We’re seeing a significant shift in the Platform as a Service and Infrastructure as a Service markets as the cloud becomes a global phenomenon, with enterprise adoption and regulatory pressures driving the need for better data governance and control. Cloud providers can no longer simply tell customers not to worry about where their data is held.
On the consumer side for example, Germany in March instituted an antitrust probe of Facebook based on data protection questions.
The EU safe harbour agreement was declared invalid in October 2015 and is being strengthened (it’s a shield now, apparently), increasing obligations on US companies handling European data. Geopolitics isn’t becoming any more forgiving. European companies and governments are looking for more far more confidence about where and how data is held.
In May Microsoft trumpeted that it had passed the new Spanish national security framework. The company is even building its own undersea cabling network, MAREA, from the US to Bilbao, neatly bypassing joint US/UK national security infrastructure points of access.
Amazon Web Services has long allowed for logical partitioning in the shape of Virtual Private Cloud, but it now also multi-region choices for data hosting – it’s data center in Frankfurt has been a notable success.
Heroku, which is an AWS shop, is now taking advantage of Amazon functionality to offer it’s own geo-secure services. The Salesforce.com subsidiary recently asked me to contribute a quote to a white paper on security:
Today it’s not enough to simply offer hosting or black box PaaS. Developers need services that allow them to deploy private networks in the public cloud, making geographical choices about where to host data. Public cloud wins on convenience, but the market has made it very clear that data location and governance are not optional extras. Heroku is now addressing these security and compliance requirements across its portfolio, building on its heritage
of simplicity and convenience.
Security is hard, and needs to be baked in, rather than bolted on. Heroku and other cloud service providers are responding to market needs and upping their game in this area.