By Robert Jacobi, Director of WordPress, Cloudways
To say that we are entering into a multi-cloud world would be an understatement. Businesses and enterprises are beginning to embrace the unique benefits provided by operating in a multi-cloud environment. A multi-cloud strategy brings together services from several cloud providers to address a company’s technical and business needs. Modern multi-cloud strategies deliver computing and storage resources to host and gather insight from data across the globe. Taking a multi-cloud approach, however, doesn’t lessen the risks and challenges inherent to data management. In fact, it tends to create new ones. It’s important to understand the security, management and regulatory challenges you’ll likely face when setting up a multi-cloud strategy to store data globally.
You’re an expert in your area, your cloud should be too
Companies use a wide variety of data and applications every day, and this is increasingly being done within the cloud. When planning a multi-cloud strategy, it’s important to consider the advantages and drawbacks of individual cloud providers and how suited they are to your data and the applications you use.
Most cloud providers specialize in one area, so combining multiple clouds allows companies the agility required to scale rapidly in a variety of ways. With a multi-cloud strategy, you can gain access to apps existing only in one ideal cloud solution and better protect seriously sensitive data. For example, you can choose a cloud provider that is slower but more secure than others because you can attach applications that need to operate swiftly to another cloud provider anyway. You simply get to pick and choose a cloud provider based on how they are specialized for the task at hand. This aspect of specialization is the main reason why multi-cloud strategies are increasingly popular, especially with enterprises.
Being locked into one cloud provider can be a real challenge for any business and vastly restrict growth due to its limitations in available applications and features. Because of this, using multiple clouds gives you the flexibility to grow your business without being limited to the capabilities of just one cloud.
Defending your multi-cloud kingdom
The most widely-used cloud providers use different methods to defend your data. Google utilizes Firewalls, whereas Amazon Web Services uses security groups and NACLs. While each of these providers have technology that protects your data, none of them have built-in functions that truly stop all breaches.
A third-party tool that can back up each of these protections to ensure all of your resources are safe and adapt to meet your security needs is essential when managing workloads across multiple clouds. One excellent security tool is Cloudflare, which secures and ensures the reliability of your external-facing resources such as websites, APIs and applications. It protects your internal resources like behind-the-firewall applications, teams and devices and is built specifically for developing globally scalable applications.
Tools like Cloudflare are immensely important to use if you want to securely store your data all across the globe. Cloudflare is packed with features to keep your data secure. Its Web Application Firewall (WAF) is a scalable solution for enterprises to protect your web applications from malicious attacks, without changing your existing infrastructure at all. Another excellent Cloudflare feature is Zero Trust, which is a security model based on the principle of maintaining strict access controls and not trusting anyone with permissions by default, even those already inside the network perimeter. Utilizing these security features from Cloudflare will go a long way in giving your servers the extra level of protection needed to stop malicious breaches.
Managing data in a multi-cloud world
Protecting your cloud data may be challenging, but properly managing it is a whole other beast. Keeping track of your applications in one cloud can be a near-impossible task, let alone several. This is why it is vital that you tag all the resources you deploy in the cloud. Tagging resources will allow you to categorize them and attach a cost to each resource. Following an established tagging procedure early in your cloud deployments will organize your resources across all of your different cloud providers. Tagging helps you understand which resources are being used for certain projects and which team members can access them. This enables you to apply different methods depending on the importance of the resources in use. For example, you could save money by deactivating resources when they are not in use. Development resources could be turned off on weekends and even after hours while production resources aren’t in use. With proficient management, you can track unused cloud resources such as proof of concepts and projects that are no longer needed.
When managing cloud data it is also important to prevent the creation of new data silos. A data silo is a group of raw data that is accessible by one department but isolated from the rest of your business. This results in a severe lack of transparency, efficiency and trust across your departments. Data silos halt you from gathering useful data on your products, your customers and their needs. Data silos cause a variety of problems for your business. They give an incomplete view of your business, hinder collaboration, result in bad customer service, slow down the pace of your business, waste storage space and threaten the overall accuracy of your data. Luckily, there are methods to prevent and solve data silos. Some are easier than others, but it’s crucial to find one that suits your business.
The first way is to leverage integration software. For users of cloud applications, Integration Platforms as a Service (iPaaS) offer an outstanding solution that addresses all of the issues created by data silos.
The second method is to choose an all-in-one solution to unify your data management. These can also be referred to as platforms and are software providers that offer different products to cover several business processes. When your accounts, marketing and customer experience departments work with the same provider, it’s obviously easier to avoid data silos.
The final method is to search for applications with native integrations, which is tricky but effective when done correctly. With so many applications out there, it's impossible to build a native integration for every tool you are using. Nevertheless, some applications identify frequent use cases and craft tailored solutions to connect their data with another app.
Whatever method you choose, make sure it’s one that you can maintain, as data silos can sink growing companies with ease.
A world of regulations and how to comply
Now that you know how to protect and properly manage your cloud data, it’s time for you to research where to store it. Laws, regulations and compliance regarding how you can store data and what you can do with it vary among countries and are crucial to understand if you want your multi-cloud strategy to succeed long-term. This is one of the main reasons it is best to stick with using major cloud providers, as they are built to work in compliance with a variety of countries’ laws and regulations. It’s important to view your cloud providers’ compliance sections to understand what laws and regulations they strictly adhere to. For example, Google Cloud outlines how compliance works across different countries and their regulations.
A majority of global business operations involve the United States in one way or another. Utilizing the strongest economy in the world seems like a no-brainer, but it’s important to understand the regulations on storing cloud data in the United States before incorporating it into your multi-cloud strategy. One of the most important laws to understand when choosing to utilize the United States in your multi-cloud strategy is HIPAA. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that establishes data privacy and security requirements for organizations that are charged with safeguarding individuals' protected health information. These organizations meet the definition of “covered entities” or “business associates” under HIPAA. Violating HIPAA is bad news. It’s crucially important that the data you are storing and utilizing in your multi-cloud strategy respects protected health information. It’s essential that you carefully review your cloud provider’s business agreement and how it might intersect with HIPAA should you want your multi-cloud strategy to work in the U.S.
The U.S. prides itself on the distinct boundaries which separate state and federal jurisdiction, and data privacy laws exist in both realms. California led the state-level data privacy law charge with The California Consumer Privacy Act (CCPA) in 2018. This state statute enhances privacy rights and consumer protection by providing California residents with the right to know what personal data is being collected about them, whether their data is sold or disclosed and to whom, plus the option to say no to the sale of personal data, access their data, request a business to delete any personal information, and to not be discriminated against for exercising their privacy rights. California legislators seem keen on adding to this list and are pushing for a similar law to be enacted federally. Whether or not they are successful, several other states have already begun drafting data privacy laws modeled on the CCPA, including Nebraska, Virginia, Florida and New York. Keeping tabs on the evolving data privacy push by government officials in the U.S. is important to make sure your multi-cloud strategy won’t be violating laws, even if they haven’t been enforced yet. You will not be grandfathered in.
Storing your cloud data across the pond in the European Union is a slightly different story. Operating in the EU has an immense amount of benefits, but as with anything involving the EU, it comes complete with strict regulations and bureaucracy. The most vital regulation to fully grasp when considering using the EU in your multi-cloud strategy is Europe’s General Data Protection Regulation (GDPR). The GDPR states the responsibility falls on the organization not only to secure customer data, but to demonstrate that they know where it resides, and how it’s processed. Organizations handling an individual’s data must be able to provide, port and delete it on request, with respect to that individual’s rights. Knowing what data you have and where it’s located is never easy in a multi-cloud world, but it is crucial to understand because a governmental ruling called Privacy Shield states that EU Data Protection Authorities (DPA) have an obligation to step in and suspend data transfers on servers if Europeans’ information is being taken to a country that does not have essentially equivalent protections to those they have under EU law. A breach of GDPR could result in a fine of up to 10 million euros and even 2% of a company’s global turnover. One British airline had a data breach back in 2017, where a rushed data security setup led to the leak of credit card information and passwords for half a million people. Needless to say, governmental bodies take publicly releasing people’s credit card information very seriously, whether it was an accident or not. The airline faced a hefty £183 million fine, both as punishment and to send a message to other businesses on the importance of respecting data privacy.
Across the rest of the world, laws governing how your multi-cloud strategy can operate are much more fluid and random. Some countries can even send law enforcement to audit your multi-cloud data with no notice at all. India took this approach upon seeing COVID-19 and political misinformation spread like wildfire on WhatsApp. The nation quickly passed a law requiring WhatsApp, which has half a billion users in India, to fork over their cloud storage data to reveal people credibly accused of wrongdoing. The problem WhatsApp has with this is that it runs counter to its promise of encryption for users. WhatsApp responded by filing a lawsuit against the Indian government in May of 2021 to block the regulations. Time will tell who will win the legal battle, but it goes to show that laws can change rapidly and hit your well-planned multi-cloud strategy out of the blue. Storing your multi-cloud data in countries that have this level of uncertainty for their future of cloud data storage and privacy laws poses a significant risk to your business. It is important to weigh this factor when deciding what countries to involve in your multi-cloud strategy.
Your future in the clouds
A multi-cloud strategy comes with an array of excellent benefits, including granting businesses the speed needed to scale their operations rapidly and more choice in selecting specialized providers to meet your security and storage needs. With it also comes constantly evolving security, management and regulatory challenges. It’s crucial to understand how to keep your data safe in multiple cloud environments, and more importantly, how to maintain easy access to manage this data. Staying informed on the ever-changing regulations different governments impose on data storage and privacy may seem daunting, but it is vital in order for you to sidestep serious legal challenges that can hamstring even the most successful businesses. Our multi-cloud world is only beginning to take shape, but planning your multi-cloud strategy to succeed long term will help you tackle every challenge in the best way possible.
About the author:
Robert Jacobi is the Director of WordPress at Cloudways, a multi-cloud managed application as a service platform that lets users choose where they want their website to be hosted from a variety of options, including Amazon Web Services, Google Cloud, DigitalOcean, Vultr, and Linode. Robert leads the WordPress business unit at Cloudways in community engagement, strategic partnerships, and product. Prior to joining Cloudways, Robert served as President of the open-source project Joomla and Executive Vice President for Perfect Dashboard, where he partnered with major web hosting providers to offer websites automated security and performance updates. In 2000, Robert also founded Arc Technology Group, the lead Joomla consultancy in North America, whose clients include Fortune 500 firms Microsoft, Abbott Laboratories, and Eli Lilly. He is a frequent speaker at WordPress and open-source conferences and resides in Chicago, Illinois.
The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.