Many organisations have moved part of their infrastructure to the cloud, but not all of it.
Start-ups may have email, office apps and data in the cloud, but more sensitive data might be on premise. There is still a reluctance to put data in the cloud. Often not because of sensitive data or security, but more for legal or contractual reasons.
It’s not just a question of where the data is stored, but of which countries’ companies and employees have access to that data. It’s a separate domain to security; it’s a question of legal process around access to information by governments. You can have all the technical security in place you want, but if somebody who’s got the keys to the building is given a court order to ‘open it up’, then it happens at the discretion of which jurisdictions apply.
The legal position
Good controls and good contracts can make this choice legally neutral, according to Dave Levy, associate partner at Citihub Consulting. He says that ISO 27001 details a series of controls many of them contractual to ensure that any 3rd party vendor does not become the source of a security breach.
“These controls deal with availability, confidentiality, and integrity. Most regulatory accountabilities cannot be passed onto outsourcers and thus contracts must cover the liabilities that the principal covers, guarantee compliance and commit to meaningful penalties,” he says.
Dave Sobel, senior director of Community at SolarWinds MSP, says while there may be legal and contractual reasons to keep data on-premise, it’s worth revisiting the contracts to make sure that the reasons for this still make sense.
A contract that was drawn up in a pre-smartphone era or before ubiquitous broadband may demand that data is held on-premise for reasons that no longer apply — speed of access and uptime are no longer reasons to avoid the cloud,” he says.
The effects of GDPR on data storage
As GDPR won’t dictate where data should reside, so the option to store data on-premise or in the cloud will remain.
“However, GDPR will dictate the data must be stored within the EU and must not be accessed or be accessible from outside the EU, unless it is stored or accessed by an organisation that is compliant with GDPR,” says Hill.
Kim Hindart, chief security officer and data protection officer at City Network, says that with ever increasing compliance demands all companies will have to look into automation, programmable infrastructure and Software Defined Networks (SDN) to be able to focus on what matters.
“Otherwise, they will either drown in administration or become less competitive compared to companies that automate their IT operations. This is why we believe that GDPR will further increase cloud adoption and in many cases replace on-premise solutions,” he adds.
Where is data best stored?
Price, flexibility and ease of management are the three main considerations when comparing on-premise versus cloud-based solutions.
“Although there is no real difference between storing data on-premise versus in the cloud (data is data and storage is storage, and most solutions can be found in either environment), it is important to consider file access time, when deciding on where data should reside,” says Chris Hill, director of business development, EMEA at Barracuda.
Latency is important element for many workloads, which is the amount of time it takes to access a file or application or complete a data transfer. Access times can differ wildly depending on the connection between compute and storage; slower connections can lead to access times as high as several thousand times slower than high speed links.
“With this in mind, applications that demand the highest performance are usually located in on-premise environments,” says Hill.
The obvious data candidate to store in the cloud is long term archive and backup data, as it is likely to be rarely required and is there to meet compliance requirements, says Alex Raistrick, director WEUR at Rubrik. He says that it should be encrypted and only available to the right people within an organisation.
“That said, when it is needed the situation is likely to be critical, so the mechanism used to manage that data must be robust. Running repeatable workloads in the cloud makes sense too, especially where the flexibility to increase and decrease capacity based on demand is useful.” He adds.
Hindart says the vast majority will still have the need for both since not all data are the same.
“On-premise is good from a legacy and Business continuity perspective. Cloud is far better in terms of security and innovation. With cloud, you only have to ensure that your agreements are up to par with GDPR demands. But the most important issue is keeping things interoperable and requesting IT as a service regardless if it is storage or networking,” he says.
He adds that when organisations can combine different vendors or deployments then they can be fully free to innovate.
“No single vendor can alone be the best fit for everything which is why customers need to demand openness and interoperability from their providers. Initiatives such as OpenStack play an important role to continue the evolution of the cloud landscape. Multi-vendor and multi-cloud is the way to go,” says Hindart.
The future for cloud and data storage
With the cloud's value firmly established, the challenge that enterprise IT decision-makers now face is determining how to develop an optimized approach for maximizing cloud benefits. Increasingly, these leaders are coming to realize that the answer often lies in a multi-cloud strategy.
“In many scenarios, multi-cloud deployments will deliver the greatest results for enterprises of all kinds,” says Richard Dolan, senior vice president of Marketing at Datapipe.
Over the next few years, more organisations will look at cloud-based storage options and that’s a given, according to Paul Trulove, vice president of Product Management at SailPoint.
“As cloud solutions seek to address security permutations, enhance productivity gains and save on the corporate wallet, organisations will begin to seriously consider migrating data to this platform as the benefits significantly outweigh the risks,” he says.
He adds that the transition o cloud-based applications and business productivity platforms such as Office365 are also driving this transition. “As more and more data starts out in the cloud, leveraging cloud-based storage solutions tied to these applications and platforms will become the default option for many organisations moving forward.”
