Welcome!

Java IoT Authors: Zakia Bouachraoui, Elizabeth White, Pat Romanski, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Java IoT, @DXWorldExpo

@CloudExpo: Blog Post

Data Sovereignty Driving New Approaches for Enterprises | @CloudExpo #Cloud

Intralinks uses hybrid cloud to blaze a compliance trail across the regulatory mine field of data sovereignty

The next BriefingsDirect hybrid computing case study discussion explores how regulations around data sovereignty are forcing enterprises to consider new approaches to data location, intellectual property, and cloud collaboration services.

As organizations move beyond their on-premises data centers, regulation and data sovereignty issues have become as important as the technical requirements for their cloud infrastructure and applications.

To learn how organizations have been able to get the best of data control and protection -- along with business agility -- from hybrid cloud models, we're joined Richard Anstey, CTO at Intralinks, and he's based in London. The discussion is moderated by me, Dana Gardner, Principal Analyst at Interarbor Solutions.

Here are some excerpts:

Gardner: Tell us about the trends that make data sovereignty so important as a consideration when organizations look at how and where to manage, house, and store their data.

Anstey: This is becoming a much more important topic. It has obviously been in the news very much recently in association with the Safe Harbor regulation having been effectively annulled by the European courts.

Anstey

This is the regulators catching up with the Internet. The Internet has been somewhat unregulated for a long time, and quite rightly, the national and regional authorities are putting in place the right protections to ensure that citizens’ data are looked after and treated with the respect they deserve.

So it's becoming more important for companies to understand the regulatory environment, even those organizations that did not previously feel that they were subject to such regulation.

Gardner: So the pendulum seems to have swung from the Wild West Internet toward greater security oversight.  Do we expect more laws across more jurisdictions to make placement of data more restricted? Are we seeing this pendulum swing more toward regulation?

Anstey: Yes, it’s certainly swinging that way, and the big one for the European Region of course is the General Data Protection Regulation (GDPR), which is the European Commission initiative to unify the regulations, at least across the European Union. But the pendulum is swinging toward a greater level of regulation.

Gardner: How about in Asia-Pacific (APAC) and North America, what’s happening there?

 

Global issue

Anstey: Post-Snowden, this has become much more of an issue globally, and certainly across APAC there have been some very specific regulations in place for sometime, Singapore Banking Authority being the famous one, but globally this is becoming much more of an important issue for companies to be aware of.

Gardner: So while the regulatory atmosphere is becoming more important for companies to keep track of, its also more onerous for them as businesses to comply. The Internet is still a very powerful tool and people want to take advantage of cloud models and compliant data lifecycle models. Tell us about Intralinks, and about how organizations can have the best of both protected data and cloud models.

Anstey: Intralinks is in the fortunate position of having been offering cloud services in highly regulated environments for almost 20 years now. Back when we were founded, which by the way was really before most people would do their shopping online, Intralinks was operating things called Virtual Data Rooms to facilitate very high value, market-moving transactions through effectively a cloud service. We didn’t call it cloud at that time; we called it software as a service (SaaS).

But Intralinks has come from this environment. We've always been operating in highly regulated environments, and so we're able to bring that expertise that we have built up over the last 20 years or so to bear on solving this problem for a wider range of organizations as the regulation really steps in to control a greater part of the services delivered over the Internet today.

Gardner: In a nutshell, how is it that you're able to do, in a highly regulated environment, what people think of as putting everything in a cloud?

Physical location may be one thing to think about, but there's another thing called logical location.

Anstey: Well, in a nutshell, it may be tricky, because there's lot to it. There's a lot of technology that goes into this. And there are a lot of dimensions around which you need to consider this problem. It's not just about the physical location of data. Although that may be important, there are other dimensions. Physical location may be one thing to think about, but there's another thing called logical location.

The logical location is defined as the location of the control point of the encryption as opposed to the location of highly encrypted data, which many people would argue is somewhat irrelevant. If it's sufficiently encrypted, it doesn't matter where it is. The location of the key is actually more important than who controls that key, and more important than where your encrypted data lives.

In fact, we all implicitly accept that principle. When you use your online bank, you don't know the route that that information takes between your home computer and the bank. It may well be routed across the Atlantic, based on conditions of the Internet. You just don't know, and yet we implicitly accept that because it's encrypted in transit, it doesn't really matter what route it takes.

So there is the physical location and the logical location, but there is still also the legal location, which might be to what jurisdiction this information pertains. Perhaps it pertains to a citizen of a certain country, and so there is a legal location angle to consider.

And there is also a political location to consider, which may be, for example, the jurisdiction under which the service provider is operating and where the headquarters of that service provider is.

Four dimensions

There are four dimensions already, but there is another one as well, which is the time dimension. While it may be suitable for you to share information with a third party in perhaps a different jurisdiction for a period of time, the moment that business agreement comes to an end, or perhaps the purpose or the project for which that information was being used has come to an end, you also need to be able to clear it up.

You need to tidy up and remove those things over time and make sure that just because that particular information-sharing activity was valid at one point, it doesn't mean that that’s true forever, and so you need to take the responsibility to clear it up. So there are technologies that you can bring to bear to make that happen as well.

Gardner: It sounds as if there is a full spectrum, a marketplace, of different solutions and approaches to suit whatever particular issues an organization needs in order to satisfy the regulatory, audit, and other security requirements.

Tell us about how you have been working with HPE to increase this marketplace and solve data sovereignty issues as they become more prominent in more places.

Anstey: The thing that HPE really helps us with is the fact that while we've been able for quite a long time to have data centers in multiple regions -- as the regulation and the requirements of our customers grow -- we need to be even more agile with bringing new workloads up and running in different locations.

With HPE Helion OpenStack we're able to spin up a new environment -- a new data center perhaps, or a new service -- to run in a new location far more quickly and more cost effectively than we would otherwise be able to if we were starting from the ground-up.

Gardner: So it's important to not just be able to take advantage of cloud conceptually, but to be able to move those cloud data centers, have the fungibility, if you will, of a cloud infrastructure, a standardized approach that can be accepted in many different data-center locations, many different jurisdictions.

Is that the case, and what can we expect for the depth and reach of your services? Are you truly global?

Anstey: We are certainly truly global. We've been operating right across the world for a number of years now. The key elements that we require from this infrastructure are things like workload portability and the ability to plug into additional service providers at any time we need to be able to create a truly distributed platform.

In order to do that, you need some kind of cloud operating system, and that's what we feel we get from the HPE Helion OpenStack technology. It means that we have become much more portable to move our services around whenever we need to.

Gardner: When you're an organization and you know that there's that data portability, that there's a true global footprint for your data that you can comply with the regulations, what does that do for you as a business?

How does this, from a business perspective, benefit your bottom line? How does it translate into business terms?

Enormous uncertainty

Anstey: The key thing to realize is that there has been an enormous amount of uncertainty, and in a way, the closure of the Safe Harbor agreement has been a good thing in that there was always some doubt over its applicability and its suitability. If you'll forgive the pun, there was a cloud hanging over it. When you remove that, you still have to get a little bit more certainty, of ... "Well, that thing definitely doesn't work and so we need to have a different structure."

Nevertheless, what happens in that environment of uncertainty is that people start to play it safe and they start to think, "This cloud thing is a bit scary. Maybe we should just do it all ourselves, or maybe we should only consider private cloud deployments." When you do that, you cut off the huge options and agility that's available from using the cloud to its full extent.

What would be a bad thing is if, as the pendulum swings, as you described, toward regulation, people retreat and give up and say, "This Internet thing, we don’t want to do that. We're going to reverse the trends and the huge technological advances that we've been able to leverage over the last 10 years of growth of cloud."

We believe that by building technology in the way that we are able to construct it, with all of those options associated with ways in which you can demonstrably prove that you are responsibly looking after data over time, you don't have to sacrifice the agility of the cloud in order to adhere to the regulations as they come in.

The net is cast wider and wider for the regulation, to the point where any company that deals with personal data and needs to use that data for legitimate business purposes will now be covered by regulation.

Gardner: We've talked about data sovereignty from a geographic perspective, but how about vertical industries? Are there certain industries that require that global reach, but also need to be highly regulated?

Anstey: The vast majority of the global banks are our customers already. We also have a very large footprint in the life sciences, which often has a similar nature in terms of the level of regulation, especially if you're dealing with patient data in the field of clinical trials, for example.

But the reality is that, as this pendulum swings, the net is cast wider and wider for the regulation, to the point where any company that deals with personal data and needs to use that data for legitimate business purposes will now be covered by regulation. This isn't just guidance now.

When we get through to the next level of EU regulation, there are some serious fines, including criminal penalties for executives and fines of up to two percent of global revenue, which really makes people wake up. It will make a far wider group of companies wake up than the previous ones who knew that they were operating in a strict regulatory framework.

Gardner: So in other words, this probably is going to pertain to many more industries than they may have thought. This is really something that’s going to hit home for just about everybody.

Anstey: Absolutely. Every industry becomes a regulated industry at that point, when to do business you need to handle the type of data that gets covered by the regulation, especially if you are operating in the EU, but as we described, with more to follow.

Listen to the podcast. Find it on iTunes. Get the mobile app. Read a full transcript or download a copy. Sponsor: Hewlett Packard Enterprise.

You may also be interested in:

More Stories By Dana Gardner

At Interarbor Solutions, we create the analysis and in-depth podcasts on enterprise software and cloud trends that help fuel the social media revolution. As a veteran IT analyst, Dana Gardner moderates discussions and interviews get to the meat of the hottest technology topics. We define and forecast the business productivity effects of enterprise infrastructure, SOA and cloud advances. Our social media vehicles become conversational platforms, powerfully distributed via the BriefingsDirect Network of online media partners like ZDNet and IT-Director.com. As founder and principal analyst at Interarbor Solutions, Dana Gardner created BriefingsDirect to give online readers and listeners in-depth and direct access to the brightest thought leaders on IT. Our twice-monthly BriefingsDirect Analyst Insights Edition podcasts examine the latest IT news with a panel of analysts and guests. Our sponsored discussions provide a unique, deep-dive focus on specific industry problems and the latest solutions. This podcast equivalent of an analyst briefing session -- made available as a podcast/transcript/blog to any interested viewer and search engine seeker -- breaks the mold on closed knowledge. These informational podcasts jump-start conversational evangelism, drive traffic to lead generation campaigns, and produce strong SEO returns. Interarbor Solutions provides fresh and creative thinking on IT, SOA, cloud and social media strategies based on the power of thoughtful content, made freely and easily available to proactive seekers of insights and information. As a result, marketers and branding professionals can communicate inexpensively with self-qualifiying readers/listeners in discreet market segments. BriefingsDirect podcasts hosted by Dana Gardner: Full turnkey planning, moderatiing, producing, hosting, and distribution via blogs and IT media partners of essential IT knowledge and understanding.

IoT & Smart Cities Stories
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team at D...
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more busine...
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
René Bostic is the Technical VP of the IBM Cloud Unit in North America. Enjoying her career with IBM during the modern millennial technological era, she is an expert in cloud computing, DevOps and emerging cloud technologies such as Blockchain. Her strengths and core competencies include a proven record of accomplishments in consensus building at all levels to assess, plan, and implement enterprise and cloud computing solutions. René is a member of the Society of Women Engineers (SWE) and a m...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it will solve all their business problems. Blockchain is one of those technologies. According to Gartner's latest report on the hype cycle of emerging technologies, blockchain has just passed the peak of their hype cycle curve. If you read the news articles about it, one would think it has taken over the technology world. No disruptive technology is without its challenges and potential impediments t...
If a machine can invent, does this mean the end of the patent system as we know it? The patent system, both in the US and Europe, allows companies to protect their inventions and helps foster innovation. However, Artificial Intelligence (AI) could be set to disrupt the patent system as we know it. This talk will examine how AI may change the patent landscape in the years to come. Furthermore, ways in which companies can best protect their AI related inventions will be examined from both a US and...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...