By Adrian Fern (pcitured) , Chief Technology Officer at Prizsm Technologies
Following the recent news that Microsoft is unable to guarantee the sovereignty of UK policing data stored on Azure, some commentators have suggested that a quick move away from the Microsoft cloud is probably the only option for organisations keen to ensure they remain on the right side of UK law.
The issue came to light following a Freedom of Information request that highlighted how Microsoft could not guarantee that sensitive law-enforcement data, hosted on its public cloud infrastructure, would remain in the UK – a key legal requirement for many Government bodies and regulated services, such as water, electricity and gas providers.
The disclosure also revealed how data hosted in Microsoft’s public cloud infrastructure is regularly transferred and processed overseas, a process that is inherent to its public cloud architecture and therefore causes problems for any UK government users or businesses with regulatory limitations around the offshoring of UK data. For example, the new G-Cloud 14 framework recently introduced a UK-only data hosting requirement, while under Part 3 of the Data Protection Act (DPA) 2018, there is no general approval for data transfers outside of the UK, meaning data processors not allowed to send data offshore unless they are specifically told to do so, on a case-by-case basis, and with each instance requiring direct report to the ICO.
So, what can businesses working within regulatory restrictions do to ensure their data processing remains on the right side of the law when it comes to managing data sovereignty?
The data infrastructure challenge
As initially suggested, one option is for organisations to move away from Microsoft cloud-based products as quickly as possible. Such an approach would undoubtedly open a Pandora’s box of risks, the results of which may pose more of a threat to data integrity than the good intentions behind the move.
The first challenge of such a wholesale move away from existing cloud-based infrastructure lies simply in the scale of the transformation process. For almost every Government department, public body or larger organisation, the size and tailored nature of existing data infrastructure make any transfer to new systems inherently risky. Not only would it require a significant investment of time and money, but reconfiguring aspects of the architecture – e.g. taking items out, adding them back in and designing the system to allow for regular updates – all create opportunities to lose files, corrupt key data, and open up vulnerabilities to bad actors.
There are also direct costs involved where certain cloud providers charge to pull back data stored on their infrastructure or transfer this to other providers.
The critical nature of much data means transferring existing systems away from Azure, Microsoft’s cloud-based platform, creates timing and prioritisation issues too.
To illustrate the point, if there was an edict to change the side of the road we drive on, everyone would have to change at the same time; you couldn’t have a transition period where some vehicles drove on the right while others drove on the left. Making changes to critical business infrastructure is much the same: If you wanted to move away from a particular vendor starting with one department or sub-organisation, it would likely generate a catastrophic set of interoperability problems that could represent a significant risk to the delivery of key services.
While it is relatively easy to build data storage systems organically, adding elements around a single, cloud-based provider as required; doing the reverse has to happen at one time.
Take NHS IT systems, for example. The siloed nature of the NHS’s operations and IT infrastructure mean that approaches can vary significantly between Integrated Care Boards, Trusts, hospitals and even individual wards. As a result, a lot of critical business functions happen end-to-end, with little consistency across various siloes. This variation stores up a world of problems if a wholesale move away from a single provider was required. And while many businesses are more joined up in this regard, you still have what we call ‘the pizza problem’ or ‘the sticky cheese dilemma’: That is, when everyone is using the same system (the pizza), making changes to data (toppings) that are stored and accessed across multiple departments risks creating unintentional problems ie. accidentally taking someone else’s topping (data) when trying to separate their own slice.
So, if moving away from existing cloud-based providers is possible but inherently – and undesirably – risky, what alternatives are there?
The quantum-resistant solution
One surprising answer may have its roots in the advent of quantum computing.
To protect against these super computers, new, secure data-storage solutions are being developed. Some of these disaggregate data and disseminates it across multiple storage end points: The disaggregation is at the bit level (digital ones and zeros), the dissemination is random and none of the many end points has all the binary digits for any data asset.
Reassembly of the data assets includes full integrity checks but the approach means the data cannot be decrypted as even a quantum computer working at high speed would not be able to recreate the original information with only part of the story to work from.
The implications of such a solution for data sovereignty laws are exciting.
What is data? And what does that mean for data sovereignty?
Loosely speaking, data sovereignty means that governments have control over data located within their jurisdictions. Information stored in the cloud can be subject to a variety of national laws, depending on where data is stored, processed or transmitted. With huge amounts of data stored outside of national boundaries, it is becoming a critical data and national security issue.
Rules introduced by different states typically result in both protection and limitations for organisations using cloud services, including the issues raised by the Microsoft Azure FOI request.
But what if that data was disaggregated and disbursed across multiple geographic jurisdictions? If data is broken up at bit level and randomly distributed to multiple locations across multiple cloud endpoints, not only is that ‘data’ securely stored but it should also meet data sovereignty rules, wherever in the world those end points are.
Why?
Because data can only exist in complete form. When you anonymise it and disaggregate it at bit level, it is impossible to retrieve and reconstruct without an ‘algorithm key’. From a security perspective, if elements secured in the cloud were to be accessed by storage providers, hackers or governments, all that could be accessed is random fractions of binary digits that would be unintelligible on their own. From a legal perspective, it would not constitute ‘data’ and therefore, once disaggregated, the concept of jurisdiction is removed.
The way forward
So how would this approach work in practice?
Firstly, so-called cloud protection ‘gateways’, such as those described above, can be installed on-premise, protecting data at source.
By choosing a ‘gateway’ platform that disaggregates data at bit level across multiple cloud endpoints, businesses can quickly comply with national regulations on data protection without risking data loss or architecture breakdown. This is because data sovereignty restrictions only apply to identifiable personal data, not to non-intelligible data; nor to non-personal data. Therefore, once disaggregated and distributed, data sovereignty requirements have been met.
In short, the approach allows organisations to keep existing data storage architecture – such as Microsoft Azure – in place and hone it in their own time.
Once a multi-cloud environment has been created, organisations can rebalance what data is held where, across multiple providers, maybe moving the most-sensitive data first or creating schedules for different classifications of information. What is perhaps most striking about this approach is the fact that, not only is the risk diluted by spreading storage across multiple endpoints but, the more data is managed in this way, the more obfuscated and inherently secure it becomes.
The wholesale migration of data storage architecture to new systems comes with continuity risks that can be significantly reduced by adopting this alternative approach. The design of the platform means that, in the event of loss of connectivity to the end points, or data corruption, the algorithm (accessed only by key holders) can recalculate the missing digits stored in the corrupted endpoint, restoring the original information to data owners quickly and efficiently.
It is a secure and resilient solution that not only reduces security risks but also simplifies the storage regime; reducing the need for additional support and ensuring the continued availability of data while meeting data sovereignty requirements.
The FOI story throws up a variety of interesting questions for the sector but moving wholesale away from existing architecture may well be a risky hammer to crack a nut. There are simpler, less risky and more cost effective options out there. Getting it right will be key to building a more secure, reliable data infrastructure for all.