It’s a complex world for cloud-reliant global enterprises, especially as they navigate different countries’ varied data privacy standards.

The need for connectivity and latency drives enterprises’ international cloud strategies as many scale to serve global audiences. As a result, enterprises wind up housing their data across the globe. But as differing attitudes toward data privacy arise — especially when legislation and governance are involved — enterprises need to get serious about negating legal and security risks.

So what actions can companies take to minimize those risks while remaining compliant with international regulations?

The spectrum of international cloud storing challenges

Ultimately, the modern cloud-based enterprise’s need for global connectivity and high latency drives the requirement for cloud connectivity overseas. Maintaining cloud connectivity all over the world ensures a high-enough latency for the customer to encounter a strong and fast user experience.

But vastly different privacy environments internationally creates a compliance challenge. For example, Germany has led the data privacy legislation front since the 1970s, when it passed the world’s first federal data protection la w.

Today, it operates under Bundesdatenschutzgesetz, or BDSG, its data privacy act passed in the 1990s, with multiple amendments added since then. The act mandates that any information from a German citizen has to reside on German servers only. So if you’re a German Gmail user, all of your user data must live exclusively within Germany.

The rest of the EU, though not as stringent as Germany, has its own standards thanks to the General Data Protection Regulation (GDPR), which went into effect nearly a year ago.

China harbors a very different data privacy environment. Rather than criminalizing a lack of data privacy, the Chinese government has broad authority to access data on servers within China, as well as potentially inspecting data entering and exiting the country. It's even gone after data stored in other countries.

So while it may be beneficial to store Chinese users’ data within China, enterprises must be careful to not let others’ data into Chinese storage space at the risk of allowing its government to potentially exploit it.

China has taken further steps to control the web in the last few years, including through a VPN ban in 2018. If you store data in China, you have to count on the possibility that it will be surveyed by the government.

With two very different privacy environments, both pose a unique risk to enterprises seeking cloud space in either locale. Enterprises should know how to counter both ends of the risks.

Cloud Storage
A 'Secure Cloud Storage' drive is pictured at the CeBIT, the world's biggest IT fair, in Hanover, central Germany, March 3, 2011. JOHANNES EISELE/AFP/Getty Images

Mitigating international cloud storage risk

Operating as a modern enterprise requires a global cloud presence, which naturally exposes your business and customer data to bad actors and legal risk if that data is breached. Enterprises can follow a couple of guidelines to set their cloud model up for success and security.

  1. Employ a strong legal team – Consumers are shaken from scandals, including the 2016 U.S. election hack and the Facebook-Cambridge Analytica data breach. From a data privacy standpoint, legislation across the globe will continue to be passed and released in response to the tension. Your global enterprise needs to stay abreast of the new laws emerging across the world and understand how to comply with them. These efforts should be led by a capable and qualified legal team.
  2. Divvy up your storage strategically – If you have a strong Asia-Pacific customer base, it’s probably necessary to have cloud storage based in China. But it’s also necessary to be cautious about what data you store there. While it may make sense to store user interface data within mainland China, storing customer data is best done elsewhere. This thought process should be applied whenever your enterprise buys cloud space in a new country with specific data privacy or anti-data privacy tendencies.
  3. Find the right partner – While it can be easy to vow that your enterprise will store all users’ data in the appropriate places across the globe, executing such a task is a huge challenge. The biggest barrier to doing so successfully is gaining the right IT skills (an expensive ask) for a one-time project. This is where cloud management partners come in as a resource, especially those that specialize in global deployments for multinational corporations. They can help you set up your international cloud strategy, protect you from a range of risks depending on data nationality, and equip you to confidently run a compliant international cloud strategy.
  4. Assume the worst – While it may be a pessimistic approach, it’s necessary. Sophisticated cyberwarfare by states like China and Russia is on the rise. Unless you approach your solution and cloud strategy from a skeptical point of view, you’ll potentially overlook significant vulnerabilities.

There’s no getting around it — a multinational cloud strategy is a must for a global enterprise in 2019. While the risks of doing so range from snooping authoritarian governments to falling in line with stringent data privacy legislation, enterprises have to provide a strong user experience, no matter where the user is located.

Grant Kirkwood is chief technology officer at Unitas Global, a managed cloud services provider.