The majority of public cloud solutions come from US-based suppliers and are delivered through US datacentres, and this has “created anxiety” for non-US enterprise IT organisations – because the location of data brings new risk, says Prentice’s research.
“Based on our interaction with clients worldwide, it’s clear that data sovereignty is the most important concern inhibiting a broader interest in adopting public cloud services outside the US,” writes Prentice. “Most commonly, the issue of data sovereignty is tied to local regulatory and compliance obligations.”
However, some risks are overstated, he says – most notably, the US Patriot Act. This legislation gives the US government the legal right to access data stored by US companies in the country.
“Although such requests are not unheard of, there is little to suggest this is a major problem,” says Prentice.
According to a worldwide Gartner survey from last year, 14 percent of respondents received a request based on the US Patriot Act, he says. Of those 14 percent, a quarter of organisations were based in India, 20 percent in the US and 8 percent in the UK. None were in Australia.
“In truth, many IT departments worldwide use the US Patriot Act as a convenient excuse to take public cloud computing off the table,” writes Prentice.
He goes on to say that data sovereignty issues “are largely an indication of the overall maturity of the public cloud market”.
“We are in the initial growth-out phase in which the focus is primarily on building capacity and engaging clients. It has made sense for [cloud] providers to focus on centralised, global-class infrastructure.”
Gartner expects some providers will build datacentres in different countries over the next three to five years – most likely in larger countries within certain regions, for example Asia-Pacific regional datacentres in Japan and Singapore. Cloud providers might build datacentres in Australia, but it’s “less likely that they’ll be built in places such as New Zealand, Thailand or Indonesia”, writes Prentice. Other suppliers may be seeking partnerships, for example with local telecommunication providers, to be able to offer local cloud solutions.
“We believe that the problem will slowly dissipate during the next five years. However, data sovereignty issues will not disappear entirely.”
Gartner’s recommendations to IT organisations include making “sound public versus private cloud decisions”.
“Organisations must bifurcate their decision criteria regarding public cloud solutions into in-country and out-of-country options, because both will exist,” Prentice writes.
Cloud code of practice
If you are thinking of outsourcing storage, data sovereignty is an issue that needs to be considered, says Paul Matthews, CEO of the New Zealand Computer Society.
“This includes things like the US Patriot Act, and even more restrictive or potentially invasive governmental control in other jurisdictions,” Matthews says. “However, this is an awareness and evaluation issue rather than a blanket ‘don’t do it’ situation.”
The key point about outsourcing storage is that whoever you are entrusting with your data and wherever it’s being stored physically, you’re still responsible for it, he says.
“For example, if you’re the CIO and your company’s data is unavailable, it’s your head on the chopping block – ‘we outsourced that’ isn’t going to cut it,” he says. “If there’s a major data breach and your customers are impacted it’s your company that bears the consequences.”
Too many companies move their data into the cloud and then think it’s someone else’s problem, Matthews continues. “That’s true to an extent, however the overall responsibility doesn’t change.”
So does the US Patriot Act, arguably giving the US government the ability to search and view your data without telling you, actually matter? That comes down to what you’re storing, says Matthews.
“If you’re a government you’d have to think very carefully about placing medical records in that environment, however you probably wouldn’t be so concerned about storing publicly available brochures there.”
In response to a request from a group of cloud computing providers, the NZCS has developed a draft Code of Practice for Cloud Computing, known as the “CloudCode”. The CloudCode was developed collaboratively with over 200 individuals providing input into all sorts of areas, he says.
“This meant it was also quite a good exercise in terms of gauging the issues, and how different providers and client-side stakeholders dealt with these.”
There are very few practice guidelines internationally, says Matthews. The CloudCode is one of the first globally “and the consequence is there’s very strong interest in extending it to other jurisdictions, such as Australia, USA and elsewhere”, he says.
“It’s excellent that New Zealand is leading the way in this space and it’ll help grow our reputation as a country that takes these matters seriously.”
Data location-wise, New Zealand is following the global trend, with more and more companies and individuals moving data off-premise, he says.
“For SMEs, this becomes more viable as internet speeds pick up and we’re expecting to see far more of it once UFB starts coming online and genuinely fast inexpensive broadband is within reach of the SME market.”
Storage and DR
Christchurch-based Tait Communications has been using an Oracle storage solution (Sun ZFS Storage Appliance 7320) since October last year. The system is hosted offsite at a third party’s datacentre in Auckland. The solution provides NAS (network attached storage) capabilities with Oracle integration in a “small, affordable, high-availability configuration”, says George Elder, CIO of Tait Communications.
The majority of public cloud solutions come from US-based suppliers and are delivered through US datacentres, and this has “created anxiety” for non-US enterprise IT organisations – because the location of data brings new risk, says Prentice’s research.
“Based on our interaction with clients worldwide, it’s clear that data sovereignty is the most important concern inhibiting a broader interest in adopting public cloud services outside the US,” writes Prentice. “Most commonly, the issue of data sovereignty is tied to local regulatory and compliance obligations.”
However, some risks are overstated, he says – most notably, the US Patriot Act. This legislation gives the US government the legal right to access data stored by US companies in the country.
“Although such requests are not unheard of, there is little to suggest this is a major problem,” says Prentice.
According to a worldwide Gartner survey from last year, 14 percent of respondents received a request based on the US Patriot Act, he says. Of those 14 percent, a quarter of organisations were based in India, 20 percent in the US and 8 percent in the UK. None were in Australia.
“In truth, many IT departments worldwide use the US Patriot Act as a convenient excuse to take public cloud computing off the table,” writes Prentice.
He goes on to say that data sovereignty issues “are largely an indication of the overall maturity of the public cloud market”.
“We are in the initial growth-out phase in which the focus is primarily on building capacity and engaging clients. It has made sense for [cloud] providers to focus on centralised, global-class infrastructure.”
Gartner expects some providers will build datacentres in different countries over the next three to five years – most likely in larger countries within certain regions, for example Asia-Pacific regional datacentres in Japan and Singapore. Cloud providers might build datacentres in Australia, but it’s “less likely that they’ll be built in places such as New Zealand, Thailand or Indonesia”, writes Prentice. Other suppliers may be seeking partnerships, for example with local telecommunication providers, to be able to offer local cloud solutions.
“We believe that the problem will slowly dissipate during the next five years. However, data sovereignty issues will not disappear entirely.”
Gartner’s recommendations to IT organisations include making “sound public versus private cloud decisions”.
“Organisations must bifurcate their decision criteria regarding public cloud solutions into in-country and out-of-country options, because both will exist,” Prentice writes.
Cloud code of practice
If you are thinking of outsourcing storage, data sovereignty is an issue that needs to be considered, says Paul Matthews, CEO of the New Zealand Computer Society.
“This includes things like the US Patriot Act, and even more restrictive or potentially invasive governmental control in other jurisdictions,” Matthews says. “However, this is an awareness and evaluation issue rather than a blanket ‘don’t do it’ situation.”
The key point about outsourcing storage is that whoever you are entrusting with your data and wherever it’s being stored physically, you’re still responsible for it, he says.
“For example, if you’re the CIO and your company’s data is unavailable, it’s your head on the chopping block – ‘we outsourced that’ isn’t going to cut it,” he says. “If there’s a major data breach and your customers are impacted it’s your company that bears the consequences.”
Too many companies move their data into the cloud and then think it’s someone else’s problem, Matthews continues. “That’s true to an extent, however the overall responsibility doesn’t change.”
So does the US Patriot Act, arguably giving the US government the ability to search and view your data without telling you, actually matter? That comes down to what you’re storing, says Matthews.
“If you’re a government you’d have to think very carefully about placing medical records in that environment, however you probably wouldn’t be so concerned about storing publicly available brochures there.”
In response to a request from a group of cloud computing providers, the NZCS has developed a draft Code of Practice for Cloud Computing, known as the “CloudCode”. The CloudCode was developed collaboratively with over 200 individuals providing input into all sorts of areas, he says.
“This meant it was also quite a good exercise in terms of gauging the issues, and how different providers and client-side stakeholders dealt with these.”
There are very few practice guidelines internationally, says Matthews. The CloudCode is one of the first globally “and the consequence is there’s very strong interest in extending it to other jurisdictions, such as Australia, USA and elsewhere”, he says.
“It’s excellent that New Zealand is leading the way in this space and it’ll help grow our reputation as a country that takes these matters seriously.”
Data location-wise, New Zealand is following the global trend, with more and more companies and individuals moving data off-premise, he says.
“For SMEs, this becomes more viable as internet speeds pick up and we’re expecting to see far more of it once UFB starts coming online and genuinely fast inexpensive broadband is within reach of the SME market.”
Storage and DR
Christchurch-based Tait Communications has been using an Oracle storage solution (Sun ZFS Storage Appliance 7320) since October last year. The system is hosted offsite at a third party’s datacentre in Auckland. The solution provides NAS (network attached storage) capabilities with Oracle integration in a “small, affordable, high-availability configuration”, says George Elder, CIO of Tait Communications.
“We are using this as a disaster recovery solution, to continuously replicate the data hosted on-premise at our Christchurch headquarters to an Auckland datacentre,” he says. “We will also be providing a cloud storage environment for our overseas offices.”
Tait has three regional headquarters covering Asia Pacific, the Americas and Europe, Middle East and Africa.
Tait decided on the Oracle Sun system for a number of reasons, he says.
“It provided the cost-effectiveness, performance improvements, flexibility and scalability to do what we wanted, especially as we have branches around the world using it. Fundamentally, we wanted a DR solution that could run the business from outside of Christchurch if necessary,” Elder says.
The solution also comes with built-in data replication without the need for third-party products, and can cater for multiple storage protocols, so can act as a NAS or block storage, he says. It can also provide “reverse replication” production workloads at both the Auckland and Christchurch sites.
On the downside are bandwidth issues.
“The bandwidth we need to operate out of Auckland is not consistent – by this I mean the network connectivity between Christchurch and Auckland is not what we had hoped, but we are working with our supplier to overcome this challenge,” says Elder. “For example, one of the things we are doing is to run multiple concurrent connections between Auckland and Christchurch to get faster data transfer times.”
IDC: The rise of local cloud providers
Among the top storage trends at the moment are the economics of storage, data consolidation and business optimisation with storage, says Yee Kuan Lau, market analyst, IDC Asia Pacific, and Shawn Chan, research manager of the Asia Pacific storage research team.
“The increased amount of digitisation of processes and rapid rise of mobile data that needs to be supported by ICT infrastructure [are] driving the needs to improve the economics of storage,” says Lau. “Storage efficiency technologies such as thin provisioning pay-as-you-need and data deduplication technologies are partly used for this purpose.”
Organisations will also consider transitioning to cloud computing services and the interest will potentially be stimulated by improved internet connectivity, she says.
At the same time, this calls for data consolidation as part of an ongoing storage virtualisation trend, say Lau and Chan. Organisations will look to existing technologies, such as storage virtualisation, to achieve the “do more with what we have” goals, they say. This leads to the next point – business optimisation with storage.
“CIOs and IT decision-makers are increasingly shifting towards a business-first IT mindset by improving infrastructure to increase production.”
The demand for cloud offerings has led to that organisations now have different options, other than storing data overseas, says Lau and Chan. Local cloud providers, with local datacentres and cloud-based storage, aim to offer a strong value proposition to local enterprises, they say.