GDPR - a case of data center murder looming?

Martin Banks Profile picture for user mbanks November 28, 2017
FirstNet Solutions says that the panoply of management implications and financial threats that lie behind lack of GDPR compliance is a big selling point.

data protection
As a long-time pre-sales specialist, Asif Malik, Technical Director at Leeds-based Firstnet Solutions, the question of which arguments he sees being successful in persuading users to move to the cloud is obviously front and centre in his thinking right now.

While there is a list of established arguments to be used, he has found that one with urgent resonance to the user community is now getting good traction - the forthcoming General Data Protection Regulation (GDPR) from the European Commission:

It has opened up a new can of worms about compliance. The Government is now saying that businesses have to have some data regulation and compliance behind them.

Many are suddenly realising that because they have never been obliged to have this, they simply have not bothered. Finding themselves facing such an obligation, and an obligation with wallet-rending capabilities for them, they are turning to companies like FirstNet to provide a solution.

FirstNet has grown out of targeting the SME-to-lower-end large corporate sector – those most likely to turn to third party support for the provision and management of non-core business activities, such as IT and networking. As part of this role the company has obviously grown aware of the additional service opportunities that could come from operating in the co-location and cloud sectors.

First, buy a data center

Earlier this year the firm managed to acquire an ex-NHS data center facility, which was originally part of the spine patient-record network. It is now selling space for managed co-lo operations as well as building up a hosted cloud services operation. The founders had just, when he joined, opted for a Nutanix-based platform.

The current mix of co-lo, with its requirement for physical management, and cloud with its distributed virtual management, is something Malik would now like to get rid of. The former is more complex and time/resources dependent, whereas cloud is more centralised and easier to manage at scale on the customers’ behalf. He sees a tipping point coming, increasingly driven by the provision of GDPR services, though it may take three years to get there:

One rack full of Nutanix might generate £500,000 in revenue a year, while one rack of co-lo will generate £700 a month. Which one would you go with? Nutanix is not an easy sell at the moment because of the name. But what we are saying to potential customers is, 'Here is a trial port, come and have a play’ and they are starting to get it.

FirstNet had looked at the hyper-converged systems competition, such as Simplivity and Nimble Storage, but he suggested the weakpoint for each was that they used dedicated hardware, such as accelerator cards inside the servers. This meant that, while there were some performance advantages, they lost out on the ability to conduct rolling upgrades which can be compromised by that special hardware:

What would you choose? There is a slight performance disadvantage but you get the ability to apply rolling upgrades and use standard commodity hardware from companies like Dell or Lenovo, or use Nutanix’s own platform, rather than be locked in to a dedicated platform. So customers are, in a way, being forced to go out and talk to people like me, rather than just leave their server running in a cupboard.

GDPR - 'no' is not an answer

At this point he admits he is prone to launch into the benefits of working in the cloud: nothing on premise, a customer’s current and future cost models, the ability to upgrade when they want, having a totally managed service by a company like FirstNet, coupled with data protection, data recovery, workplace recovery, and the availability of the company’s specialist staff who can remotely manage and optimise the services the customers receive.

But of late, it is the sudden realisation that GDPR is only six months away from catching them unawares that is giving an added urgency to customer enquiries. It is a potential that cloud has been expected to deliver for some time, but Malik speculates that it may in fact be GDPR that finally proves to be the murderer of physical servers in business:

It could be, couldn’t it. We have customers that are already in the process of such changes. We have oneLeeds-based customer, providing components for the international oil industry, that has been told that it now needs to be fully compliant. Until now, their IT has been managed by its New York-based operation, but they know nothing about GDPR and have told the UK parent company to get someone local to do it all.

The initial short-term solution will be that the existing on-premise server farm will be shipped lock-stock and barrel to the FirstNet facility where it will be managed as a co-lo operation. But he sees the economics of a third party managing such an environment will push such customers to the cloud.  He also expects such a process to be aided by the speed with which services can be expanded:

I have seen with my own eyes a customer’s environment doubled from 4-nodes to 8-nodes – a job that used to take a week to install and configure – completed in 15 minutes. The existing block identifies the arrival of a new block, asks if the user wants it configured and then sets about it.

Malik’s views are supported by recent research conducted by Coleman-Parkes Research on behalf of Interoute. This suggests that businesses are planning to move, on average, nearly half (46%) of their infrastructure to the cloud over the next six months. One of the key levers behind this would seem to be the need for GDPR compliance. This, the survey shows, is a key consideration for 35% of European businesses now looking to move to the cloud.

My take

I guess the process now underway here is inevitable: despite the many arguments deployed in Cloud’s favour have been around for years, all it may take for the final move to domination will be the sleepless nights and bad dreams that CFOs now face as they contemplate the potential that one mistake in security and compliance management could see the financial heart of their business ripped out from under them. If someone else can provide it and manage it, and provide it now, what – as Asif Malik asked several times – would you do?

A grey colored placeholder image