Virtualization Technology News and Information
How Data Sovereignty & Privacy Will Reshape the Cloud in 2016

Article Written by Sean Jennings, Co-founder and SVP of Solutions Architecture, Virtustream

Cloud Computing 

2015 will be known as the year the enterprise cloud truly came of age.

The cloud adoption narrative is shifting; where it was once focused almost solely on the cost and efficiency benefits, it's increasingly focused on security. Key security and compliance developments over the past few years have brought the cloud into the mainstream. It's now much more than a novel IT utility. In many cases, the cloud is a business strategy in and of itself. Additionally, with the explosion of big data, compounded by a seemingly endless sequence of high-profile breaches, businesses are no longer willing to accept gaps in security.

In an effort to ensure data is kept safe, an increasing number of compliance mandates are taking effect. We're seeing this play out across the global cloud landscape, as businesses are aren't the only ones concerned about what their data is being used for and making sure it doesn't get into the wrong hands. Case in point: emerging EU data privacy and security regulations, which are in direct response to the concerns of citizens about their own data privacy. Recently, the EU passed legislation around the proposed General Data Protection Regulation, a legal framework for data sharing and collection enforced by massive and unprecedented penalties for failure to comply. Fines for non-compliance can reach as high as four percent of a company's global revenue, which underscores what a significant concern data privacy and security have become. (Putting that in perspective, BP was fined five percent of global revenue for the Deepwater Horizon debacle that killed 11 and wreaked enormous ecological damage to the Gulf of Mexico.) Furthermore, an increasing number of countries are creating even more stringent rules around data sovereignty, with Germany ever more insistent on keeping citizens' data within country boundaries.

With so many rules and regulations around data privacy and security, the stakes have been raised and cloud service providers are being forced to rethink entire business models. Here's how I see cloud providers adapting to the data sovereignty and privacy concerns taking root in 2016.

Datacenter Expansion vs. Local Partnerships - Jury's Still Out

In 2016, no longer will massive data centers in strategic telecommunications hubs suffice for serving many countries in a region. Cloud providers will need new approaches to deliver local capacity in each market. The potential disruption of business models is significant and possibly an existential threat. Some providers will solve the problem by expanding their physical footprint by building cloud nodes within indigenous data centers inside each country's borders. This may lead to subscale economics within these countries, driving up pricing or eroding margins in these locales. 

Other providers will take the route of partnering with local service providers and network operators to build cloud nodes. This model reduces risk for both partners and accelerates time to market, but potentially leads to margin stacking and anti-competitive pricing. Ultimately marking to market will cause margin erosion, as each partner must reduce their margin requirements to remain competitive and viable in the market. The jury is still out on which approach will reign supreme. Either way, data sovereignty and locality regulations will be top-of-mind for cloud providers and the businesses relying on their services in 2016. We'll see businesses increasingly choosing their cloud provider based on their model and the ability to provide the essential tools that help them comply.

In addition to data sovereignty, another trend to watch is security emerging as a top concern from the boardroom and c-level. As businesses become increasingly aware of threats to their data, we'll see further baseline security measures demanded of cloud service providers.  

End-to-end Encryption & Key Management Become Table Stakes  

First, let's be clear that end-to-end encryption of data is already a must-have, whether applications are on premises or off. But beyond complete data encryption across cloud services, businesses are also demanding that their data be protected from government authorities seeking controversial "backdoor" access points to data as well as from potential insider threats. As such, robust key management will become table stakes. Companies require sole ownership and control over encryption keys so that they are the gatekeepers to their data. What this means is that even if the Justice Department orders a subpoena on a cloud service provider, a customer's data cannot be read without explicit permission from that company. To date, it has been standard for those cloud service providers offering encryption to hold encryption keys for customers out of convenience - this is bound to change in 2016.

Geofencing Emerges a Must-Have

Another data security measure that will become increasingly required of cloud service providers is geofencing. In making virtual machines geolocation-aware, they can only run on a server within a specific location. If anyone makes a copy of the virtual machine and tries to access the data from another data center, they won't be able to get past the BIOS - and when combined with encryption, even if they attach the disk(s) to another VM, they cannot unlock the boot sectors or data partitions, thus rendering the virtual machine and its data useless. As more and more companies put pressure on their cloud providers to keep their data safe, we'll see geofencing emerge as another table stakes security practice.

Tip of the Iceberg for Data Sovereignty & Privacy

We've just seen the tip of the iceberg with regards to laws around data sovereignty and privacy. Over the coming year, there will be a landslide of legislation that companies can no longer afford to ignore, and they'll be looking to their cloud service providers to ensure their data is not only compliant, but also secure. In 2016, the cloud providers that are able to provide businesses with the peace of mind they need will emerge as winners in the land-grab race that is the cloud.


About the Author

Sean Jennings is co-founder and Senior Vice President of Solutions Architecture at Virtustream, an EMC Federation company. Sean has over 20 years of experience enabling commercial and government enterprises of all sizes gain efficiencies and competitive advantage, through the design and deployment of creative, forward looking IT solutions. He has been at the vanguard of the migration to commodity platforms throughout his career; designing solutions around and earning numerous certifications from industry leaders including Novell, Microsoft, EMC, HP/Compaq/DEC, Checkpoint, and VMware, long before they became fashionable.

Published Thursday, February 04, 2016 6:35 AM by David Marshall
How Data Sovereignty & Privacy Will Reshape the Cloud in 2016 | C-L-O-U-D - - (Author's Link) - February 16, 2016 6:53 AM
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<February 2016>