Box launches UK-specific Box Zone with data centres in London and Cardiff

blue box logo

Box has launched an additional data zone for its Box Zones offering, presenting a new zone for the UK with separate data centres in London and Cardiff.

Back in 2016, the cloud content management company first announced Box Zones and said that it would feature eight separate locations where users can store data.

Box offers data centres in the UK, USA, Canada, Ireland, Germany, Singapore, Japan and Australia. The company adds more zones when it receives enough demand from its 90,000 customers, which is why the UK has just received its own data centres.

"Businesses today face a complex and evolving regulatory landscape, none more so than here in Britain," said Chris Baker, Box senior vice president and general manager of EMEA. "With the Brexit decision pending and the impact on regulation such as GDPR unknown, UK and European businesses are searching for ways to guarantee business continuity. The UK Zone will help companies to address data sovereignty concerns and provide certainty around their content."

If you think that the decision has anything to do with GDPR or Brexit, then you'd be wrong, according to Baker. Even if Brexit goes ahead, a possibility that's increased in likelihood over the past few days, GDPR is likely to still apply in UK law in every way but in name, so there must be another reason for opening a UK zone.

Speaking to Cloud Pro, Baker said that the main reason for launching the UK zone was because of contracts which have certain specifications which require data to be held in a certain jurisdiction. One of the requirements of GDPR is that businesses must be certain at all times where given data resides in the world.

"I know some wealth managers, for example, who in their contracts with their clients state that their information will reside in the UK," said Baker. "It's not a regulatory thing, it's just something that the client has decided to do, perhaps because that client prefers that."

Aerospace companies in the UK sell to governments in the EU, in the Far East and into North America such the USA's Department of Defence. Usually, when selling to these entities or responding to a request for proposal (RFP), there will be conditions that demand all related content, designs and contracts must reside in that entity's jurisdiction. So as a UK Aerospace company, you'll need a zone in NA in order to business there, likewise with EU governments, Baker explained.

"At Virgin Trains, we are a digital-first company with staff and offices across the UK. We are committed to ensuring that those employees have the information and tools to do their best work, even as compliance requirements continue to rapidly change," said John Sullivan, chief information officer at Virgin Trains. "The UK zone will give choice and control over our content. It is great to see Box's continued commitment to helping UK customers like Virgin Trainsproactively prepare our data residency strategy."

Data residency isn't the only factor which influenced the need for another zone. Businesses often have to visit other countries in order to take meetings, attend conferences and conduct sales and when that happens "the speed of light can be a limiting factor," said Baker.

"Latency is an issue for some customers. Box has a Singapore zone for that reason. If business people in Asia are going to the US and back, the speed of light is a limiting factor in the downloading and uploading of documents - so latency could be a reason for wanting to allocate data to a zone."

Speaking further about the extent to which Brexit and GDPR could affect businesses and their requirements for a UK Box Zone, Baker said there is concern about divergent regulations following Brexit. It's unclear whether the UK will change or amend GDPR's laws which are now domestically enshrined. "This environment is only going to get more complex," he said.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.