There has been a spate of stories recently about the security of data being held in third party datacentres, and in particular the security issue of the Governments with jurisdiction over those datacentres claiming—and increasingly, exercising—rights of access to that data.
This once again rattles the cage of data sovereignty and the issue of the need for national Governments to have laws that ensure data about that country, its commerce and industries, and its people. It is hardly any wonder that some countries therefore remain particularly edgy about where such data is stored.
The corollary of this, however, is that is that it serves to inhibit the very business advantages—in particular the flexibility and agility needed to meet and exploit changes in markets or business practices—that cloud-based services can deliver best.
But ways of circumnavigating this problem are starting to appear. There is now the chance to significantly reduce data sovereignty as a business necessity, and long term, possibly, turn it into an irrelevance.
One such is the new Software Defined Datacentre (SDDC) from CohesiveFT, and CEO Patrick Kerpan, speaking with Business Cloud 9 at this week’s Cloud Expo made it clear this is an opportunity he has long-term designed upon. The goal is to be able to offer users the opportunity to create a logical instance of business environment 'A' that is working to the laws and business rules of country 'B' but have it running on datacentre resources located in country 'Z' without it being either an issue or a security problem.
I have written before about this requirement as what I have called the 'bonded warehouse' model. This is where this instance is the data analogy of the bonded warehouse at a port of entry, where imported goods can be kept as though they were not yet landed. So they were free from tax or tarifs and the application of local legislation on issues such as health and safety, until such time as the importing company extracts them from bond to be sold.
Kerpan prefers the analogy of the national Embassy. "The Embassy of a country is part of that country, regardless of what country it is in. The Swiss Embassy here in London, for example, is really Swiss territory, not just a bit of London whewre the Swiss diplomats happen to work," he explained. "The Software Defined Datacentre can create exactly the same thing for cloud users."
The SDDC approach is based around what Kerpan calls a cloud container. Set aside any thoughts of anything physical, such as an appliance, being required. This approach is entirely software based.
"This is intended for those that want to use cloud services rather than those that aim to provide them" he said. "It is about how to migrate applications to the cloud. Applications need a set of ambient services, such as LDAP for example, that surround and support them so they work effectively, so all those services need to go into the container with the application. If the IP address for the application is changed the container takes with it everything the application requires."
In broad approach this is similar to the Application Packaging Standard being promoted by Parallels, though the key element of the SDDC is its image management technology that pulls together all the components needed to make up that application’s complete working environment.
In turn, this makes it possible for enterprises to aggregate a number of complementary containers into a single logical resource. And if, at some time in the future, those applications need to be redeployed in a different logical resource—even in a different datacentre environment—the container approach makes this a far more simple task to complete through a logical set of steps.
This allows containers to be used in private, public and hybrid cloud environments.
What stands against extending this functionality out into the Embassy model is now just the law. A container running environment 'A' on a datacentre in country 'Z' would not be a concern because it would still be—legally, logically and technically—operating in country 'B'.
And if part of the image associated with an application was a security policy implementation package, the container could even defend itself against intrusion or attack. It is not beyond the bounds of reason that it could be equipped with the tools needed to remove itself from a datacentre and install itself in different logical or physical location.
For now however data sovereignty laws would stand in the way of such an approach. While this may not be a problem yet there is every chance it will become one. It already restricts the flexibility and agility of action that some companies would like to have at their disposal and it prevents some sectors of the cloud services marketplace from developing fully.
For example, Amazon has already demonstrated the potential of a global cloud marketplace—if only for service development purposes. But there is no reason why global markets for CSPs trading purely on capacity, resources, performance and core service provision should not develop.
By the same token, service providers offering specialised tools and localisation capabilities could make sense as the local host for multinational business, without the need to slice and dice business processes to fit what data can and cannot be stored or processed outside of a specific country’s jurisdiction.
This first appeared in Business Cloud 9