In early December, I was
asked to complete yet another CTO survey from an online backup provider asking
me select my preferences for data storage location. The obvious candidates were
listed, UK, European Union, USA etc. My
first thought was that the backup provider was trying to attract new business
following the European Court of Justice ruling in October on Safe Harbour
agreements. Safe Harbor has been in
operation for the past 15 years allowing US service providers to store data
outside the European Union in the knowledge that the service provider has
signed up to providing the same standards of care of the data as that
legislated in Europe. On 6th October 2015 in the case of Maximillian Schrems v Data Protection Commissioner the European court ruled that even if US companies take
adequate protection measures, the US public authorities are not subject to the
Safe Harbor guidelines. This puts
European citizens’ data privacy at risk to US government surveillance,
effectively nullifying Safe Harbor agreements that have been the basis of data
between the European Union and US based service providers. Due to this ruling EU based organisations
should ensure that all electronic personally identifiable information is stored
within the EU.
This doesn’t mean to say
storing information anywhere within the European Union is in itself sufficient,
organisations are still responsible for ensuring that the data is secure, kept
up-to-date and only stored for only as long as is necessary.
When I received the
questionnaire my first instinct was to contact the online backup company that
had commissioned it and asked to receive a copy of the results in return for
completing the survey. Making full use
of the “other” option throughout the survey I responded stating that whilst I
understood that a recent ruling meant my business had to store personally
identifiable information within the European Union, but if all other things
were equal such as performance and security my choice would be led by the
option with the lowest carbon impact. Unfortunately
the environmental impact of datacentre services rarely features on the agenda
in most organisations, and whilst there is no definitive guide that can tell
you the amount of greenhouse gases emitted per GB of data stored there are some
very useful resources. One of the most
comprehensive is a Greenpeace Report called Clicking Clean,
whilst this is now a little out of date, published in May 2015, it is still
very informative. For example, if you
were storing data on S3 in an Amazon datacentre the report shows that if you
chose Virginia (US) only 2% of the energy would come from renewable sources, in
Dublin (Ireland) datacentre 50% is renewable whilst the Frankfurt, (Germany) the datacentre claims to be carbon neutral –
100% renewable. There are similar
examples with Microsoft Azure and Google in the report, both having Ireland
based facilities which consume only 10% renewable energy, the remaining 90%
coming from Natural Gas and Coal fired power stations. I should point out that data in reports such
as these can quickly become out of date, for example Greenpeace published a
similar report in 2012 in which Apple was
heavily criticised for its heavy use of fossil fuels at its datacentres, but
has since switched to 100% renewable power.
So next time you are
thinking about where to store your offsite backup data, you might want to ask
your service provider for their green credentials?
Some of the Datacentre green
developments to look for include the move away from air conditioning to using direct
air cooling and the also the smart application of liquid cooling.
PUE (Power Usage
Effectiveness) is the index used to measure datacentre energy efficiency, and
organisations should we working hard to drive down their PUE and thereby reduce
energy consumption.