My MSSP is moving its data center out of the country. They say it is only metadata. I understand metadata is just data about the data however, for a company that has a policy that states all data must remain the US I am finding difficult to move forward. Does anyone know if any articles that cover this topic?
> Mik3 (Viewer III) posted a new topic in Tech Talk on 08-21-2018 12:49 PM in the
> My MSSP is moving its data center out of the country.
Which country? The US? You may end up better off. They'll probably be moving to a jurisdiction that does have privacy laws ...
> They say it is only > metadata. I understand metadata is just data about the data
Well, "metadata" is one of those terms that's sort of loosely defined. Maybe they don't store the actual contents of the attack packets, but they do have the count and all the IP addresses that have attacked you?
From experience: this comes down to the value of the metadata and its significance including that of source IP addresses, destinations, host names and any indicator of compromise i.e. security events transferred and what giveaways it provides. A Government agency may have a particular perspective, but even then there is movement towards the use of public cloud in some circumstances./
It's a risk management decision, once people understand the value of the metadata and whether it is being encrypted in transit or exposed to the world for all and sundry to see. And who is handling and protecting it.