| 4.4 Access
14. Location Control | |
|---|
| 4.4.14. Location Control: | | In the good old days, people imagined that physical proximity provided physical control over their data - but alas they were wrong. |
| Access Control Manager: | | An Access Control Manager is assigned for each physical location as the local country Data Controller. Each Access Control Manager does not have access to any encryption keys and so any local court order cannot gain access to the encrypted data via any local Data Controller. The Access Control Manager is protected from criminal attack to force them the give up access to the private data they control - the Access Manager can give up their authentication details in the event of any attack. In the event of a local political storm that may impact on the business, each Access Control Manager has the authority and responsibility to destroy all private encrypted data in their data center. |
| Opinion: | | When all private data is encrypted and replicated to ten or more remote and secure data centers: | | * then the possibility of loosing any data is rather unlikely. | | * then the capability of any criminal attack to fraudulently change any data in all data centers is not likely. | | * then no single person with local administration rights can damage or have any lasting impact on the overall service. | | * then any hardware, software or network failure will only have transient local impact on the overall service. |
| Location Control: | | The Application Service Provider must manage: | | Physical locations of where each copy of the encrypted data is stored at any time. | | Legal locations where agreements state one or more places for encrypted data storage. | | Political locations where Governments may exert influence and legal juristriction. | | Logical locations where Data Controllers with the encryption keys are located. |
| Control: | | Data is continually flowing between data centers in different physical data center locations - no one data center is in control. | | If data is lost or corrupted in any one data center it can progressively be rebuilt from all other locations. | | If data is fraudulently changed in any one data center it can progressively be corrected from all other locations. |
| What competitors do wrong: | | Any competitor that still uses any form of backup does not deserve to survive - continual data replication has been used for more than ten years. | | Any competitor that stores its data in one physical location will eventually loose that data - replicated data centers are mandated and the more the better. | | Any competitor that holds their encryption keys in the same legal location as their data may be subject to court order to provide full access to all that private data without informing the company that owns the data. | | Any competitor that imagines that data stored in Europe cannot be politically accessed by USA agencies is just fooling itself. | | Any competitor that uses any standard encryption method will eventually learn that every single encryption method ever designed has eventually been broken - multi-layers of different encryption methods have not been broken. |
| Example: | | A UK company signs a contract with the Irish subsidary of Amazon as a cloud service provider where data shall be backed up to India, Sweden and Brazil. | | Physical locations for encrypted data is Ireland, India, Sweden and Brazil. | | Legal location for the AWS agreement is Ireland. | | Political location is the USA and Europe where courts may have some juristriction. | | Logical location is the UK where the encryption keys are stored. |
| Factors: | | 1. Data is multi-layer encrypted with all keys held in the UK. | | 2. Encrypted data is not stored in the UK, so a UK court that demands the encryption keys may not have access tot he encrypted data. | | 3. Encrypted data is stored in Ireland, but an Irish court may not have juristriction to demand the encryption keys that are not stored in Ireland. | | 4. USA courts may hold sway with AWS in Ireland, but all data stored in Ireland is fully encrypted. | | 5. European courts may influence how data is stored in Ireland and Sweden, but may not be able to influence how data is stored in India and Brazil. |
| Administrators: | | People with administration rights have been identifed by NSA and other government agencies as the most effective people to impersonate and hack. Criminals have copied this hacking approach and this means that administrators are at high risk from criminal attacks. | | To protect administrators, they are assigned limited rights where those right can be given up to a criminal when the administrator (or family) is attacked. When an administrator leaves or becomes a criminal, the knowledge and rights that they had are inadequate to have any significant impact on the overall service. | | The majority of administrators duties, forms and access rights are very similar to any other user, the same audit trails are involved and nobody can delete data to cover up a fraud. |
|
|