Since the cloud became a major platform for organizations, the issue of where and how data is stored and managed has become increasingly complex. Even small companies must navigate various legal regulations worldwide. For instance, laws like the EU’s GDPR specify exactly what data can be transferred and stored, even on a global scale.
Navigating compliance in a fragmented world
For managed service providers (MSPs), this has created its own set of problems. A single instance of an MSP’s platform often struggles to comply with the various data laws that customers encounter. However, utilizing the cloud platform’s regional data storage systems may be too expensive for the MSP to bear. For MSPs reliant on their own underlying cloud platform, the issue is even more pronounced. Implementing a system that adheres to data sovereignty rules is not easily achievable for small and medium-sized MSPs.
However, an even bigger problem has emerged. Nationalism is on the rise globally, and administrations are beginning to focus not only on laws that ensure specific data remains within geographic limits but also on accessibility to the data . While checks and balances still exist in most jurisdictions—typically requiring a court order—it is evident that some administrations are seeking ways to bypass these safeguards, moving toward direct requests that companies may find difficult to refuse.
However, an even bigger problem has emerged. Nationalistic fervor is on the rise around the globe, and administrations are beginning to look not just at laws around ensuring that specific data stays within geographic limits, but also that any data that an administration wishes to see, for whatever reason, must be made available to them. Although currently, checks and balances are still in place in most jurisdictions around such demands, generally requiring a court order, it is apparent that certain administrations are looking for ways to bypass such checks and balances and move toward more of a direct request that companies concerned may find challenging to disobey.
To this end, AWS and Microsoft Azure have taken further steps to ensure that customer data will be maintained securely.
Big cloud providers aim to ease data privacy fears
AWS offers a range of ‘Regions’ that customers can use to keep data geographically closer to them. Using more granular ‘Local Zones,’ customers can further narrow data storage to align with their country’s legal environment rather than a broader regional one. For data availability, customers can supplement a Region with an ‘Availability Zone’ and create a mirror database within the same Region if needed. Because AWS operates as separate subsidiaries in many parts of the world, the company aims to assure customers that this approach keeps their data relatively secure. However, if AWS stores the data in a subsidiary or its headquarters located within an administration of concern, is that enough to put a customer’s mind at rest? Possibly not.
Microsoft, with Azure, has gone a little further. Specifically stating that the world is now in a state of ‘geopolitical volatility’, the company came out with a set of five digital commitments for its customers in Europe. These are:
- Helping to build a broad AI and cloud ecosystem across Europe
- Upholding Europe’s digital resilience even when there is geopolitical volatility
- Continuing to protect the privacy of European data
- Helping to protect and defend Europe’s cybersecurity
- Helping to strengthen Europe’s economic competitiveness, including for open source
Although this is more than just a nod to current global events, the problem remains that this only applies to European customers and does not provide enough depth to alleviate any concerns end-user customers may have.
MSPs must take the lead on cloud security
While customers are responsible for the overall security of their data and its storage locations, MSPs often manage this security on their behalf. Therefore, MSPs must actively position themselves as their customers do.
It’s important that any solution an MSP incorporates into their stack ensures robust data protection. While the solution can leverage the underlying security of the cloud platform, it must also include additional layers of security. Although encryption is a strong contender for data security, it can create performance issues and pose challenges if there is ever a need to recover from a system failure. Even when users encrypt data at rest, they often neglect to encrypt it while in motion. Consequently, data caching for performance reasons can create a vulnerability where malicious or state actors may intercept and siphon off sensitive information.
For many customers, their data security risk profile may be such that fulfilling the basic requirements of local data protection laws is sufficient. However, for those who require enhanced protection, what additional steps can they take?
Hybrid models help safeguard sensitive data
This is where a hybrid solution can be the right solution. The MSP hosts a portion of the solution in the cloud while keeping some of on-premises. This can have severe performance issues, but it can help meet customers’ needs where the loss of personal identifiable information (PII) or high-value intellectual property (IP) is not an option.
In this setup, organizations can store data on-premises. data leak prevention (DLP) tools are used to stop any high-value data from crossing into the more public environment of the cloud. In some cases, users can use metadata to perform a degree of analysis and reporting in the cloud. An even more feasible way to manage this approach is to pull the functionality down to the on-premises environment on an as-needed basis. The system performs the functions within the confines of the private network.
MSPs still gain the benefits of offering a single-instance solution, with capabilities such as instant updates, patches, and new functionality for all customers. These benefits are available as long as the on-premises resources support over-the-top updates.
The customer benefits from a cloud-like experience while gaining maximum control over their data. However, they must be aware of any possible performance issues before they choose such a solution.
Photo: Erman Gunes / Shutterstock
