learn more about how virtual storage really works on this cloud wiki). That server might be located across town or across the country or even overseas. While you might not think that it matters exactly where your data is stored, as long as it’s safe from unauthorized access and you can access it when you need it, the physical location of your cloud storage servers is actually very important, for several reasons.
Certain industries, notably health care and finance, are bound by strict security protocols designed to protect personal information. Companies that collect and store protected information must meet certain standards regarding administrative, physical and technical safeguards to ensure that data does not fall into the wrong hands.
The problem is that not all cloud storage and service providers are located within the U.S., and are therefore not bound by the same regulations as domestic providers. Data stored on a server overseas, for example, may not be as physically secure as that stored here in the U.S. As a result, a company that uses a service that relies on overseas data centers could find themselves out of compliance with federal regulations, and face significant fines and sanctions as a result.
For instance, many data centers are located in India, but India does not have a legal framework for cloud computing in place, nor are there any laws regarding data protection. Therefore, if your cloud storage provider stores data on a server in that country, it does not comply with U.S. laws.
For that reason, it is important to not only understand the data protection compliance standards for your industry, but to only work with cloud service providers who also understand and adhere to those rules. You must know exactly where your data is stored at all times, and ensure that it is not moved or stored in a location that doesn’t met the necessary requirements.
When Hurricane Sandy hit the New York metro area in October, 2012, dozens of data centers were taken offline due to power outages and flooding. Many were able to switch to backup generators, at least for a short time, and many transferred operations to other locations outside of the storm zone, but hundreds of clients were still left without service, in some cases for days. When choosing cloud provider, knowing where the provider is located will help you prepare for natural disasters, or at least ask questions about data center emergency preparation.
For example, if your provider relies on a data center located in tornado alley, is the physical structure built to withstand powerful storms? What are the emergency plans? If your data has to be migrated to a backup facility, where is that facility located? At the very least, knowing that your data is stored right in the line of an impending storm will help you prepare in advance and launch your own contingency and emergency plans to ensure that you don’t experience downtime or data loss.
Latency and Downtime Recovery
Practically speaking, the further away your cloud storage, the longer the latency periods you can experience.
Thanks to today’s highly sophisticated networks, latency is usually measured in fractions of seconds, which won’t be noticeable to the average user, but in some industries, particularly the financial industry, extended latency is a significant issue. When you need to react to shifts in the market with split second accuracy, even a short delay could result in the loss of thousands of dollars.
Assuming that you are legally able and willing to store your data in a distant location, keep in mind that significant distances between your business location and your data can lead to longer recovery times should something go awry.
Ideally, best practice dictates that you should not only know exactly where your data is stored at all times, but also that it should be stored in multiple locations. That way, should something go wrong — such as a natural disaster — you will not experience any downtime or lost data at all. You won’t be left with your head in the clouds, attempting to recover data or worse, engaged in damage control because you weren’t on top of your data storage.