Enterprises are increasingly leveraging cloud for data storage and processing. They store data either on premise, on cloud or on a hybrid architecture. The on-going COVID-19 pandemic situation has disrupted the traditional working norms and accelerated the use of cloud to address remote working setups. While enterprises are moving towards cloud technologies, there are concerns about privacy, with sensitive data being moved to cloud. It is also necessary to evaluate multiple cloud providers for cost effectiveness, flexibility and compatibility.
The benefits of multi-cloud environments
A multi-cloud environment consists of infrastructure and data stores provided by multiple cloud providers. This architecture provides various benefits, such as:
Flexibility: Providers can be selected based on the budget, location and configuration options. There is flexibility in selecting the cloud architecture compatible with the enterprise’s applications, enabling enterprises to explore the full potential of the possibilities that various cloud providers offer.
Location dependency as per regulations: Given the stringent nature of various data protection regulations, enterprises have to host and process sensitive data within their region’s legal jurisdiction. This can be easily addressed by hosting applications and data in geographical locations where a specific cloud provider has a hosting environment.
Availability and risk mitigation: Critical applications can be hosted on multiple clouds from various providers leading to increased availability, better load balancing and reduced dependency on a single provider.
Risks and challenges that come along
While the benefits are noteworthy, the challenges and risks of applications and data being stored across multiple cloud providers cannot be ignored altogether. Some of these risks are:
Privacy of data during processing and movement: Enterprises need to comply with data protection regulations not just to avoid hefty penalties, but to gain their customers’ confidence and trust. Complying with regulations, identifying, processing, sharing and moving sensitive data is very complex in a multi-cloud environment.
Adequate data privacy governance: Monitoring access management, processing, sharing, and transferring of data becomes difficult in a multi-cloud environment.
Interoperability across multiple cloud platforms: In order to utilize the potential of a multi-cloud environment fully, solutions and applications must have the necessary means to interact with different cloud providers seamlessly, which may not always be readily available.
Thus, enterprises need to weigh both the benefits and challenges while making a decision about a multi-cloud approach.
The Potentially Balanced Approach
Safeguarding of data before processing and sharing: Enterprises need to understand the location of sensitive data within their internal data stores and create a centralized data dictionary to cater to the different cloud providers. There should be a provision to perform sensitive data discovery to obtain a holistic picture of the sensitive data location.
Enterprises also need to adopt data protection techniques such as data masking, pseudonymization and encryption. It is a critical necessity to check for the requisite consent related to geographical locations, before storing and processing sensitive data on cloud servers hosted in that geography.
Centralized access and monitoring: Typically, every cloud provider has its own mechanism for authentication, and this varies across providers. Since authentication is complex in a multi-cloud environment, the mechanism of a password vault can be leveraged. This enables enterprises to monitor access to data and applications centrally.
Enterprises need to look for a mechanism such as a centralized policy framework, using which policies can be defined based on various data protection regulations. This policy framework should consider the requirements of data protection regulations dynamically, while transferring data from one geography to another. There should be a governed workflow-based approach in self-service mode for data processing, sharing and transfer. For effective monitoring of data access and processing, enterprises can adopt a hybrid architecture with central monitoring on premise and data processing on cloud. This enables distributed data privacy management with a centralized governance setup. Enterprises need to look for a solution which supports both on premise and multi-cloud architecture and uses them optimally.
Seamless interoperability with cloud providers: Enterprises need to consider solutions that can interact with multiple cloud providers seamlessly, to enable smooth synchronization of data between various cloud providers for data movement, availability, disaster recovery and such. Along with this, it is important to look for solutions or tools that provide more than one functionality, so that the need for complex interactions among various solutions is minimized.
The following figure depicts this distributed data privacy management approach:
Figure 1: Distributed data privacy management with centralized governance
The Recommended Way Forward
Enterprises should consider an approach of distributed data privacy management with centralized governance for effective data privacy management. Solutions or tools that support this approach and offer seamless interaction with multiple cloud providers should be leveraged.