Introduction and data sovereignty
The EU and the US are currently negotiating a fresh Safe Harbour agreement that retains privacy for EU citizens during transatlantic data transfers. Whatever the outcome, there are creeping data localisation laws springing up across Europe in any case, so it's tempting for private companies to strive to keep as much personal data as possible within the national borders it was produced in. Not only for security, but for compliance.
But can Europe cope with a surge in demand for local data centres? At any rate, the cloud model is changing …
Should data localisation now be standard practice?
Not according to David Barker, Technical Director at 4D, a UK data centre, cloud and colocation provider. "Data localisation is a political tool and doesn't support good technical designs or assist businesses," he says, insisting that requiring all personal data to be stored, processed and accessed only on servers within a geographical border is a knee-jerk reaction to the NSA and Edward Snowden leaks.
Others are only concerned with reacting to the fallout. "In Europe we are certainly approaching that, given the recent changes to EU data transfer laws," says Justin Giardina, Chief Technology Officer at Texas-based iland Internet Solutions, though he thinks that companies need to work with their cloud providers to manage compliance to the new laws. "Sometimes data localisation will be required, particularly for sensitive customer data."
However, it's often just as much about using advanced security technologies and following compliance processes.
Is data localisation even possible?
It may sound simple to a politician with no experience of IT, but exactly what constitutes personal data is unclear, and besides, it's hard to isolate. "Personal data is everywhere and often extremely complex to separate out so that it could be localised – it is often mixed into other general traffic on the internet," says Barker, who explains that it would require very deep packet inspection and complex routing to ensure particular data only stays within national borders. Besides, he further notes, enterprise resource planning (ERP) and customer relationship management (CRM) systems often contain mixes of data.
What could the public cloud look like?
The public cloud is dominated by AWS, with Microsoft revving up behind. Presently there is no choice on where data is stored, with the only geographical concern one of minimising latency – the closer you are to a data centre, the fewer milliseconds you have to wait when using apps and cloud BI tools. That all changes if the EU insists on data localisation.
"We can expect the major public cloud providers to start opening more local data centres with the option of hosting your data and services in those data centres," says Barker. There will also have to be much more detailed contracts between businesses and cloud providers.
Cue a new-look public cloud that's more customised, and comes with local expertise. "Public cloud providers will need to offer in-region data centres as well as data sovereignty, to assure companies that their customer data will not cross international borders," says Giardina, who thinks that public cloud customers will hence demand highly local support and service agreements.
To some extent the geographical shift has already begun. "At the moment Amazon and Microsoft are both opening UK-based data centres to supply public cloud facilities from within the UK borders primarily to meet UK government legislation," says Giardina. The UK's Data Protection Act states that data must not be transferred outside the European Economic Area 'without adequate protection'.
Hot and cold data
Is demand for EU-based data centre storage about to explode?
It depends on what the fallout is of the EU's plans to pass data localisation regulations, especially as it would appear to conflict with its plans to have a digital single marketplace.
"We do expect to see an uptick in demand for local data centre storage as companies grapple with maintaining compliance," says Giardina. "However, it is not enough to simply store data locally – the cloud security technologies that are applied to the infrastructure must be sufficient enough to protect company data and regulatory compliance."
If data localisation becomes law, then there will be a surge of demand for storage within countries' borders, but that's a trend in any case – demand for data centre space within major hub sites such as London, Frankfurt, Paris and Amsterdam is firmly on the rise.
"Demand is likely to be driven by a continued need to store the data that users are generating in an exponential fashion," says Barker, "along with more business practices being moved to a hosted software, SaaS-based delivery rather than on-premises solutions."
Can a spike in demand for EU-based data centres be met?
Not if the industry starts planning now. Data centres take about three years to plan and build before they come online, so there could be an issue a few years down the road. "But short term there is a fair amount of available and built-out technical space available within major markets," says Barker. According to http://ift.tt/TqAFwu, there are currently 1,051 colocation data centres in 24 countries in Western Europe, compared to 1,719 in the USA.
Hot and cold data
There's also the fact that there are two types of data to cater for here. "There are many new technologies that allow customers to transparently access 'hot' data locally and 'cold' data in the cloud," says Giardina, referring to both data that's frequently accessed on fast storage, and data that's rarely accessed and kept on the slowest storage.
This is the hybrid model of cloud computing, which combines both private data centres and private clouds with public clouds. "There is a push towards having more visibility into and control over cloud resources," says Giardina.
Who does data localisation benefit?
Though it might give politicians who have promised to keep citizens' data safe from the US government something to shout about, the effects of localising data could have darker unintended consequences.
"Forcing data localisation will only benefit large-scale businesses who have the resources to establish local data centres and hosting facilities within a country," says Barker, who insists that remotely hosted data isn't necessarily a security risk or a problem provided the correct controls, access policies and encryption are used. "Small to medium-sized businesses won't be able to take the risk and expense of opening more facilities just to host a potentially small fraction of their client base, and so will likely cease trading in countries that require data localisation."
That applies to the public cloud, too – only the likes of AWS and Microsoft have the resources to react quickly to changing government regulations. "Smaller providers will likely be squeezed out of markets across the EU where localisation is required," says Barker.
http://ift.tt/1WUQOJw
No comments:
Post a Comment