Cyber security is a rising concern - a fact made evident by the announcement of Google’s latest service, a feature in its Cloud Platform services to lock up your computer engine data with encryption keys, this past Tuesday, July 28th. Indeed, Google is not alone in this venture, as Amazon offers a similar encryption service for its CloudHSM host, and Microsoft offers Key Vault. The growing implementation of security features points to the growing concern for this need for security.
Interestingly enough, most of the concerns that caused these encryption developments have less to do with hackers and cybercriminals, and more to do with total privacy of data and information. This stems from protecting sensitive information and extends to protecting business operations against abusive and often futile lawsuits. The majority of websites can be protected against cybercriminal activity with the implementation of secure coding principles, updating secure server software, and encrypting sensitive information. There is another risk that looms larger than getting hacked these days however, and it is actually within the legal realm, not the illegal one.
Country Specific Legal ConcernsGoogle’s new encryption key offer is actually meant to offer businesses a peace of mind that Google itself is not looking into their personal data and vital information. Why, you may ask, would a business need to ensure privacy even from its hosting provider?
One such imposition that companies are trying to sidestep is jurisdictional laws that hinder free speech and business operations. Within the U.S., for example, which operates under the Digital Millennium Copyright Act (DMCA), individuals and organizations can request that web content be removed for any reason that may "violate” their copyright. These legal requests are DMCA takedown notices. The problem is that strict laws like these tend to hinder as much as they are meant to help, and in 2009 Google announced that "57% of the takedown notices it received were from businesses targeting competitors. Worse still, 37% of the notices were not even valid claims.”
In order to deviate around these menacing legal obstacles, companies and publications are turning to hosting their data on offshore servers. If a server is located outside of the country that the website is based in, the jurisdictional laws of that country do not apply to the content of this website and therefore cannot be banned or taken down by governing officials. With an offshore webhosting service such as Host1Plus, under an anonymous account, a website owner has peace of mind that his or her identity and information will not be exposed or threatened. He or she also receives an unimpeded channel through which to engage in uncensored free speech and ensure that business operations are unhindered.
It is important to note, however, that ‘.com,’ ‘.net,’ ‘.org,’ ‘.co,’ or ‘.us’ domains are subject to US laws regardless of where your server is based, so it is also important to choose a web domain as well as host provider that is free of jurisdictional abuses.
Some Offshore Hosting ConcernsOf course, like anything, you need to be careful with choosing an offshore host as well. Since privacy laws are different in each country, you need to ultimately choose a company that includes privacy obligations in the contract agreement. You should also thoroughly look into your hosting provider to gauge their security technology as well as their policies and procedures, right down to employee awareness, training, and the company’s screening process before hiring. And finally, you should take the extra measures to encrypt your data, ensuring that even the service provider cannot see it, coming full-circle back to Google’s encryption service.
In SummaryIt is important to consider hosting options very closely, regardless of whether they are onshore or offshore. While the topic may not be the most glamorous, your data is the heart and soul of your business and needs to be protected at all costs, from hackers and from lawyer-slinging competition.
- A World without Identity and Access Governance
- Breaking the Kill Chain: Protecting Against the Known and the Unknown
- Crypto tells the bad guys what to target
- What is a Hack?
- Big-data analysis helps QUT learn more about its security posture than ever
- Oracle sticks by CSO rant: researchers only find 3 percent of our bugs
- Australian government's data requests less successful than most, Yahoo figures show