​Cloud computing: IBM overhauls access rules at Euro data centre

New rules will put data under the control of EU-based staff only; IBM will let customers encrypt with their own master keys.
Written by Steve Ranger, Global News Director

Video: Germany's telecom regulator weighs in on zero-rating practices

IBM is overhauling the way it manages data stored in one of its European cloud computing data centres, in order to give European customers tighter control over who can access it.

The move will give customers more control and transparency over where their data lives, who has access to it, and what they can do with this access. The policy may be rolled out further, IBM said.

The company will implement new controls so that access to customer data in its Frankfurt data centre is controlled by EU-based IBM employees only. EU-based staff will also review and approve all changes from non-EU based employees that could affect clients' data.

IBM said that customers will be able to review and approve all non-EU access requests to their content "if an instance requires support or access from a non-EU based employee". If granted, access is temporary and the IBM client will be notified when the temporary access is revoked. Logs that track access are made available to the client.

IBM also said it is adding to its customer support teams in Europe.

Sebastian Krause, GM of IBM Cloud Europe, said that concerns about data residency, security, and personal data protection are at an all-time high in Europe, especially with General Data Protection Regulation (GDPR) around the corner.

"Every day I hear from a wide range of global clients across every industry that they need tighter controls and visibility into where their data is stored and processed in the cloud," he said.

"The fact that explicit client approval is required for dedicated cloud instances sets IBM apart and gives clients maximum control," Krause told ZDNet.

The company also said that next year it will make it possible for customers to encrypt their data, at rest and in transit, with their own master keys.

"Encrypting data enables clients to store their data in the cloud and protect it from theft and compromise. Since the keys remain in possession of the customer, the data is protected from cloud service providers as well as from other users," Krause said.

IBM currently has 16 out of its 60 cloud data centres in Europe with data centres in France, Germany, Italy, the Netherlands, Norway, Spain, Switzerland, and the UK. Krause said the changes in Germany could roll out further.

"While data privacy is especially important in Europe, clients in many markets face regulatory pressures to protect their users' data. IBM plans to take the improvements outlined here and adopt them across other IBM locations in the future," it said.

Germany is considered to have some of the strongest data privacy legislation in the world. But more broadly, while cloud computing in theory promises that customers can cease worrying about exactly where the data is being held, in reality companies are having to pay a lot more attention to where customer data is stored.

Some of this is because of new regulations such as GDPR, which strengthen data protection in Europe. But there have also be concerns that US law enforcement could request data held in the data centres of US companies even if that data is not stored in the US.This has led some companies to change their approach significantly. For example, last year Microsoft started offering its Azure cloud services from two new German data centres where the customer data was stored under the control of a "data trustee": T-Systems International, an independent German company and subsidiary of Deutsche Telekom. Microsoft cannot access data at the sites without the customer's permission.

Image: Getty Images/iStockphoto

Previous and related coverage

What is cloud computing?

Everything you need to know from public and private cloud to software-as-a-service

Germany aims to store all users' browsing data. But court says it's breaking EU law

A law due to come into force in days in Germany on storing internet usage data breaks EU regs, a court rules.

Cloud security and IoT are the new peanut butter and jelly [Tech Pro Research]

For enterprises using cloud services with IoT, it's critical to adhere to as many security practices as possible. Experts weigh in on the best approaches to take.

More on cloud computing data centers

Editorial standards