Storage Vendor News
Hu Yoshidas blog
Should IT Departments Be Worried About GDPR?
Sun, 19 Feb 2017
This past week I was in the Nordics talking to customers from Sweden, Norway and Finland, about Data Governance. This is a topic of high interest due to a new EU regulation around data privacy which is due to be implemented by May 25, 2018. This regulation, known as the General Data Protection Regulation (GDPR) was adopted by the EU in April 2016, While it is an EU regulation it applies to any organization, regardless of location, that acts as a controller and/or processor (service provider) of personally identifiable information of EU residents and so it has a global impact and a very short window for compliance. The primary objectives of the GDPR are to give back to EU citizens, the control of their personal data. Key points include the need for consent to use personal data, transparency in the use of personal data, the individual’s right to be forgotten (erasure of personal data), the need to protect that data, and the requirement to notify individuals in the event of a breach. Sanctions include a fine up to 20,000,000 EUR or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater. A penalty of this magnitude would bankrupt most companies!
Europe has led the way in terms of protecting the privacy of individuals. The EU published a Data Protection Directive back in 1995 and concepts like “the right to be forgotten” originated in Europe. This directive will be replaced by GDPR which is now a regulation that will result in more consistency across countries. GDPS is more prescriptive, and is updated to include “processors” such as cloud service providers, and will have a global impact. While some highly regulated sectors like financials and health care are already budgeting for GDPR and assigning resources to prepare for compliance, surveys show that most companies are still in a wait and see mode despite the very short window for compliance.
My experience last week in Sweden with a few Nordic customers confirmed this. The customers that I talked to were data center and IT service providers and GDPR was not high on their current agenda. One customer told me that the business units are responsible for content, and privacy was not the concern of IT. Most felt that someone else in the organization should be looking out for this and IT would just be the implementers. In my view, GDPR is all about storing, searching, cleansing, analyzing, protecting, reporting and scrubbing data, and IT should be the experts in knowing how to implement technology to do this. Therefore, IT needs to be proactively advising the business units on how they can prepare for GDPR. Otherwise the architects and developers in the business units may be reinventing functions or capabilities that IT may already have or could be doing better with the right choice of IT technology.
One customer from a service provider who had been working on a healthcare information project using HCP, Hitachi Content platform, recognized how HCP could be used for GDPR in other application areas. Applications may not need to be revised for data privacy if it can be implemented by enabling features in the IT infrastructure. He commented that we need to educate the business units on what can already be done with our content platform and our content search and analysis capabilities in HCI (Hitachi Content Intelligence) solution. We will be working with this organization’s IT to get the message to the other constituents in the organization.
Hitachi Data Systems offers its customers a proven technology and services product line that addresses legacy and contemporary data formats and use cases to address governance and compliance requirements. We have been very successful in this space. These products include robust feature sets that already offer support for many of the world's most stringent governance and compliance requirements.
- Hitachi Content Platform was originally launched (2007). Throughout the following years, HCP has been extended and adapted to support new regulatory requirements across the world, as well as new use cases, storage product integrations, and secure hybrid clouds with a choice of leading public cloud storage service providers. These deployments often require a high level of resources sophistication to navigate various networking, data protection and accessibility requirements. The addition of Hitachi Content Intelligence, delivers comprehensive enterprise search based on a centrally managed and standardized intelligence platform to address how data is managed, explored, understood, and acted on regardless of its type or location, content search and analysis, Thus, there is no reason to believe that HDS, with HCP and HCI, will not be capable of complying with GDPR requirements when the regulation goes into effect.
- Hitachi Consulting supports customers across a wide array of esoteric use cases and requirements. Extending the scope of its services to include expertise with respect to GDPR, and the assessment of IT environments for compliance with GDPR, is well within the capabilities of the organization.
- Hitachi Data Systems Global Solutions Services provides professional services and experienced personnel that integrate our entire content portfolio including HCP, HDI (Hitachi Data Ingestor), HCP Anywhere, and HCI in any environment – including tightly regulated environments. Discovery, Planning, and Transformation services for these products includes migration, application integration, planning & design, implementation & configuration, and solutions architecture. GSS also provides services for ongoing management and operation of customer content environments using remote services, residency, or managed services to meet customer needs.
IT departments should become familiar with the data requirements for GDPR, and be proactive in working with the business units in defining the infrastructure for compliance. Here are some references on GDPR:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT
- ComputerWeekly.com EU data Protection: Essential guide
In my next post I will cover the features in our content portfolio that will help organizations support the requirements for GDPR.
Proprietary APIs, Are Unacceptable in Today’s Data Center
Fri, 10 Feb 2017
EMC Centera is becoming obsolete according to a report published by Gartner in June of last year. Gartner recommended that organizations make immediate plans to migrate off of the EMC Centera platform. It is rare for Gartner to make such a strong recommendation on a vendor product.
Tony Asaro points out in SearchStorage that there appears to be little or no continued engineering for Centera even though there is an estimated 600 petabytes of it in the market. One customer told Tony that EMC is going to replace his Centera with Atmos which lacks the WORM and immutability features of Centera which was key to its success as a compliance storage device.
According to Tony “the main problem is Centera’s proprietary APIs. Both EMC and their ISVs locked-in customers, so they’ve avoided price erosion or competitive threats………It’s tough to migrate data from a Centera to a competitive platform. I spoke to another user whose firm took 18 months to migrate off Centera, an effort that included custom development and pressuring its ISV to support the move. There should be some outrage about this situation. Centera is a proprietary system, which should be unacceptable in today’s data center. It’s true that Centera users made their choices voluntarily, but it now looks like they’re locked into a platform that has no long-term future.”
According to George Crump, EMC’s recommendation is to migrate to ECS which has replaced Atmos. There are two ways to migrate from Centera to ECS. ECS Sync which requires the migration to be completed before new data can be written to ECS and does not support Centera’s advanced retention management features like “litigation hold”. The other is the ECS transformation engine, which can support seamless migration but is slow. While George considers these methods to provide a “graceful exit” from Centera, no matter which method you choose, ECS' content addressable storage (CAS) interface preserves Centera's proprietary characteristics and simply moves the migration problem into the future when even more data will be at risk.
Migration from Centera to modern open object storage systems is complicated and expensive especially if applications are integrated with the proprietary APIs. Professional services will usually be required. However, this needs to be done now. Especially in the face of increasing regulations like General Data Protection Regulation (GDPR) which I blogged about recently.
The exploding volume of retention data requires the selection of an object storage that will scale and adapt to changing technologies, in order to avoid future migration problems. Today, most Centera systems are less that 100 TB, imagine what the migration challenges will be when you have 10 PB or more. It also requires the support of a vendor who is committed to be there for the long haul.
Hitachi Data System's HCP is a leading object storage system according to Gartner’s Critical Capabilities for Object Storage Report and IDC MarketScape. Its open interfaces have enabled it to move seamlessly across releases and integrate new features like HCP Anywhere for end user data on PCs, Macs and mobile devices, Hitachi Data Ingestor for remote and branch offices, and RESTful interfaces as organizations evolve to the cloud and to IoT where more applications will run on the edge. HCP has moved seamlessly from core to edge to mobile devices to cloud and beyond using standard interfaces.
Hitachi Data Systems has the tools, services and partners who are experts in your applications to safely and efficiently migrate data from Centera to HCP. At a global financial institution, we helped the customer migrate 37 million files in 5 days with a storage –level accelerated migration engagement, which was 10 times faster than a host based migration with lower cost and risk. If you are a Centera user, you can heed Gartner’s advice and engage us to help plan your Centera migration to the Hitachi HCP platform and ensure that you will be able to meet your current and future data retention requirements. And you can be sure that Hitachi Data Systems will be there to support you - now and into the future.