"Most people don't realize that when your data is stored in the cloud on someone else's systems alongside the data from other companies, and a legal issue arises with one of the other companies, your data may be subject to disclosure," says Mike Balter, principal of IT support firm CSI Corp.
In other words, your cloud data could be swept up in an investigation of an entirely unrelated matter — simply because it was unlucky enough to be kept on the same servers as the persons being investigated.
The classic illustration of this principle occurred in January 2012, when U.S. and New Zealand authorities shut down Kim Dotcom's MegaUpload file locker in January 2012. Along with a trove of allegedly pirated movies, the authorities confiscated the data of thousands of law-abiding customers and refused to return it. Whether those customers will ever get their data back remains unresolved.
"The risk of seizure is real," confirms Jonathan Ezor, director of the Touro Law Center Institute for Business, Law and Technology. "If there is any legal basis for law enforcement or other government officials to seize storage devices or systems — which may require a warrant in certain circumstances — and those systems contain data of both suspects and nonsuspects, all might be taken. Ultimately, any time an organization's data are stored outside of its control, it cannot prevent someone from at least gaining access to the hardware."
Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud.
"Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively," he says.
Encrypting the data will decrease the chance that anyone who seizes it will be able to read it, adds Ezor. Another good idea: Keep a recent data backup nearby. You never know when it might end up being your only copy.
Dirty IT secret No. 4: Your budget's slashed, but the boss has a blank check
RFPs are for peons
In virtually every midsize or larger organization, there are two ways to get purchases approved, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and information technology consulting firm. There's the official purchasing procedure — a time-consuming process that forces you to jump through more flaming hoops than a circus act. And there's the special procurement diamond lane, available only to a special few.
"People at the senior leadership level have their own procurement pipeline," he says. "What takes an IT person eight months to obtain through official channels these execs can get in a few weeks, if not sooner. It's what I call the Diamond Preferred plan. I've never worked with an organization in government or private industry that didn't have a secret procurement path."
Sign up for CIO Asia eNewsletters.