Earlier this week, Leviathan Security released their latest piece of research, called the Value of Cloud Security. This research takes a close look at cloud infrastructure security and how it's impacted by forced data localization. Google commissioned the study and discussed the results with Leviathan, but Leviathan alone is responsible for the analysis and conclusions.
When companies take advantage of cloud services, they get more secure systems as a result. Many countries, however, have proposed laws requiring that companies keep the data of that country’s users within national borders. This idea, known as “data localization,” purports to keep citizen users safer and out of the hands of spying governments and hackers. The report found that forced data localization actually undermines many of the benefits that come from cloud services:
- Cloud services provide much better resiliency and redundancy than local services in the face of disasters of all sizes, from small transformer explosions that affect 30,000 users up to superstorms the size of Thaiphoon Haiyan that can interrupt entire countries. If data has to stay in one place by law, that redundancy is lost.
- Security expertise is in short supply and tends to congregate in large organizations and sharing what expertise there is is better for everyone as a whole. E.g. - There are currently over a million unfilled security positions open worldwide and all of the GCHQ-led cybersecurity programs together will graduate just 66 PhD's per year starting in 2017. Small companies that are forced to host their own data will find it hard to compete to hire qualified security engineers.
If policymakers are thinking about the perceived benefits of datalocalization, they should carefully examine this study and take into account the cybersecurity of their country’s enterprises.You can check out the full studies on Leviathan’s blog.