As simple as it is to produce, consume, manipulate, and store data and applications in cloud environments, you need to ensure their availability, backup, and recovery. Surely, this can be handled by built-in mechanisms of the respective environments such as multi-location storage, backup, and restore – but what is about data safety, data integrity and privacy?
In modern cloud environments data can easily be stored and backed up in multiple locations around the globe. These approaches provide a lot of advantages: Protection from local disasters such as earthquakes or fires, faster availability of data to clients and customers in different regions of the world, decentralized and parallel processing of data, better utilization of resources, etc. And, it can be initiated easily without having to program and to learn about cloud technologies.
Brave new world, problems solved, cloud technology for the win!
But, unfortunately, things are not that simple and easy, at least from a non-technical point of view, as cloud vendors have to apply to legal regulations at the location of the data centers. Which basically means: Legal regulations, such as data privacy laws and rights of local authorities apply.
And that makes things complicated, as most organizations and individuals are not aware of the consequences and implications of utilizing geo-redundancy. Such consequences
could be: Authorities of countries may gain access to confident or user-specific data. Privacy regulations would not be fulfilled anymore, data security might be hampered, business models and customer‘s trust would vanish, if those consequences would not have been taken into account, mitigated, legally checked and communicated properly.
Is geo-redundancy a no-go then?
Of course not, but a proper planning process needs to be established and executed, involving legal and data compliance teams and clarifying these aspects with the same priority as solving technical issues. Actually, a process like this needs to be executed before, while and after solving technical issues, executing 3-2-1 backup strategies (3 copies of data, 2 storage medias, at least 1 offsite) or processing any data in a cloud environment. This ongoing and permanent process is even more required when trying to utilize multi-cloud-environments for better data isolation or to harness advantages of specific cloud environments. And it needs to remain in place, considering the ever-changing nature of laws and regulations.
So, when trying to secure data by storing and processing it in cloud environments, it is not enough to just press a button or execute a command. It is not enough just to think of a backup strategy. It is not enough to solve a technical issue or to provide faster transport of data to users. It may even be dangerous if not critical to a business to simply store data in cloud environments or to utilize awesome technical advantages such as Amazon S3, Azure Storage, blob and object stores, etc. It is not enough to hope to comply with GDPR- or other privacy regulations – you actually need to comply with them, everywhere and anytime.
When executing businesses in cloud environments, governance and legal need to be involved. They need to be part of a – THE – process. Which again should make you think of how to set up and execute processes and ensure sustainability in your cloud strategy. DevOps and other modern collaboration approaches are required to sensitize for problems and consequences of just „lifting and shifting“ into cloud environments (which is way too often performed by setting up VMs, firewalls and infrastructures, bringing in applications and not realizing the implications of moving from self-owned and self-operated data centers into vendor-owned and vendor-operated cloud environments) or of simply implementing and setting up of technical approaches.
Cloud is complex. It often encapsulates a technical complexity, making approaches as geo-redundancy and data-replication as easy as clicking on a button. But it can and it will not abstract from legal problems and data-security aspects. Moving and executing in cloud environments, your responsibility does not decrease, it actually increases and therefore needs to be understood, accepted and managed continuously and as part of a process.
As with all cloud solutions and approaches, you remain in command and you remain responsible for everything your organization creates, operates and stores.
Literally everywhere on the planet.
Karsten Samaschke, CEO od Cloudical