October 25, 2018
AirVM has created an innovative multi-cloud monetization platform called HYALTO that enables service providers and enterprises to deploy and manage cloud services in any of the leading environments from AWS, Microsoft, VMWare and others. With increasingly strict requirements emerging for the capture and storage of personal data, and with the ongoing arms race against data hackers, sound storage technologies and practices are ever more paramount for enterprises and service providers. The following are some thoughts on this from the team at AirVM.
SaaS applications present compelling business cases. Using shared infrastructure from any of the established market leaders to provide multi-tenant and multi-location solutions can dramatically reduce deployment and support costs compared to traditional on-premises technologies. However, some clients, or internal team members/employees in the case of an enterprise, may still not share the enthusiasm for shared operational services housed outside the organization. When proposing a cloud deployment, it is critical that all concerns around data storage (in particular, all fears associated with having data hosted in external, multi-platform environments) are taken into consideration.
For example, enterprises may have concerns about using a SaaS offering if they feel data associated with their application will be stored along with data from other companies — especially if there is the possibility one or more of those companies could be competitors. These concerns are addressed by well-proven cloud system architectures that ensure a logical separation of all data, using separate databases for each company regardless of the fact they are all managed from the same servers. Inherent in this approach are different credentials for access to each of those datasets. This design also protects against further harm should one company suffer a data breach. The compromise would be restricted to the one set of company data only, and could never spread across to affect other datasets.
Any well-designed SaaS offering should always offer this form of logical isolation of customer data. If demanded, however, a more extensive design could provide physical isolation of company data through a dedicated database service. In this case, if a shared server is ever breached, isolated servers are unaffected.
For a variety of reasons, concerns can also arise over exactly where in the cloud specific data is housed. GDPR is the latest reason to understand and manage this part of an IT infrastructure closely. Even if they have not had a reason for them in the past, most companies now need clear policies about where geographically their data (in particular, customer data) is housed. A well-designed SaaS offering must be able to allocate database resources based on specific geographies in order to ensure customers are compliant with new regulations. As a result, applications can be expected to have many database instances distributed around the globe.
Concerns can arise around ease and speed of access to data that is not stored on premises. For years, content delivery networks have been used to help ensure services respond crisply regardless of how or from where they are accessed. Application servers are now deployed in the same fashion, ensuring fast and reliable access. The reality is, data servers need to behave similarly. Best-practice suggests data always be housed as close as possible to users. Cloud deployments should be flexible enough to ensure data required in daily, real-time operation is stored in this way, dynamically. While fail-over or disaster recovery strategies may be architected differently, the proven strategies of data replication or dedicated database resources solve these challenges well.
In addition to these strategies, the subject of securing data at rest must also be addressed. Policies such as encryption or hashing of sensitive data types (including private customer information) are a minimum requirement. However, some cases may demand more security, such as encryption of entire file systems. While no defenses are fool-proof, there are established tactics, technologies and designs that reduce the risks considerably, even in shared, remote infrastructure environments such as SaaS and the Cloud.
In the end, some customers may still determine a cloud approach to serving up applications and storing data does not match their needs, and they will remain committed to on-premises IT infrastructure and database technologies. The fact is, well-designed SaaS applications should be able to accommodate data storage in the cloud, in different geographies and in private on-premises deployments. If such deployments seem like old-school thinking, the customer concerns they address are legitimate. Perhaps more importantly, they can represent important selling propositions that create product/service differentiation and customer leverage. In this light, the concerns are not problems but rather opportunities. airvm.com