Article Written by Jon Toor, CMO, Cloudian
Cloud computing has become a virtual global passport for corporate data. As business information increasingly travels across borders, the risks of losing data and having it fall into the wrong hands has greatly increased over the years. Yes, you can create storage policies that determine where data will sit, and you can mandate that it reside on specific servers or determine that it go in one country but not another. But policies can be broken or ignored. When it comes to data locality, the need to "trust but verify" was never more true. Fortunately, there are new solutions to help.
Before cloud computing became a thing, the location of your data was never really an issue because it was always on a server or at a physical location that you controlled. Now the situation is infinitely more complex. Scale-out storage can span multiple data centers and geographies. A single namespace can now extend far beyond the walls of a server rack or even a country's borders. In a hybrid cloud, some data is kept on site while other types may be migrated to any of multiple cloud services.
Geographic boundaries make a difference - in many countries, data sovereignty laws now govern where the data is physically stored or accessed. EMEA in particular has stricter privacy concerns than others. Legislation continually changes, making compliance even more challenging, particularly if the right controls are not in place.
While access control is a core competency for service providers, location control might be a lower priority. A cloud provider might offer a dozen types of encryption and physical security devices like biometric sensors for their data centers, but do you know where your data physically resides? Service providers often have distributed operations. Furthermore, if you're in a hybrid cloud scenario with multiple data locations on prem and in the cloud, the uncertainty increases. Policies may have been set, but how do you know if they're correctly implemented? Two solutions are automated storage policies and a form of GPS for data.
Automated Storage Policies
A comprehensive, automated policy gives different groups or individuals within an organization the ability to set guidelines for where and how data is stored and moved. These role-based access privileges allow IT administrators or business unit owners to spread their data across any number of physical data centers and manage them together in the proverbial "single pane of glass."
You can create rules for storing physical copies, such as putting two copies in the UK data center, one copy in the United States, but no copies in Germany. Security and privacy are together linked through data control.
Once a policy has been implemented, how do you know it's been properly executed? That's where Data GPS comes in. Like the GPS on your phone, Data GPS lets you know exactly where every part of your data is located even in a hybrid cloud -- whether on-premises or on a hosted cloud service. After you set up a storage policy you can test and validate that the policy is working. Besides enabling security, a Data GPS feature for IT departments is also an extra level of credibility -- showing the business and application owner that their data is safe because you know exactly where in the world it is located.
A Data GPS quickly reveals how many copies of a file you have, as well as where those files are housed. For example, in Data Center 1 located in the UK, rack three, fourth server, disk four. It's a lot like putting a pin on a specific file to instantly locate it anywhere in the world.
For some applications and files, the level of granularity you care about is the level of security you might need. In the rare instance that someone breaks into a data center and sabotages or steals a physical server, knowing details about the data stored on that system is important. At one time, the line-of-business users might not have cared to know where their data was stored as long as they could access it as needed. However, the more enterprises add hybrid or public cloud services to their IT playbook, the more data control and visibility become mission-critical elements.