 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Emerging requirements for data sovereignty are driving an evolution in cloud deployment topologies. A new approach, known as Bring Your Own Cloud (BYOC), melds the control, compliance and data sovereignty benefits of self-hosting with the operational agility gained through fully managed SaaS offerings.
“Data sovereignty” is the notion that corporate data is subject to the laws and governance of the nation where data is collected, stored and processed. More than 100 countries have data sovereignty laws in place.
Organizations running services in the cloud are often subject to these data sovereignty requirements; however, traditionally it has been difficult if not impossible to be sure that cloud services store data in only a particular region.
For many years, organizations operating in the cloud have focused on data privacy in isolation, seeking to comply with a range of regulations — for example, GDPR in the European Union and the Health Insurance Portability and Accountability Act (HIPAA) in the United States.
As it turns out, data sovereignty is much more complex than data privacy alone. Privacy can be achieved in a straightforward manner, by relying on policy, which enables a declarative approach to deleting, masking, obfuscating and indexing sensitive data. Such an approach is commonly employed to protect predefined personally identifiable information (PII).
Data sovereignty, on the other hand, can be achieved only when the responsible organization controls the life cycle of the hard drives where data resides. There is no middle ground and no debate — data either resides on hard drives under your control or it does not. For this reason, it would seem that the only path to data sovereignty is self-hosted, single-tenant cloud deployments.
An even more extreme solution, “cloud repatriation,” moves everything back to on-premises infrastructure. Yet a move back to on-premises and self-hosted deployments often means sacrificing the operational, cost and scalability benefits that have made SaaS models so popular.
The challenge lies in the legacy of SaaS, which emerged long ago at a time when the world needed relief from self-hosting, but in so doing, SaaS introduced its own set of tradeoffs.
We have noted the challenge of data sovereignty, but SaaS solutions can also introduce the risk of vendor lock-in and the loss of visibility and control over sensitive data. And while it used to be easier for organizations to simply mandate that some sensitive applications should remain on premises indefinitely, we are now so addicted to the benefits of fully managed cloud services that it’s hard to imagine a permanent divorce.
Thankfully, there is a third path that both balances the tradeoffs between self-hosted and SaaS models, and provides a manageable path to data sovereignty: Bring Your Own Cloud (BYOC).
In a BYOC deployment, an organization’s data remains inside its own virtual private cloud (VPC), while the vendor remotely operates and maintains the infrastructure. This option gives platform engineering teams more visibility and control than a pure SaaS model, while still allowing them to offload the time-consuming and resource-intensive work of managing cluster operations. This model has the added bonus of freeing them to focus on top business opportunities.
These factors — visibility, control and operations — are even more critical when managed services are powering an organization’s real-time data infrastructure. Many infrastructure teams are overwhelmed by the complexity of supporting real-time workloads at scale in the cloud — for example, by maintaining large Kafka clusters in multi-availability zone environments. At the same time, they struggle with data sovereignty issues as data regulations become increasingly onerous. A BYOC approach is ideal for navigating the compliance and regulatory requirements for real-time streaming data infrastructure.
Redpanda Cloud BYOC clusters as an example of a BYOC deployment model. The data plane remains in the customer’s virtual private cloud (VPC). Redpanda’s control plane manages cluster operations.
BYOC balances the benefits and drawbacks of both self-hosted and SaaS models by giving you the control and flexibility of self-hosting without the complexity and risk. With BYOC, you are also able to implement security measures tailored to your specific environment. BYOC frees you from managing the platform on your own infrastructure so you can offload operations, support and maintenance to trusted experts.
BYOC is a fully managed cloud model, but you retain more control than in a traditional SaaS model due to the separation of the control plane, which sits in the vendor’s cloud environment, and the data plane, which sits in your environment. This separation means that even when the vendor’s control plane is down, your system can run as usual and your data is available.
Cloud providers reward customers for long-term spending by providing committed spend or committed use discounts. The beauty of the BYOC model is that it enables organizations to continue taking advantage of those infrastructure discounts as if they were self-hosting.
Beyond data sovereignty, BYOC also helps organizations comply with data privacy regulations. Leveraging zero trust access control and an isolated protected cluster, BYOC deployments can enforce multiple layers of security, all under the control of the team running the platform. BYOC also helps you to maintain least privilege for critical resources because the vendor’s control plane doesn’t have excessive credentials or permissions.
Platform engineering teams facing a range of deployment options, while dealing with spiraling cloud costs and service sprawl, now have the additional challenge of tackling data sovereignty. BYOC is a good option for organizations that need the benefits of self-hosting, such as control, observability and governance, without the inherent complexity and risk.
If your organization is embracing real-time data streaming and processing while also struggling with data sovereignty challenges, then BYOC is an option that engineering leaders in your organization should evaluate.
