5m read time
CIOs face a range of challenges in managing data in a multi-cloud world. With the right strategy and platform, they can make the most of that data while meeting all requirements.
Data and the cloud have become defining themes for the new era of IT. Data is the business’s key asset – the source of information that fuels opportunity, innovation and growth. The cloud, particularly modern multi-cloud strategies, can deliver the compute and storage resources to host and draw insight from that data. Yet taking a multi-cloud approach doesn’t change the risks and challenges surrounding enterprise data management in and of itself. In fact, it can create new ones.
On the one hand, you have the obvious security challenges. How can you best protect corporate and customer data across on-premise and cloud resources, and across multiple cloud services and infrastructures? How can you manage, monitor and maintain a multi-cloud environment, while retaining full visibility and control? How do you provide easy, flexible access to data without compromising security? Can you take governance and security policies from one cloud to another, or from on-premise applications to the cloud?
Then there are the management challenges, ranging from how you store and replicate data in the most cost-efficient way, to how you prevent the creation of new data silos, which may stop you from gaining the full picture of your products, your customers and their needs. There are even risks of data becoming locked to a specific application or environment, so that you can’t migrate it later if you need to.
Finally come the regulatory and governance challenges. With Europe’s General Data Protection Regulation (GDPR) the onus is on the organisation not just to secure customer data, but demonstrate that they know where it resides, and how it’s processed. What’s more, organisations handling an individual’s data must be able to provide, port and delete it on request, in line with that individual’s rights. Knowing what data you have and where it’s located isn’t easy in a multi-cloud world.
It is, however, crucial. An ineffective data strategy can make a company less agile or effective and compromise the positive impact of data-driven applications. Even before GDPR, a data breach could be damaging to an organisation’s business and reputation. Now though a breach could result in serious financial penalties – up to 10 million Euros or 2% of global turnover – while other penalties await organisations that take a haphazard approach or fail to meet requirements. One British airline faces a £183 million fine from the UK data watchdog ICO for its data breach back in 2017, where “poor security arrangements” led to the breach of credit card details, names, addresses, travel booking details and logins for around 500,000 customers.
CIOs must therefore develop a clear data strategy for a multi-cloud world.
But how? First of all, it’s a question of knowing exactly what you’re dealing with. What data is being created and where is it stored? How is it used and how and where is it archived or destroyed? Who has access, why and where? Is it stored in a format where information can be tied to a specific customer or is it aggregated and anonymised? Mapping data flows and answering these questions will take research, audits and even input from the IT and line of business teams involved, but this first step can’t be skipped.
What’s more, while there may be a drive to rationalise and streamline cloud services in the future, many companies face multi-cloud environments that are only growing more complex. As Forrester analyst Paul Miller puts it ‘you should map the complexity before it becomes unmappable’ noting how individual decisions, no matter how sensible, can lead to chaos once no one knows how the cloud landscape fits together.
Once you’ve mapped it, you’re in a stronger position to calculate and prioritise the risks. You can look at the sensitivity of the data and the frequency with which its accessed or used, then make decisions about who needs access and about how and where you store and archive. This means focusing not just on ensuring you have appropriate levels of data security – a regulatory requirement under GDPR – but on ensuring that you meet compliance objectives, so that you maintain visibility and ensure that the minimum of data is being stored and used to meet the requirements of your business and GDPR. Similarly, regulatory controls over where you store data geographically may come into play, particularly when working with UK or EU data and cloud providers who may take that data outside the EU.
It’s at this point that you can begin laying out your multi-cloud data strategy, working out what needs to be stored and processed where. You may be guided by the applications or services you’re already using, or by the specific performance or access requirements of an application. Otherwise, it may be wise to take a data-centric strategy, looking at how the data will be used along with any legal or regulatory constraints. For instance, an article in Harvard Business Review by Leandro DalleMule and Thomas H. Davenport argues that companies need to consider trade-offs between ‘defensive’ and ‘offensive’ data strategies. These are designed to meet the needs of offensive activities, where the priority is to support business objectives around revenue, profitability and customer satisfaction, and defensive activities, where ensuring compliance and minimising risk take over. This kind of classification can aid the decision-making process.
Perhaps the most crucial component in creating this strategy is selecting the right cloud services to meet each set of requirements – and, arguably, the right multi-cloud platform to bring them together. Many firms now recognise that a consistent approach is vital to good data governance, yet also find this hard to implement in practice. In a recent survey by the Enterprise Strategy Group for Dell, nearly 33% of IT decision makers in western Europe saw ensuring consistent data governance across on and off-premise environments as one of their biggest challenges in a multi-cloud world.
Here, virtualised networks and modern hyper-converged infrastructures can help. With a platform based on pools of shared network, compute and storage resources, IT teams can deliver hybrid and multi-cloud solutions that extend seamlessly from on-premise architecture out into the cloud. This enables them to provide consistent infrastructure and operations, along with data orchestration and simplified data management, matched by real visibility as to where and how data is used, stored and secured. With sophisticated platforms there is even scope for automation, enabling the systems to manage some of the complexity of storage, backup and security. While multi-cloud environments can be tough to manage, having everything integrated in a single platform makes it easier to maintain a single, common set of security policies across the whole environment.
What’s more, such a platform can help deal with the issues of data duplication and segregation that tend to crop up in a multi-cloud environment. Having the same data resident across different applications in different clouds will inevitably raise costs – even cloud storage isn’t free – and risks, while reducing the positive impact applications can have. Data-driven applications thrive on having a single source of truth, while the more versions you have of a dataset, the harder it becomes to monitor access and secure it. Meanwhile, data segregation raises security and compliance fears. How can you be sure that data won’t creep from one application to another – or, when working with a public cloud provider, from one tenant or customer to another? With a platform that focuses on virtualisation, integration and data orchestration, segregation becomes part of the workflow.
No two organisations will be dealing with the same applications, the same priorities or the same data, so the most important thing is to take stock and build a strategy that meets your company’s specific needs. Put that in place and match it with the right multi-cloud platform, and the challenges become easier to meet.
How does the proliferation of clouds affect data privacy and information governance at your organisation? A new IDG study consulted CxO and senior IT leaders of large enterprises in EMEA to evaluate the impact of cloud environments on their businesses.
See all in collection
See all in collection
See all in collection