Article Written by Sean
Jennings, Co-founder and SVP of Solutions Architecture, Virtustream
2015 will
be known as the year the enterprise cloud truly came of age.
The cloud
adoption narrative is shifting; where it was once focused almost solely on the
cost and efficiency benefits, it's increasingly focused on security. Key
security and compliance developments over the past few years have brought the
cloud into the mainstream. It's now much more than a novel IT utility. In many
cases, the cloud is a business strategy in and of itself. Additionally, with
the explosion of big data, compounded by a seemingly endless sequence of
high-profile breaches, businesses are no longer willing to accept gaps in
security.
In an
effort to ensure data is kept safe, an increasing number of compliance mandates
are taking effect. We're seeing this play out across the global cloud
landscape, as businesses are aren't the only ones concerned about what their
data is being used for and making sure it doesn't get into the wrong hands.
Case in point: emerging EU data privacy and security regulations, which are in
direct response to the concerns of citizens about their own data privacy.
Recently, the EU passed legislation around the proposed General Data Protection
Regulation, a legal framework for data sharing and collection enforced by
massive and unprecedented penalties for failure to comply. Fines for
non-compliance can reach as high as four
percent of a company's global revenue, which underscores what a significant
concern data privacy and security have become. (Putting that in perspective, BP
was fined five percent of global revenue for the Deepwater Horizon debacle that
killed 11 and wreaked enormous ecological damage to the Gulf of Mexico.) Furthermore,
an increasing number of countries are creating even more stringent rules around
data sovereignty, with Germany ever more insistent on keeping citizens' data
within country boundaries.
With so
many rules and regulations around data privacy and security, the stakes have
been raised and cloud service providers are being forced to rethink entire
business models. Here's how I see cloud providers adapting to the data
sovereignty and privacy concerns taking root in 2016.
Datacenter Expansion vs. Local
Partnerships - Jury's Still Out
In 2016, no
longer will massive data centers in strategic telecommunications hubs suffice
for serving many countries in a region. Cloud providers will need new
approaches to deliver local capacity in each market. The potential disruption
of business models is significant and possibly an existential threat. Some providers
will solve the problem by expanding their physical footprint by building cloud
nodes within indigenous data centers inside each country's borders. This may
lead to subscale economics within these countries, driving up pricing or
eroding margins in these locales.
Other
providers will take the route of partnering with local service providers and
network operators to build cloud nodes. This model reduces risk for both
partners and accelerates time to market, but potentially leads to margin
stacking and anti-competitive pricing. Ultimately marking to market will cause
margin erosion, as each partner must reduce their margin requirements to remain
competitive and viable in the market. The jury is still out on which approach
will reign supreme. Either way, data sovereignty and locality regulations will
be top-of-mind for cloud providers and the businesses relying on their services
in 2016. We'll see businesses increasingly choosing their cloud provider based
on their model and the ability to provide the essential tools that help them
comply.
In addition
to data sovereignty, another trend to watch is security emerging as a top
concern from the boardroom and c-level. As businesses become increasingly aware
of threats to their data, we'll see further baseline security measures demanded
of cloud service providers.
End-to-end Encryption & Key
Management Become Table Stakes
First,
let's be clear that end-to-end encryption of data is already a must-have,
whether applications are on premises or off. But beyond complete data
encryption across cloud services, businesses are also demanding that their data
be protected from government authorities seeking controversial "backdoor"
access points to data as well as from potential insider threats. As such, robust
key management will become table stakes. Companies require sole ownership and
control over encryption keys so that they are the gatekeepers to their data.
What this means is that even if the Justice Department orders a subpoena on a
cloud service provider, a customer's data cannot be read without explicit
permission from that company. To date, it has been standard for those cloud
service providers offering encryption to hold encryption keys for customers out
of convenience - this is bound to change in 2016.
Geofencing Emerges a Must-Have
Another
data security measure that will become increasingly required of cloud service
providers is geofencing. In making virtual machines geolocation-aware, they can
only run on a server within a specific location. If anyone makes a copy of the
virtual machine and tries to access the data from another data center, they
won't be able to get past the BIOS - and when combined with encryption, even if
they attach the disk(s) to another VM, they cannot unlock the boot sectors or
data partitions, thus rendering the virtual machine and its data useless. As
more and more companies put pressure on their cloud providers to keep their
data safe, we'll see geofencing emerge as another table stakes security
practice.
Tip of the Iceberg for Data Sovereignty
& Privacy
We've just
seen the tip of the iceberg with regards to laws around data sovereignty and
privacy. Over the coming year, there will be a landslide of legislation that
companies can no longer afford to ignore, and they'll be looking to their cloud
service providers to ensure their data is not only compliant, but also secure.
In 2016, the cloud providers that are able to provide businesses with the peace
of mind they need will emerge as winners in the land-grab race that is the
cloud.
##
About the Author
Sean
Jennings is co-founder and Senior Vice President of Solutions Architecture at Virtustream, an EMC Federation company. Sean
has over 20 years of experience enabling commercial and government enterprises
of all sizes gain efficiencies and competitive advantage, through the design
and deployment of creative, forward looking IT solutions. He has been at the
vanguard of the migration to commodity platforms throughout his career;
designing solutions around and earning numerous certifications from industry
leaders including Novell, Microsoft, EMC, HP/Compaq/DEC, Checkpoint, and
VMware, long before they became fashionable.