Data in Exile

[While I work for Microsoft, this article represents my own opinions and not necessarily those of my employer.]

Nine months ago I wrote a little post based on what I was seeing in the news.

Data in Exile

Today I'm feeling it was more that a little prophetic, as we are seeing more and more countries deciding that putting their public sector data out into the global cloud services is a safer bet than keeping it within their own borders.

Data Storage as a Service (DSaaS) has always been a big part of the various global cloud offerings, but the last year has seen it jump in importance as countries seek to use storage which is geographically diverse and, as noted, often deliberately chosen as being beyond their own borders or region.

There seem to be (as I predicted) two main drivers for this trend, which is enabled by the greater degree of confidence in global hyper-scaler cloud data solutions.

1. Climate change is affecting weather patterns and ocean levels, putting at risk cities and infrastructure that was previously thought to be safe and reliable. For decades the biggest threat to telecommunications and IT infrastructure has not been human actions, fire, or earthquake, but flooding. Rising sea levels and increased rainfall increase the risk of a flooded service building from below and above, and it is extremely hard to defend against, or even to test whether a building is vulnerable. Countries like Tuvalu are now looking at moving not just their government data but their entire culture online in hopes of preserving it while the physical islands are gradually consumed by the rising Pacific ocean.
2. Fears of foreign invasion, insurgency, or political turmoil. Governments worry that their increasingly data-driven essential functions are at risk of foreign interference. We saw a good example of this in early 2022 with the Russian efforts to sabotage Ukraine's government information systems, both with cyber attacks and missiles targeting datacentres. Fortunately, Ukraine had already moved large parts of their essential government data out of the country, putting it beyond the reach of such attacks and allowing government to continue functioning.

In both cases the point is that keeping data within national boundaries is now seen as having a greater risk than of placing it with a global hyperscaler for safe keeping and ongoing operations. This includes, often specifically, sensitive data that includes personal information of citizens and even government secret information.

For a country that fears invasion, civil war, or an attempted coup-d'état by internal insurgents or dissenters, the advantages of placing their data in exile are two-fold. Firstly, it allows the government to continue to function at least partially while it holds on to at least some of its previous territory. Secondly, lack of access to that data will make it far more difficult for any hostile "new" administration to take control of the country. If property ownership records, bank and trade details, employment histories, police files, criminal and prison records, government financial information, tax records, passport and identity records (such as central birth, marriage and death archives), utility plans, etc are all "missing", imagine the headaches it would cause any invader to return the country into a functioning (and profitable) new conquest. They would be looking at decades of reconstruction, or more likely starting from scratch with very little understand of what they really hold. Conversely, should the legitimate government return to power, they would still have access to all of this information and be able to restore order far more quickly.

What this means has global implications. Outdated cybersecurity concepts based on keeping data within a country's own borders are starting to look outdated and naive. This becomes especially true now that cybersecurity has become both a global problem and addressed by global solutions such as AI-based malware and incident detection. A country that keeps all of its data locked away may not be aware of intrusions that have already been detected and mitigated in the wider world.

Large modern cloud services (hyperscalers) employ hundreds of cybersecurity experts working 24x7 around the world to detect and mitigate cyberthreats throughout their global networks. A threat detected in one country can be investigated by a security team working in a different timezone, and a mitigation rolled out globally before the same threat emerges in other places. A country that deliberately isolates itself from this global system benefits from neither the detection nor the fix until considerably later. Even the government of a medium-sized developed country is unlikely to have the staff, skills, and budget to mount that level of cybersecurity protection at all hours, every day of the year. For a developing nation, they have absolutely no chance of doing so.

Now there will always be some types of data that are so secret that no country will ever put them in the cloud, such as identities of intelligence agents or details of top-secret military projects. However, those are always on a far smaller scale than the massed data needed to run a country so it remains practical to find other ways of securing them. Frankly, such data should probably never be placed on any type of cloud service with connections to the Internet, perhaps not even a government-run private cloud let alone a commercial domestic CSP.

For general data though, including government data generally considered confidential, more countries exposed to the threats described above are finding the Data in Exile concept (whether they call it that or not) provides a valuable hedge against uncertainty, and holds out the promise of functional continuity during challenging times.