Could DaaS be the answer to data sovereignty dysfunction?

Features
By Davey Winder
published

Europe has several data storage issues of its own but DaaS could provide a way to sort out some of the legal entanglements

Storage illustration

Could DaaS be the answer to jurisdictional data sovereignty dysfunction?

Within the myriad questionable statistics that emerge seemingly unstoppably on the topic of cloud computing uptake there are some that are undeniably on the money. One case in point being the existence of what you might refer to as the Atlantic Gap: cloud adoption is generally much slower in Europe and the UK than it is in the US.

Gartner has been discussing this very issue at an application, architecture, development and integration summit in London this week. As if any other reason were needed to further widen the Atlantic Gap besides recession and the ongoing problems with the Euro, the global IT analyst outfit argues that while the cloud value opportunity is pretty much the same the world over, when it comes to Europe there are particular concerns regarding security in the areas of transparency. And these are certainly fuelled by the diversity of regulations across the 44 European nations.

I mentioned recently how any UK business holding data about third parties is legally responsible for that data under the terms of the Data Protection Act 1998 when I looked at the somewhat controversial issue of data sovereignty http://www.cloudpro.co.uk/cloud-essentials/cloud-security/3601/location-location-location-why-data-sovereignty-still-matters for Cloud Pro. Controversial as it throws a large political spanner, as well as the more straightforward legal jurisdictional one, into the cloud storage works. When data stored outside of the UK and within the cloud remains your legal responsibility, yet the exact physical location of that storage determines jurisdiction over the data itself, the solution becomes about as clear as mud. The US Patriot Act of 2001 being perhaps the biggest spanner in the privacy regulations anarchy toolbox, with it's ability to render your use of many cloud services illegal depending where in Europe your business is registered.

Of course, regulatory diversity is nothing new in the world of business but for many businesses it has been easy enough to avoid unless they are global players themselves. The Internet started to change all of that by opening up the global marketplace to businesses of any size, and the problem of business practice incompatibility has been placed firmly front and centre for any enterprise looking to exploit the undoubted value equation that cloud data storage now provides. Throw complexity of this jurisdictional and regulatory nature into the mix and no wonder European adoption rates are lagging behind the US as heads get scratched in boardrooms and hands rubbed together in solicitors offices across the country.

Given my allergy to jargon in general, and cloud jargon http://www.cloudpro.co.uk/cloud-essentials/3099/time-cut-back-jargon-and-start-explaining-cloud-better in particular, it may come as something of a surprise that I'm suggesting DaaS could be the answer. Especially when you consider that DaaS as an acronym is so confusing: Google tells me it can mean Data as a Service, Desktop as a Service, Datacentre as a Service and even the Dads Army Appreciation Society. However, the DaaS in question here is the Distribution as a Service platform which has been launched by Ospero to provide cloud storage vendors with a simple way of complying with data protection jurisdictions outside of their domestic markets. Think of it as being a 'global grid' of virtual data centres across various physical business hubs in the EMEA, Asia Pacific and North American territories. This grid runs VMware and VCE Vblocks accessed through the one management portal to address the problem of where data can be stored within the offering in question.

Of course, Ospero are not the only cloud operator to realise that there is a competitive advantage to be had over the 'big boys' based in the US by turning the complexity and confusion over data residency around in this way. Smaller European cloud providers have been quick to make marketing capital out of the fact that not only does having a data centre within the same regulatory jurisdiction make sense, but having a provider which owns that data centre also based in the same jurisdiction doubly so.

Within the myriad questionable statistics that emerge seemingly unstoppably on the topic of cloud computing uptake there are some that are undeniably on the money.

One case in point being the existence of what you might refer to as the Atlantic Gap: cloud adoption is generally much slower in Europe and the UK than it is in the US.

Gartner discussed this very issue at an application, architecture, development and integration summit in London last week.

As if any other reason were needed to further widen the Atlantic Gap besides recession and the ongoing problems with the Euro, the global IT analyst outfit argues that while the cloud value opportunity is pretty much the same the world over, when it comes to Europe there are particular concerns regarding security in the areas of transparency. And these are certainly fuelled by the diversity of regulations across the 44 European nations.

I mentioned recently how any UK business holding data about third parties is legally responsible for that data under the terms of the Data Protection Act 1998 when I looked at the somewhat controversial issue of data sovereignty for Cloud Pro.

Controversial as it throws a large political spanner, as well as the more straightforward legal jurisdictional one, into the cloud storage works. When data stored outside of the UK and within the cloud remains your legal responsibility, yet the exact physical location of that storage determines jurisdiction over the data itself, the solution becomes about as clear as mud.

The US Patriot Act of 2001 being perhaps the biggest spanner in the privacy regulations anarchy toolbox, with its ability to render your use of many cloud services illegal depending where in Europe your business is registered.

Of course, regulatory diversity is nothing new in the world of business but for many businesses it has been easy enough to avoid unless they are global players themselves.

The Internet started to change all of that by opening up the global marketplace to businesses of any size, and the problem of business practice incompatibility has been placed firmly front and centre for any enterprise looking to exploit the undoubted value equation that cloud data storage now provides. Throw complexity of this jurisdictional and regulatory nature into the mix and no wonder European adoption rates are lagging behind the US as heads get scratched in boardrooms and hands rubbed together in solicitors offices across the country.

Given my allergy to jargon in general, and cloud jargon in particular, it may come as something of a surprise that I'm suggesting DaaS could be the answer. Especially when you consider that DaaS as an acronym is so confusing: Google tells me it can mean Data as a Service, Desktop as a Service, Datacentre as a Service and even the Dads Army Appreciation Society.

However, the DaaS in question here is the Distribution as a Service platform which has been launched by Ospero to provide cloud storage vendors with a simple way of complying with data protection jurisdictions outside of their domestic markets.

Think of it as being a 'global grid' of virtual data centres across various physical business hubs in the EMEA, Asia Pacific and North American territories. This grid runs VMware and VCE Vblocks accessed through the one management portal to address the problem of where data can be stored within the offering in question.

Of course, Ospero are not the only cloud operator to realise that there is a competitive advantage to be had over the 'big boys' based in the US by turning the complexity and confusion over data residency around in this way. Smaller European cloud providers have been quick to make marketing capital out of the fact that not only does having a data centre within the same regulatory jurisdiction make sense, but having a provider which owns that data centre also based in the same jurisdiction doubly so.

Davey Winder
Davey Winder

Davey is a three-decade veteran technology journalist specialising in cybersecurity and privacy matters and has been a Contributing Editor at PC Pro magazine since the first issue was published in 1994. He's also a Senior Contributor at Forbes, and co-founder of the Forbes Straight Talking Cyber video project that won the ‘Most Educational Content’ category at the 2021 European Cybersecurity Blogger Awards.

Davey has also picked up many other awards over the years, including the Security Serious ‘Cyber Writer of the Year’ title in 2020. As well as being the only three-time winner of the BT Security Journalist of the Year award (2006, 2008, 2010) Davey was also named BT Technology Journalist of the Year in 1996 for a forward-looking feature in PC Pro Magazine called ‘Threats to the Internet.’ In 2011 he was honoured with the Enigma Award for a lifetime contribution to IT security journalism which, thankfully, didn’t end his ongoing contributions - or his life for that matter.

You can follow Davey on Twitter @happygeek, or email him at davey@happygeek.com.