We’re currently living through a time of change – where mistrust in big tech is growing, data is being used to help inform the information being served to us online and our reliance on technology to help us effectively do our jobs from home is the norm.
Coronavirus and the current market has not only impacted the way we work, but also how business leaders can prioritize their technology investment – with many making the decision to move to the cloud and considering the right solution to support integration of both public cloud and on-premises environments more easily. Businesses across all industries are leveraging the benefits of cloud infrastructure to enhance efficiency, reduce server and storage costs, and incorporate flexible work practices.
However, the issue of data governance can present challenges for organizations operating across multiple geographies. But in the current climate there’s more need for businesses to have control, convenience and choice when it comes to managing their data.
Data sovereignty and the cloud in 2020
The need for cloud solutions has never been as clear as now. It has helped entire organizations shift to remote working models in a matter of days, allowed businesses to create new services and ways to support customers digitally, and circumnavigated the challenges that come with relying on on-premise infrastructure. However, when it comes to data sovereignty, and the distributed nature of the cloud, this shift isn’t a simple flick of the switch. Organizations that have different functions in multiple locations face various challenges when managing their data. For example, the locations where the application data is stored may not be known to end-users and cloud providers tend to host data in technically efficient locations, or ones that are commercially viable.
There’s also an increasing amount of data protection legislation, especially in liberal free-market democracies, that requires compliance from businesses in the way they use and store data. Over the next few years, the challenge for many global companies will be how they respond to this, as many of their current cloud providers can’t address the increasingly complex data storage and handling scenarios. This, combined with a much larger awareness of data privacy and consumer’s rights, means that organizations need to be transparent about their data, who has access to it, is using it and how.
The rise of the local cloud provider
In markets such as the EU, there is a trend towards championing consumer rights and privacy at the expense of commercial competitiveness when it comes to data protection. The EU has actively called out for the need for local cloud infrastructure to better protect businesses and consumers. GDPR has forced organizations dealing with any personal data within the EU to know exactly what data they hold, who has access to it and where it is stored. This is complicated further when cloud computing is brought into the mix, especially when it’s estimated that 92 percent of the western world’s data is now held in the US.
That’s not to say that data and cloud isn’t important in the US market. It’s just that unlike in Europe, the US is far more litigious. Data breaches, or data mishandling, can run up lawsuits to the tunes of hundreds of millions of dollars. In this case, it’s the fear of lawsuits that is forcing the market towards better security through localization countermeasures.
As a result, organizations today are finding that multiple cloud regions, and even multiple cloud vendors, may be necessary. Considering they can access data centers in areas which are not provided by the primary cloud provider and as they manage costs and resources more effectively by taking advantage of reduced prices or specialized offerings which are not available with other vendors. The need for establishing sovereignty is an important concern among legal and policy constraints when data and resources are virtualized and widely distributed. And so, we have seen the rise of home-grown cloud providers.
The role of API Management in multi-cloud
Ultimately moving data tends to rely heavily on APIs, so when looking at a multi-cloud approach the role of API management is crucial. Supporting a multi-cloud strategy requires evaluating your API management approach - this includes finding an API management solution that is capable of working in a multi-cloud, multi-region configuration, while ideally providing a centralized view.
API management across multiple regions and cloud providers is complex. While infrastructure solutions such as containerization are making it easier to deploy the same solution across multiple vendors with varying infrastructure resources, there remain several additional concerns:
Managing multiple API instances: Rather than a single cloud provider, API instances will be scattered across multiple providers. Keeping API routing rules, authorization, and rate-limiting quotas in sync across these multiple providers becomes extremely important. This includes the monitoring and reporting of API health across and within each provider and their regions that an organization utilizes.
Centralized control plane: Some API management solutions assume a single data center by designing their APIM as if the control plane and data plane are the same, making it difficult to disconnect the management from the actual traffic management. When moving to multi-region and multi-cloud deployment architectures, this becomes even more challenging to keep in sync. Rate limiting may be incorrectly applied, costing more in infrastructure resources. Worse, the authorization rules may become out-of-sync and result in improper access to data and API operations. Look for API management layers that separate the control plane (management) from the data plane (traffic enforcement) to make the transition to multi-cloud smoother.
GeoDNS and ingress routing: Incoming API traffic needs to be routed to the appropriate region based on who the consumer is, what data they need to access, and where it resides. This may require solutions such as GeoDNS to resolve DNS entries based on the consumer’s location, internal data stores that map the data source to the appropriate data center, the use of tenant subdomains in the API base URL to auto-route to the proper data center, or perhaps a combination of these approaches. While this does not directly impact an API management solution, the APIM may make it easier or more difficult to get all of these components working.
Business flexibility to survive
Once the cost, security, and protection benefits of the cloud become apparent, you can appreciate the value that its flexibility offers. The cloud infrastructure should shift from being a cost center to a strategic platform that will help a company embrace opportunities in an uncertain future. To survive and thrive in a period of change, businesses need to be agile, secure, and capable of scaling at speeds greater than that of competitors. Cloud, if you get it right, can give you the edge and the scalability required to become a market leader.
In times of crisis like the Covid-19 pandemic, true business leaders focus not just on survival but also on building for the future. Along with enabling remote working, they must invest in improving agility and efficiency. Understanding the flexibility, cost benefits, and competitive advantages that cloud offers will allow them to prepare for the future.
Martin Buhr, Founder and CEO, Tyk Technologies