On the morning of 24 June 2016 when Great Britain woke up to the news that the referendum to leave the European Union passed, a lot of things changed. One of them was a nearly 70 year trend toward a more unified, centralized Europe. Partly motivated by a desire to avoid a repeat of the horrors of World War Two and partly in recognition of the fact that there are advantages to building national economies at scale, these efforts resulted in one of the largest periods of relative peace and prosperity ever seen for Europe.
For those running businesses and data centers things were for the most part moving well until the first cracks appeared in the wall with the end of Safe Harbor. With the stroke of a pen, a fundamental enabler of international cloud computing, Safe Harbor, was gone. No longer could a company with a data center in the US run according to US law be able to claim by default that whatever private European data might be in the data center was just as safe and secure and private as it would be were it hosted in Europe.
So business as usual was thrown a big wrench with the fall of Safe Harbor, which implied that multinationals doing business in the US and Europe will have to implement some sort of data sovereignty capabilities. Even worse was the potential that instead of facing a single set of EU requirements that organizations would instead face sets of requirements for individual countries or, even worse, regulations specific to particular local areas of individual countries.
Now with the United Kingdom looking to withdraw from the European Union, is it pretty much a given that they will have different rules and regulations for dealing with private data connected to their citizens.
Going forward, we are likely to see more fragmentation. While a TEXIT, where Texas leaves the United States, may still prove somewhat far fetched, Scotland, which earlier voted by a narrow margin to remain in the UK, could conceivably seek to withdraw from the UK and join the EU. However, regardless of how the specifics end up working out, we have clearly entered a time of instability where foregone conclusions no longer hold true.
What can an organization do?
One thing that makes sense that could provide lasting protection would be to roll out data sovereignty or data geofencing capabilities to virtualized and software defined data centers. While the exact places that all the cards will fall in is unclear, it is however clear that the deck has been tossed in the air and that the cards will fall somewhere. You can stick your head in the sand and hope it all goes away or you can take proactive steps to prepare your organization and your infrastructure to better be able to cope when that inevitable time of change arrives.
HyTrust BoundaryControl is a solution that delivers those data sovereignty and data geofencing capabilities. Working with Intel, we have a hardware based solution using Intel TXT where each and every Xeon CPU has a unique hardware identifier allowing the creation of a root of trust. For organizations not yet ready for a hardware based solution, we also offer a software tag based solution delivering largely the same benefits – your VMs run where you want them to and don’t run where you don’t want them to. Not only does this help with data sovereignty, it also helps with protection from insiders. Remember, a VM is just a set of files and in many situations it can be easier to copy a VM and move it to another location and poke at it at leisure rather than try to extract data in situ.
The established players often dislike change and chaos. The nimble little guys, in contrast, actually embrace disruption because it provides an opportunity for fast movers to seize opportunity too fleeting for the establishment to take advantage of. Hopefully your organization will be one of the ones able to find and leverage even ephemeral advantage and turn the BREXIT and whatever follows from a crisis to an opportunity.