White Paper

Where should I store my

data? A guide to online and
offline storage and access
How service sector businesses can minimise risk and
achieve regulatory compliance for data storage

www.servicedcloud.com
Introduction
Data storage continues to be a major consideration for businesses. With regulations covering diverse aspects
such as retention periods and sovereignty, the question of where best to store data is multi-faceted.

Traditionally, the question of where to store data could have been more accurately framed as on what media should I store data?
This was essentially about the relative merits of hard disk, tape or optical storage technologies such as data CD storage. However,
over the last decade, the increasing development of online, cloud-bas
mobile devices have changed the debate.

In this guide we discuss the options to identify the best data storage choices for businesses.

The Issues
Common to both the cloud and private business networks is the ability to share a single, centrally located data source across
connected users and devices. One of the main advantages of this is to ensure that all users are accessing the latest version with the
most up-to-date information. Whether its a spread sheet of contact e
current version of the information.

The ubiquitous nature of internet connectivity and the proliferation of mobile devices mean it is possible to work
with cloud data sources and applications while on the move or in locat

The use of cloud services unauthorised by the business also present a security risk. Rogue employees, using third-party services,
such as gotomyPC and sometimes referred to as shadow IT, poses risks from business data being put in the cloud in an
uncontrolled way.

create a local copy on a computing or a removable

storage device such as a USB stick. Quite often the motive is to be able to work with the data without network connectivity.

data such as security intelligence, witness and victim evidence for legal proceedings, or plain old business IP have all been highly
publicised and resulted in reputational damage.

Best advice
As a rule a good data management policy should strive to avoid dat
device to automatically destroy data if incorrect passwords
or decryption is attempted.

40 Beaufort Court Canary Wharf London E14 9XL Email: talk@servicedcloud.com Phone: 02070936020 www.servicedcloud.com
2. Where is the server?

The Issues
a centre. They may also be located at a remote location
h thousands of others.

re a Small Business Server is tucked in a cupboard

or just out in the open, data is vulnerable because there is no physical protection to prevent damage or theft. A locked server
ontrol, but whether that is enough depends on how sensitive
your data is and how much risk can be tolerated.

Best advice

ided by a suitable real-time technology like CCTV.

should unauthorised data access take place.

A good dedicated data centre facility should have physical security standards rated to ISO27001.
This means the facility has deployed physical security in line with accepted industry best practice.

3. Where is the data centre?

The Issues
Some businesses may use remote data centres to store server data. This could be replicating on-premise server data for the purposes
of backup and Disaster Recovery (DR); or it could be the business us al
desktop processes are concentrated.

also likely to place company information on remote data centre

he issue is the geographical location of the data centres and
which country (or countries) laws govern the data?

Data sovereignty is a barrier that has prevented some businesses fro ar

the question marks over which laws apply to data held in offshore locations have proved problematical.

The Safe Harbour agreement lets American companies use a single standard for consumer privacy and data storage in both the US
and Europe. However, recent legal challenges have brought the validity of Safe Harbour into question. In particular, US registered
companies storing European customer data in European facilities may have to surrender the data to the US authorities if so
requested, and the European Court of Justice has ruled this is invalid and that individual EU nations should set their own rules.

Best advice
For UK companies the best policy is to use UK registered companies as service providers with information storage policies that restrict
data to UK-only data centres. Private cloud solutions ensure a companys data remains under its direct control while releasing the

Private clouds operated by the service provider may be multi-tenanted, with the resource shared between different businesses without
compromising the data security of individual companies. While this r
advantages of large shared public cloud infrastructure. As in so many other spheres, the trade-off is one of cost versus risk.

40 Beaufort Court Canary Wharf London E14 9XL Email: talk@servicedcloud.com Phone: 02070936020 www.servicedcloud.com
Summary

Best advice for service sector businesses

ice seems to be:

Ensure servers, whether on-premise or remote, are physically protected

Consider encrypting server data or any data that needs to be taken o
Store data exclusively in UK data centres
hile retaining 100% control of data
Identify and work with an expert cloud service provider to ensure any solution meets the needs of the business

40 Beaufort Court Canary Wharf London E14 9XL Email: talk@servicedcloud.com Phone: 02070936020 www.servicedcloud.com
Why is Serviced Cloud a preferred technology
supplier to the service sector?
Serviced Cloud is a specialist provider of cloud technology solutions to the service sector. Serviced cloud has the expertise and
experience to help finance, recruitment, legal, travel, and software firms to meet their regulatory obligations or follow guidelines
on the use of technology.

It is our confirmed belief the cloud offers outstanding opportunities for service sector firms to leverage technology so it returns more
value to their businesses. Private cloud solutions enable businesses to enjoy operational benefits of the cloud computing architecture
while retaining 100% control of data and meet regulatory guidance.

Serviced Cloud works with in-house compliance experts or external consultants to ensure any solution exceeds interpretation of the
applicable regulatory codes. Serviced Cloud is able to provide the appropriate level of services required by the majority of finance,
recruitment, legal, travel, and software businesses.

About Serviced Cloud

Serviced Cloud is a close knit and highly professional team of technology professionals that are evangelists for cloud solutions.
This is because we believe the benefits are unrivalled by equivalent on-premise approaches to provisioning business technology.

The business benefits of the cloud are regularly highlighted in the press and deliberated in boardrooms.
Cloud technology is a topic about which the vast majority of business leaders are likely to have more than a passing interest.

Based in the heart of London in Canary Wharf, Serviced Cloud was incorporated in 2009 with a clear and simple vision.
We are dedicated to helping business leaders in financial service organisations find the best way of successfully adopting cloud
technology in their businesses. We offer best of breed Hosted Cloud Services in our ISO27001 London data centres, and help
clients to create their own Private Cloud systems in their own offices or data centres.

Our friendly and professional engineers and consultants have extensive experience, proven track records and can-do attitudes.
We offer independent advice but partner with the leading cloud technology companies to ensure seamless support.
We are serviced focused; our clients satisfaction is paramount.

www.servicedcloud.com