Issue link: http://cp.revolio.com/i/359333
THE DATA CENTER JOURNAL | 7 www.datacenterjournal.com www.datacenterjournal.com WHAT HAPPENS HERE STAYS HERE? Partly in response to Snowden's revelations, countries including many in Europe and Asia as well as Australia, New Zealand and Brazil are focused on passing laws that require that data generated within their borders stay within their borders. Why? Because when the data of one coun- try's citizens leaves its borders, the country loses the ability to regulate the use of that data. And many countries are increasingly concerned that data privacy laws in other countries—like the U.S.—don't offer the kind of protections their citizens expect or national leadership desire. For many enterprises, the cloud is a way to have a data center "presence" everywhere they do business. But if data generated in one country of the many you do business in is required to stay in that country, will your cloud provider be will- ing—or able—to abide? When the answer is no, some suggest that the enterprise seek a local cloud provider. But due diligence can be difficult from across the ocean, and the capabilities and data custody practices of nascent cloud providers—especially in emerging markets like Asia and Latin America—are not yet clear. Beyond geographic location, who is managing the infrastructure that stores your data and runs your applications cer- tainly matters because you have outsourced performance, security and governance to that provider. But it also matters from a data custody perspective. To put it bluntly, if a government comes knocking with a subpoena, will the service provider hand over the keys? IT INFRASTRUCTURE SOLUTIONS TO ADDRESS DATA SOVEREIGNTY AND DATA CUSTODY ISSUES Addressing critical data sovereignty and data custody issues is about mak- ing fully informed business decisions: Decisions about which locations you want IT infrastructure in, and which you don't. About which infrastructure model is Cloud Computing?" Queen Mary University London, 2010. best suits both your needs and the data sovereignty and data custody particulars of the location. About what kinds of security processes and due-diligence procedures should be put in place. e table provides a framework for the sorts of business decisions an enter- prise will face with each data sovereignty and data custody issue, along with the so- lutions that the enterprise should consider. A GLOBAL IT INFRASTRUCTURE PLATFORM PLUS VISIBILITY AND CONTROL In considering the range of avail- able IT infrastructure solutions to address data sovereignty and data custody issues, it becomes clear that the enterprise IT infrastructure model of the future is one in which decisions are made based on a wide range of factors, including data sovereignty and data custody decisions. e risk with that kind of fit-for- purpose, locate-anywhere model is that enterprise IT infrastructure becomes a patchwork of siloed, non-interoperable resources. Some custom-built, one-off data centers of different vintages, coloca- tion through different providers around the world, cloud services from a range of vendors. at kind of IT infrastructure patch- work compromises the enterprise's ability to securely and efficiently achieve business and performance objectives. Guarding against it requires an IT infrastructure platform that enables the enterprise to make infrastructure decisions that are optimized around each geography's data sovereignty and data custody particu- lars—using a combination of the solutions described above as it makes the most sense in each location. When that best-fit IT infrastructure is part of a platform, it's globally interoperable. Critical to the platform, and to all of the solutions listed above, is the ability to see and control where data is running and where it is stored—and who has access to it—at every location. at visibility and control is essential for the enterprise to be able to make fully informed decisions. And it requires a data center operating system (DCOS). Sometimes referred to as being the same as data center infrastructure management (DCIM), a true data center operating system actually goes far beyond monitoring and reporting of data center assets to include control and automation. A single, global data center operating system enables visibility into and control over all IT infrastructure around the world. According to 451 Research, data center operating systems "can provide real-time 'live' information by constantly checking operational data. ey can (usu- ally) also detect and provide immediate notification of problems such as equipment failures, hotspots or issues with power dis- tribution. Alarms and data about separate events can be correlated so managers can readily determine the root cause(s) and which equipment has been affected." 2 THE BOTTOM LINE Data sovereignty—where your data resides—does matter. Data custody—who controls your data—is critical. Addressing those issues is about making fully in- formed business decisions: Decisions about which locations you want IT infrastructure in, and which you don't. About which infrastructure model best suits both your needs and the data sovereignty and data custody particulars of the location. About what kinds of security processes and due- diligence procedures to put in place. With full visibility and control into where your data is and who has access to it, you can confidently make the best IT infrastructure decisions for the busi- ness—in today's post-Snowden world, and beyond. n About the Author: Bob Butler is the chief security officer at IO, a worldwide leader in software-defined data center technology, services and solutions that enable businesses and governments to intelligently control their information. Before assuming his current role at IO, Bob served as the first Deputy Assistant Secretary of Defense for Cyber Policy. To learn more about how IO helps organizations resolve data sovereignty and data custody issues, visit io.com. 2 451 Research, "Prefabricated Modular Data- centers: 2014 and Beyond," Dec 2013.