(Stephen Parker, Head of Cloud Strategy)
This is a complex area covering everything from hard and complex legal facts (upon which I will claim no expert knowledge), through to illogical but equally important emotional reasons. So the answer is YES, NO and MAYBE.
- There are definitely hard legal reasons that impact where a companies data is located. Most of these are specific to certain industries (e.g. military) or types of data (e.g. accounting). Some of these legal reasons are hang overs from legislation that is too slow to move with the times, whereas others have been specifically called out by governments in response to data being located overseas (e.g. NZ regarding accounting data http://www.crn.com.au/News/241581,nz-cloud-users-asked-to-keep-local-copies.aspx and Aus banking regulator APRA http://www.itnews.com.au/News/238817,regulator-warns-australias-finance-industry-on-cloud-risks.aspx).
- For some people the issues are more about a desire to keep their loyalty to local companies (Australia has a big “Buy Australian” push) and this can impact their decision making process
- There are in some situations technical issues that come into play depending upon where data is stored. Despite improvements the speed of internet access is not equal in all directions from all locations. For example ping times between Sydney and Perth maybe 23ms, but from Perth to Rio de Janeiro are in the 400ms range. If you are in Perth trying to use a latency sensitive application and your data is in Rio this may be an issue.
- For others it is emotional – I just like to be able to go a touch my data and like the comfort of knowing that my data is local
- The final group are the misinformed and this goes both ways. Some are convinced that there are major issues when in fact there are not. Maybe even more worrying are those who are ignorant of genuine issues they face (e.g. the look on the face of an attendee at event I presented at when I talked about the location of the Salesforce European data centre i.e. in rack labelled “European date centre” in San Francisco)
- Even where there are real reasons to be conscious of data centre locations, some locations present more or less challenges both in absolute terms and relative to where you are based. Within Europe there are pretty good cross boarder agreements to protect data. In the US it is likely that the provider is actually using a US based datacentre so even real reasons for concern are covered. If you are a Russian business then a data centre in Cuba may be OK, but US based businesses may take a different view!!!
- The greatest challenge is likely to exist where the location of data is not fixed. For example Microsoft using HK as a backup for Singapore. You now have to check that your data is covered by cross border data rules in multiple (and possibly unknown) locations.
All of this said for the vast majority of customers/businesses there are few if any hard reasons why data location should impact cloud adoption. The real issue is providing the education and information to allow them to make a rational and informed decision rather than an purely emotional one. Not all data is born equal and not all data needs to be protected to the same level. This level of clarity needs to start at the very top with governments at a global level establishing regulation that reflects the globalisation of businesses and hence the distribution of company information whether that be cloud based or not. This is something that Brad Smith, Microsoft General Council (and a number of others within the industry) appears to be spending a lot of time on (http://www.bloomberg.com/news/2010-09-23/microsoft-seeks-new-u-s-privacy-law-to-propel-cloud-computing.html ).