By Mark Ridley, regional director, Africa, NetApp
The year 2014 has been a big year of progress for organisations in many industries to move their corporate data into hybrid clouds. But what exactly does this mean for data itself, particularly when it crosses over international borders? What is the impact on data governance, and what do organisations need to do to avoid regulatory and legal trouble? These are all important considerations as more and more data moves into a cloud environment.
From an IT standpoint, the cloud truly brings new meaning to the concept of geography. One of the benefits of using cloud services is that the service provider is responsible for providing and maintaining the infrastructure that houses the data, including the data centres that contain virtualized servers, storage systems, and so on.
But that doesn’t mean that organisations can take an “out-of-sight, out-of-mind” approach to using these services. Where the data is physically located should be a key consideration when choosing and using a cloud service. Given the existence of international regulations that restrict the movement of certain types of information across borders, companies need to be aware of where their data resides.
The fact is, with the growing hybrid IT environment, corporate data assets are on the move. This movement will only increase over time as enterprises outsource some of their infrastructure to service providers and global commerce expands. You can compare the data situation with that of money. A long time ago, money was mainly gold or cash, and people often stored it within reach, such as in a safe or under a mattress. Now, money has many different forms and has gone global, almost virtual. Many people have no idea where their financial assets are geographically located.
Data is going the same way. At one time most organisations stored their data behind firewalls in storage systems located in data centres owned by the particular organisation. They knew exactly where the data was, whether it was on tape or on disk drives within their facilities. Now, with the cloud, data can be physically located virtually anywhere, depending on the service provider and its scope of operations.
This situation potentially raises a number of concerns because of geopolitical issues, tax laws, security regulations, national protectionism, and other factors that can place limits on where data can be moved and stored. For example, Canadian healthcare data can be restricted from entry and storage into the United States. IT and business leaders need to determine whether they want and need to keep their data “country specific” with local service providers. They must also consider that certain types of data can be located overseas.
Clearly, where data lives and moves is a vital issue for many companies today. In a recent survey of more than 400 professionals in the United States, Europe, and Asia Pacific, an overwhelming majority of respondents (97%) said that targeting workloads toward data centres in specific regions for compliance and data sovereignty is important or very important.
Much about the hybrid cloud environment is still relatively new, and people are still trying to figure out how best to govern data in these changing times. The cloud certainly removes some of the challenges and complexities of building and running an IT infrastructure in house. But it also adds complexities in terms of maintaining data governance and control.
With the continuing growth of software as a service, infrastructure as a service, platform as a service, and the like, the management challenges of data in the cloud will only increase. However, the business cases for moving to the cloud, and particularly a hybrid cloud environment, are too compelling to ignore. Many new start-ups today are launching their businesses entirely in the cloud, without ever building a “traditional” data centre with physical servers.
At the same time, the issue of data governance and where in the world data resides can’t be ignored. Senior executives, particularly CIOs, security chiefs, and risk managers, need to stay abreast of international rules and regulations regarding data and perform due diligence when selecting cloud service providers.