All the major cloud providers have data centres in Canada and ensure data sovereignty. I was part of the launch of Azure in Canada in 2015/16, Amazon followed about a year later.
I think I managed to do it, and turn on MS Defender. Thanks so much, all.
And I did get a couple of “No, please stay!” things from McAfee as I went along.
Likely in response to that issue… But can they assure the data is not copied to the USA? And can they assure that the parent company in the USA will not comply with an American subpoena for Canadian data if so ordered?
Not that I care, just pointing out issues that may arise. The point is, it’s complicated.
I think there is always a possibility the American courts can force access, but the Federal and Provincial governments both use commercial cloud services extensively. You can also use your own encryption keys in many cases so even if there was a US subpoena they wouldn’t be able to access the data. We have a number of hospital and municipal clients that operate in the cloud with protected data.
Admittedly I’m probably more allergic than most to marketing biz-speak, which is especially triggered by fashionable buzzwords like “cloud computing”, but this sort of statement is about as meaningless as saying that “I use toothpaste extensively” – it’s true, but it says nothing useful about my overall health practices.
All that this is really saying is that many organizations, including large ones, are going to find it cost-effective to outsource some of their IT infrastructure needs to third parties. But they also find it not just cost-effective, but practically and strategically essential, to maintain their own IT infrastructure. In the context of provincial governments, for example, the Government of Ontario recently completed a 230,000 square foot highly secure data center to serve their mission-critical IT infrastructure needs.
That state-of-the-art, highly secure date centre was opened 15 years ago according to your link. Not saying it is not still operating, but Ontario uses AWS and Azure. Microsoft 365 is used for email and collaboration.
ETA this is the business I am in. I have a pretty good idea of the uses of cloud computing.
I know. But with all respect, there are no greater distorters of perspective than a single-sided viewpoint and a vested interest. 
The Guelph data center absolutely is in operation today and growing, but due to typical government incompetence is still underutilized. Part of the problem being that the bureaucrats running it impose higher charges on internal clients than Azure. That’s a bureaucracy problem, not a technology problem. Beyond that I don’t have a lot of familiarity with the Ontario government’s IT systems.
BTW, I also used to do consulting work for some of Canada’s biggest banks and I assure you that their massive redundant data centers which support their mission-critical functions, and which are guarded with the same militaristic zeal one associates with Fort Knox or a nuclear launch facility, are at no risk of being migrated to any “clouds”.
I’m not making this up. Every bank, government, insurance company, F500 company has some cloud footprint. It may be 10%, it may be 100%.
I have a friend who is a mid-to-high level executive at a financial company’s IT department.
HIS disgust at how the “the cloud” is treated by the execs would blister paint. Basically, they fall in and out of love with all the latest trends in business, so they too wanted to move most/all of the business to the cloud, because “a miracle occurs” and costs drop.
Which… well, didn’t, because among other things, they’ve been cheaping out and using “trial” versions of various softwares (that’s another rant) and they have the organization skills of 4 year olds. At one point, they stood up a server in the cloud that was billed to one company credit card. And never updated the card. Which they found out when an entire call center couldn’t access information. When the execs came to my friend, he pointed out that it was just “GONE”. They had no backups, the company was happy to take their money again if they wanted to stand up another server, but everything ON that server (thankfully NOT customer’s money) is gone and will have to be re-done from scratch.
He also pointed out that when he discovered it, that another server was about 2 weeks from the same fate, and said one of them better to figure out whose Credit Card was going to put down for tens of thousands USD, because it sure wasn’t going to be him.
So, fun anecdote, but reinforcing the point that people making Cloud decisions are often the least informed about the realities, and that me losing a few dozen non-secure documents is different than a financial company being unable to run a call center for the better part of the week because they forgot to pay for their tools…
Do any of those outsourced “cloud” collaborations directly control the bank’s financial assets and liabilities, like the funds in client accounts?
Even back in my day, banks were overrun with third-party service providers of all kinds. What used to be “hey, we can provide you with a fantastic IVR service” has now become things like “hey, we can provide you with a fantastic AI-based digital assistant”. This is nothing new.
It seems weird to be charging critical IT infrastructure to a company credit card, rather than working through accounts payable.
See “organizational skills of four year olds”. And yes, he agrees, thus his many, Many rants on the subject.
Did I mention he’s become a mid-to-high level executive because the people above him have been fired and otherwise just disappeared in the last few years? He was happy to get the pay, willing to take the responsibility, unhappy with the bullshit. But the last 4-5 times things collapsed, he was the only one who stood up to discuss what could be Done to fix it, to the point that when he planned to leave (had a better offer in hand) a senior VP flew into town to woo him back with $$$.
That was two promotions ago. He’s replaced his immediate two levels of bosses since 2019.
I’ve been working with the banks for 3+ decades. For NDA reasons I can’t reveal any specifics but I’ve worked with at least 3 major financial services companies that are 100% cloud based, including customer ledgers. Many more of them may keep them on prem or in a private cloud with customer facing functionality, machine learning, and other services cloud hosted. Most bank apps run their back end in the cloud to provide advanced services like cheque photo deposit. Anyway, we are definitely diverting off the thread topic and I will end the hijack here.
I agree, this is a hijack and we should end it, though I hope some found it informative.
What I will say as my last word is that I’ve fully acknowledged that banks, like all large organizations, may use third-party service providers for a wide variety of ancillary functions, but no major bank – like any of Canada’s Big Five – is going to entrust their core financials – the lifeblood of the business – to a “cloud”. As I said, their massive data centers are protected with literally military-grade defenses; they’re in a completely different world from “cloud” providers.
When you say “Most bank apps run their back end in the cloud to provide advanced services like cheque photo deposit”, the terminology may be confusing to some because the “back end” here refers to the servers supporting that particular function for a phone “app”, as distinct from the “back end” referring to the bank’s main data centers supporting their primary mission-critical financial functions. Basically, if you can’t photo-deposit your cheque, it’s an inconvenience that nobody cares about very much, but if the money in your bank account suddenly disappears, a lot of people – including government regulators – are going to care very much indeed!