Nigel Houghton from Scality looks at how object storage can help companies become and stay compliant in the GDPR era.
The new General Data Protection Regulation (GDPR), due to come into effect from 25th May 2018, is building on the existing Data Protection Act (DPA) to tighten up some of the areas of the legislation.
Under the new GDPR, some specific additions will affect the way that data is effectively stored which is making CIOs demand storing long-term data in new ways. Traditional offsite solutions are not fulfilling some of the new requirements and the popularity of public clouds, whilst setting a new benchmark in price, agility and availability, can also compromise the security and sovereignty of the data being stored.
Additions to the regulations include:-
- Reporting breaches and attacks within 72 hours of the breach occurring. Organisations need greater visibility to data and how it is accessed and used so that they can quickly recover sensitive personal information.
- Greater fines and penalties – up to $2M or 4% of worldwide revenue whichever is greater
- The right to erasure – data subjects have the right to request erasure of personal data
Technical restriction or business opportunity?
The relevant additions to the standard are driving requirements for a storage model of long-term retention with instant accessibility which if continued to be architected with existing storage appliances would be financially and technically prohibitive. Holding more data online is very appealing as it allows for a much deeper level of data analytics which is a distinct business advantage.
Public storage clouds are giving an insight into how low cost online storage can be achieved however requirements in data availability and location mean only high cost public cloud platforms are suitable. A “private storage cloud” model is therefore the most appealing implementation, being able to deliver cloud economics with on premise security and local networking bandwidth plus the priceless ability of full access of customisable business intelligence.
The diminishing role of tape
Tape has been a mainstay media for backup due to its low cost and portability for offsite copies, however, this portability and extended restore times are counter to the principles of GDPR where greater visibility and access is mandated.
Tape still remains the lowest cost option but having to keep multiple copies for redundancy, high handling charges and expensive technology refreshes means that long-term TCO is three to four times that of the infrastructure costs. For this reason, cloud storage is now being seen as a viable alternative for this long-term storage.
Key use cases for object storage for General Data Protection Regulation
As both governments and private enterprises hasten to enact stricter security policies, distributed, ultra-secure object storage, complete with expanded capacity, increased performance, and location control, helps them to achieve compliance as the following use cases exemplify.
As a backup and archive target
Some of the largest data sets are sitting in offline backup and archive infrastructure where recalling data for regulation is extremely time consuming. With commercials approaching that of tape (including full long-term handling and migration costs) it is easy to make object storage a backup and archive target. Scale-out performance means that the storage platform can handle more multiple parallel wire-speed backup and data streams as the capacity increases. Enterprises also benefit by a having a stretched namespace across multiple data centres so that a single data copy can be accessed from all sites.
Storing data in a regulated industry comes with restrictive rules for storing data that can only be achieved with a compliant storage technology. Customers should look for object storage platforms with an iCAS interface (internet Content Addressable Storage) with provides the necessary data functionality for securing data such as encryption, containerised locking and data retention/expiration. This makes object storage an excellent replacement for existing compliance platforms as well as providing the availability, agility and scalable features expected in current and future storage platforms.
Logging as a Service
With the prospect of more requests for data from regulators, many institutions are now designing systems that would act as a self-service portal. Data from many sources including trading systems, voice recording, messages, emails and more will be stored by customer and date and presented by a user interface that needs no intervention from the IT team. It doesn’t take long to realise that a traditional file system will not scale enough and that object storage provides the perfect platform to host this application. In addition, Scality RING is the only object storage solution to be able to handle both large and small files and objects.
Evaluating object storage solutions for GDPR
Storage solutions utilising object storage and software-defined storage technology enhanced with enterprise-class features can improve accessibility and management as well as help drive successful GDPR-related projects. Customers should consider the following features when evaluating object storage solutions.
Low cost: Deploying a software-defined storage solution running on industry-standard servers enable companies to achieve predictable and lower costs. A single copy of data on object storage has the same data durability as three copies on disk or five copies on tape. As a result, Forrester Research found that leading object storage platforms provide up to 70% lower TCO than existing file storage over five years.
Guaranteed availability: When assessing potential object storage solutions, companies should look to those designed for 100% uptime and which can be implemented to withstand multiple server and component failures including full site failures.
High performance levels: Having data on-premise inherently means quicker access to data, however there are some object storage platforms that provide excellent data streaming capabilities making them ideal backup targets as well as providing lightning fast response times for data requests.
Enterprise ready: When assessing available solutions, companies should look for a platform that offers a comprehensive set of security, management and automation features making it suitable for enterprise deployment. These include adherence to a number of federated authentication standards, encryption and key management.
Object storage is the ideal storage technology to underpin a number of projects that are resulting from the new GDPR requirements and at the same time will increase overall performance, efficiency and resiliency. Now is the time to upgrade to tomorrow’s way to storing and protecting data for the long-term.