By Ray Jung, Solutions Engineer, FuseForward
Cloud computing has quickly become a top priority for the Canadian government sector. In 2018, the Canadian Federal Government unveiled its “cloud-first” strategy, a set of directives recognizing that the cloud “is the preferred option for delivering IT services.”
This is an exciting step towards a digital transformation within government, but the move does not come without some challenges—particularly when it comes to the location of government data.
The Case for Keeping Data Inside the Country
A key feature of the cloud is the ability for data and resources to travel rapidly from one region to another. The data accessed by a government employee in Alberta may actually be stored in a data centre in Quebec, with backups somewhere else entirely.
But when it comes to government information, the ability for data to cross borders can raise privacy and security concerns. For example, if Canadian data were to reside in the United States, the data could be accessed by the US government due to the Patriot Act. The Personal Information Protection Act in Canada, a law that protects data from being improperly disclosed, would not have legitimacy.
In response, many countries have adopted data residency laws. This legislation prevents certain information from moving internationally, in order to protect government data from foreign intrusion.
Data Residency Legislation in Canada
While Canada does not have consistent data residency laws in place nationwide, a few provinces have some form of the legislation. Both British Columbia and Nova Scotia require that all public sector data resides in Canada, while Ontario restricts only healthcare information.
Meanwhile, public sector institutions in other provinces have voluntarily implemented data residency practices in preparation for future legislation within their region.
Outside of the public sector, there are no laws that mandate Canadian companies must keep data within the country, but in some cases private sector enterprises may wish to do so.
Achieving Data Residency with the Public Cloud
The Government of Canada has specifically identified the public cloud as a top priority for its cloud-first strategy. Yet within the public sector, there is an assumption that the public cloud cannot meet data residency requirements the way on-premise systems can.
However, there are solutions available. For example, Amazon Web Services (AWS) has recently launched two data centres in Montreal. The availability of major public cloud services within the country is a significant step towards achieving data residency within the public sector.
Key Questions You Need to Address
Locally-based public cloud providers are a key step in meeting data residency requirements, but that is not all that needs to be considered. The full spectrum of your cloud operations, from business continuity to cybersecurity, needs to be addressed.
Some key factors you should consider include:
How do You Connect to Your Cloud?
When connecting to your public cloud service, your data will traverse the public internet. It is highly likely your data will leave the country at this time, voiding your data residency practices.
To prevent this, you should consider setting up a dedicated, private network connection from your premises to your cloud. You can use a tool such as AWS Direct Connect to achieve this.
How do You Achieve High Availability?
When deploying an application in the cloud, you also need to consider high availability. It’s recommended that you spread your application across two data centres—in the event of a loss of one centre, the application will continue to run. The two AWS Montreal centres are both separate entities with multiple power and network feeds and interconnected with high speed interconnects.
Deploying your application in AWS Montreal with a Direct Connect will ensure high availability while retaining data residency.
Where do Your Data Backups Occur?
As a best practice, however, your data backups should be done in a different region from where your data primarily resides. While a cloud application could be housed in one Montreal server, and backups in the other, this is not ideal. If a natural disaster were to happen in Montreal your entire system could be compromised, causing delays or even serious operational shutdowns.
To attain a resilient system while achieving true Canadian data residency, you have a couple of solutions available to you:
- Hybrid Cloud: If you have already launched an application on-premise, your backups can reside in AWS Montreal.
- Multi-Cloud: If your system is housed in AWS Montreal, you can use another cloud provider in a different city for your backups.
Both of these options will protect you from region failure, provide you with public cloud benefits and help you achieve Canadian data residency.
FuseForward: Certified AWS Partner
FuseForward is a Public Sector certified AWS Select Consulting Partner. We have worked with many public sector clients to move and operate critical workloads in the cloud, successfully addressing issues from regulatory compliance through to security.
While the public cloud provides an array of benefits to the public sector, it can be difficult to determine what solution is best for your specific needs. If you have a question, we’re happy to help. Please contact us or submit details below for a free cloud readiness assessment.