0

If company Trade Inc setups cloud email and cloud server and also uses mobiles and business broadband, if the owner of the competing company let's say RougeTrade Inc. has friends in UK police, he may get to know what Trade Inc is doing for example:

  • Log of his company broadband
  • Metadata of calls and texts from his mobile
  • Access data and databases stored in cloud

And that's assuming Trade Inc has nothing illegal but values business secrecy a lot because he values his customers and as it's in the trade, the competition can be reckless.

My question is what is the estimated and realistic risk of RougeTrade Inc getting onto the police data? I think that would be the factor of basically having:

  • Official permission to access this data, so no random person from govt can access it whenever he wants
  • Audited access who and what and when, so no access can be made without being logged
  • Protection against rouge suggestion or reason to access this data by the police, which is basically court order

And also there's problem with these two:

  • Surveillance data
  • Cloud data

And also assuming that Rouge Inc could be:

  • Privately owned company
  • State owned company

I am asking because I am planning a setup for the customer who is not sure whatever he should have Cloud on his own including Email (he has mail there already and it's working OK) or should he move to business Gmail and Public Cloud.

The Trade Inc also processes lot's of confidential documents from customers and collects them into large library. As the security of this data is assured the main problem comes from compromising the cloud itself and basically copying all data with encryption keys.

My fear is that if it's currently small company it may not be taken seriously and there could be several breaches using government agencies as proxies which is not so uncommon after all.

Anders
  • 64,406
  • 24
  • 178
  • 215
Aria
  • 2,706
  • 11
  • 19
  • This will depend on the cloud provider. Some hand over data to the Police with just a request; others insist on a proper warrant. – paj28 Aug 22 '16 at 13:09

1 Answers1

1

This questing reminds me of one of my most favourite quotes - Quis custodiet ipsos custodes meaning - "Who will guard the guards?" So basically, what I mean to say is, since you're making the assumption that the police have access to all the business data, there is absolutely nothing stopping RogueTrade Inc from acquiring that data via illegal means. The Govt. is run by people, and that makes it vulnerable.

How probable? Or what is the estimated risk? That's a range - all the way from pretty low to extremely high.

My suggestion - use a cloud service from a place that won't leak your information to your police. For example, Nigeria! I doubt Nigeria has great ties with UK, but I may be mistaken. You see what I mean.

There is nothing stopping you from using a cloud provider from overseas, and international law is really messy. Unless Trade Inc. is an extremely big organised-crime or related company that attracts the interest of the feds and Interpol, you should be fine.

But then again, only use a provider that you trust.

I hope this helps!

EDIT: I would also like to add that there are other ways the data might leak. Ever hear of corporate espionage?

theabhinavdas
  • 332
  • 1
  • 7
  • I'd use cloud which is based in Europe. The business is supposed to be legal but competitive. The problem I have is that the country might came on rouge, so that hosting in Belgium, Netherlands, Germany would be safer from local police. So the conclusion is that putting it in another country would make sense and then VPN to it and have it all there assured including VoIP. It would be still under survivelance of another, similarly advanced country but it would have less ties with competition. – Aria Aug 22 '16 at 13:54
  • Precisely, it would reduce the risk substantially. Sweden is another good place to look for such providers. I have heard that there are some that clearly state that they will refuse to give information to police/government but I can't be sure. – theabhinavdas Aug 22 '16 at 14:00
  • 1
    My two cent: Nigeria was a britush colony for almost a century. Would be strange if there weren't any ties. – steffen Aug 22 '16 at 16:40
  • My three cents: Apart from local data protection laws, one has to take into account the laws for transferring user data from one country to another. Germany just declared the Safe Harbour agreement void which has implications (e.g. fines) for some IT businesses. – steffen Aug 22 '16 at 16:44
  • @steffen, India was a British colony for about *200* years, it would be extremely strange if there *were* any ties. :) Either way, Nigeria was an example to convey a suggestion. I don't know much about the internal politics as I indirectly mentioned in my answer. – theabhinavdas Aug 22 '16 at 17:29
  • @0x23212f I was doubting to post that comment myself because I did get that Nigeria is not the important part of your argument. Still, I believe that there are strong ties between India and Britain, but I'm doing the same thing again... Sorry ;) – steffen Aug 23 '16 at 08:35