In other words, your cloud data could be swept up in an investigation of an entirely unrelated matter -- simply because it was unlucky enough to be kept on the same servers as the persons being investigated.
The classic illustration of this principle occurred in January 2012, when U.S. and New Zealand authorities shut down Kim Dotcom's MegaUpload file locker in January 2012. Along with a trove of allegedly pirated movies, the authorities confiscated the data of thousands of law-abiding customers and refused to return it. Whether those customers will ever get their data back remains unresolved.
"The risk of seizure is real," confirms Jonathan Ezor, director of the Touro Law Center Institute for Business, Law and Technology. "If there is any legal basis for law enforcement or other government officials to seize storage devices or systems -- which may require a warrant in certain circumstances -- and those systems contain data of both suspects and nonsuspects, all might be taken. Ultimately, any time an organization's data are stored outside of its control, it cannot prevent someone from at least gaining access to the hardware."
Users who want to protect themselves against this worst-case scenario need to know where their data is actually being kept and which laws may pertain to it, says David Campbell, CEO of cloud security firm JumpCloud.
"Our recommendation is to find cloud providers that guarantee physical location of servers and data, such as Amazon, so that you can limit your risk proactively," he says.
Encrypting the data will decrease the chance that anyone who seizes it will be able to read it, adds Ezor. Another good idea: Keep a recent data backup nearby. You never know when it might end up being your only copy.
Dirty IT secret No. 4: Your budget's slashed, but the boss has a blank check
RFPs are for peons
In virtually every midsize or larger organization, there are two ways to get purchases approved, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and information technology consulting firm. There's the official purchasing procedure -- a time-consuming process that forces you to jump through more flaming hoops than a circus act. And there's the special procurement diamond lane, available only to a special few.
"People at the senior leadership level have their own procurement pipeline," he says. "What takes an IT person eight months to obtain through official channels these execs can get in a few weeks, if not sooner. It's what I call the Diamond Preferred plan. I've never worked with an organization in government or private industry that didn't have a secret procurement path."
The purpose of the official procurement process is to make it harder for employees to spend the company's money, says Meikle -- unless, of course, they know the secret handshake. Unfortunately, he adds, the CIO is usually not a member of this club, which means large tech purchases can be made without serious cost benefit analysis or consideration of IT's strategic vision.
"They'll go out to lunch, a vendor will whisper sweet nothings in their ear, and the next thing you know they've spent half a million on a mobile application management solution, not realizing you already had one," he says. "Now you have two."
Not so, contends a private consultant to the military and Fortune 100 companies who asked to remain unnamed. While there are cases where organizations may bypass standard procurement procedures, it's almost always for something the IT department needs right away and doesn't want to waste weeks cutting through red tape to get it, he says.