Managing Export-Controlled Data In The Cloud - InformationWeek
Cloud // Software as a Service
03:10 PM

Managing Export-Controlled Data In The Cloud

As IT pros evaluate cloud computing services, they must be aware of federal regulations that restrict where certain data gets stored, or potentially face serious penalties.

In the public cloud scenario, the customer generally has no control over or knowledge of the exact location of its data, and in fact, there could be multiple copies of its data in multiple locations. Providing export-controlled data to a data center located outside the U.S. could be considered an export to the data center location, which could require export authorization.

Additionally, once the company hands over its data to the service provider, the customer has limited control over who has access to the data. From a security perspective, that is no doubt of great concern. In addition to requiring strong security controls, companies with export-controlled data must implement measures to prohibit foreign nationals from having access to their export-controlled data.

Companies wary of turning over their data to public clouds have been considering private cloud models, in which the cloud service provider constructs a cloud solely for one organization, or hybrid clouds, which enable data and application portability between a private cloud and a public cloud (so more sensitive data can be kept in the private environment).

Any scenario in which a third-party service provider has access to your company’s export-controlled data introduces risk of improper disclosure to that third party for which your company could be liable.

To minimize the risk of improper disclosure of your export-controlled data, following are some key questions to ask the cloud provider:

How is the cloud service set up to comply with U.S. export controls?

Where in the world will your data be stored?

How is sensitive data segregated and controlled?

Would any foreign nationals have access to your data?

Does an auditable trail exist?

It's important for IT departments to have answers to these questions as they evaluate cloud services.

Marsha McIntyre is an attorney at Hughes Hubbard & Reed LLP who focuses on export controls and sanctions. Prior to joining Hughes Hubbard & Reed, McIntyre worked at the U.S. Department of State, Office of the Legal Adviser, providing guidance on international trade issues.

2 of 2
Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll