FutureCIO has covered data protection for some time now. A 2023 Gartner prediction cautions that through 2025, powerhouse cloud ecosystems will consolidate the vendor landscape by 30%, leaving customers with fewer choices and less control of their software destiny.
So just when you thought the democratisation of data and infrastructure has given consumers and enterprises more choice in terms of how they create, access, archive and possibly decommission data, Gartner is now predicting the formation of cloud ecosystems that may potentially leave us with fewer choices when it comes to what we do with our data.
Can you feel the threat of vendor lock-in looming on the horizon?
In this series on Readying the enterprise's data protection strategy in 2023, we look at the importance of data protection in a cloud-first world by having experts answer the question:
In this hybrid, multi-cloud future, what needs to happen for enterprises to ensure that data protection practices remain relevant to the requirements of business while adhering to evolving regulations around data protection and data privacy?
David Lenz, vice president, Asia Pacific at Arcserve acknowledges that the flexibility of a hybrid cloud alters the dynamics of data security. Globalisation introduces new and complex compliance requirements that, if not upheld, threaten organisations with costly fines, litigation, and loss of credibility.
“To meet the unique challenges that come with global regulatory compliance, organisations require a data protection solution that goes beyond backup/disaster recovery to offer powerful, compliance-driven technology, such as role-based access control and multi-tier encryption.”
David Lenz
“When the cloud is part of an organisation’s data protection strategy, it must ensure its backup provider has data centres in the countries designated by the regulation,” he reminds us.
GitLab’s 2022 DevSecOps Survey found that cloud adoption remains a high priority for companies, and this race to become cloud-native will keep accelerating in Asia.
In suggesting that the cloud can be your best friend or worst enemy, GitLab APAC channels director, Dirk de Vos explained that just having data in the cloud doesn't mean your business is immune to data loss or theft.
“Every business adopting a multi-cloud strategy should therefore have a clear set of frameworks and policies on how they manage and secure this data. That also applies to SaaS adoption, as your vendors are the gatekeepers of your data,” he added.
“Companies must put tools in place to not only secure the code created in-house but to detect third-party vulnerabilities as well. Software supply chain security will need to play a bigger role across the Software Development Life Cycle to ensure data protection.” Dirk de Vos
He goes on to add that a DevSecOps platform approach can allow developers to iterate fast in cloud environments, while concurrently integrating security and compliance into both the software development lifecycle and software supply chain. They can also offer IT leaders visibility and management over security findings and compliance requirements.
In the report, Unlocking Multicloud’s Operational Potential, Forrester noted that multi-cloud adoption is already picking up pace across APAC, with 84% of organisations in the region either using cloud infrastructures or planning to do so in the next year.
“But this fast cloud migration and the complexity of managing multiple new technologies and processes have introduced greater risk,” warned Grant Orchard, field CTO of Asia Pacific and Japan with HashiCorp.
Security is the biggest sticking point for business in Asia with 90% of APAC respondents in the 2022 State of the Cloud Strategy Survey citing security as the key driver of their cloud success. “And given the spate of recent high-profile cyber incidents, its prominence in shaping cloud strategies in the region will only continue to grow,” opined Orchard.
He added that as organisations in the region continue to expand their cloud estates, they will have no choice but to ensure data is secured. But protecting sensitive information is a challenge that crosses infrastructure, data, application, and cybersecurity teams. To keep up with the growth and complex nature of applications, network components, and cloud-based systems, many will need to drastically shift their security strategies.
“While there will undoubtedly be hurdles to implement tighter security controls for Personally Identifiable Information (PII) – businesses need to ask themselves how those hurdles compare to potential reputational damage, loss of customer trust, and impact on future revenue that are the likely outcomes of a breach.”
Grant Orchard
He commented that many businesses globally are already turning to zero trust security solutions that are built for today’s threat and infrastructure landscape.
He further opined that this approach is increasingly critical to protect the growing number of dynamic multi-cloud and hybrid environments where legacy security approaches may no longer be effective. “This helps ensure that everything — from people to machines to services — is authenticated, every action is authorised, and data is always protected,” he concluded.
Illumio’s head of industry solutions, Raghu Nandakumara, conceded that organisations are already operating across a mix of cloud architectures, using different tools, requiring different skills, which is exposing new security and data protection gaps.
“Some Cloud Service Providers (CSPs) offer data protection services to secure both the transfer and storage of data and help customers remain compliant for a particular jurisdiction. Many are also certified to international standards which enable organisations to transfer data offshore securely.”
Raghu Nandakumara
He reminds us that cloud is a shared responsibility model so it’s the responsibility of all organisations to ensure their data is secured adequately at rest and in transit.
“To ensure good data protection in the cloud, organisations must understand the communication paths among their cloud and on-premises workloads,” he added.
Circling back to our topic of data protection, Matthew Oostveen reiterated that data protection and privacy is not a “one and done” matter; it is a perpetually moving target.
As VP & CTO of Asia Pacific & Japan for Pure Storage, he further opined that over time, legislation will continue to evolve, necessitating shifts in business priorities and a relook and rework of an organisation’s technology investments and service purchases.
“As a best practice, organisations should check their disaster recovery regularly, and enact full-blown recovery drills anywhere from annually to quarterly. Additionally, data protection teams must convene frequently to keep everyone in sync.”
Matthew Oostveen
He suggested that as a rule, intervals between tests should reflect ongoing changes in how the organisation conducts itself, and how often network configurations, staff, technology tools and platforms, and compliance requirements change.
“Operating in a hybrid, multi-cloud environment requires organisations to revisit and rearchitect existing strategies and tools constantly to ensure data compliance and safety,” he cautioned.
* Editor’s note: Click on the links below for the series
Data protection in 2023’s cloud-first world