Maxim_Kazmin - Fotolia

Storage roundtable: GDPR and cloud precipitate market shake-up

MicroScope gathered together a group of storage industry representatives to discuss the channel’s role in data management in the cloud era and how the upcoming GDPR is being handled

Data underpins everything, and with digital transforma­tion, cloud strategies and the challenges of the loom­ing General Data Protection Regulation (GDPR), it is a busy time to be in the storage world. We gathered together representatives from across the industry to take the pulse of the market and discover what the storage channel needs to be doing to put itself in the best position for the future.

Our customer survey results show that hybrid cloud is here, withthe UKfocused on off-prem following a shift over the past few years. What that means is that of all the spending across the datacentre, more is going to cloud and software. Is that what you are seeing as well?

CHRIS JAMES: Just an observation: I was at a Gartner infra­structure and operations conference recently. Two years ago, all the conventional hardware companies attended. This year, it was Amazon, Google, ServiceNow, firms such as Appdynamics and the application performance companies – it was a really dynamic change in the vendor scene. I just thought that ties in with this. It’s a really notable difference in the audience – the other vendors had just disappeared.

BOB PLUMRIDGE: It’s a combination, definitely, and I think we see a lot of customers moving data as data agents off-premise into AWS [Amazon Web Services]. So, it’s not either-or, it is both. It’s production data running the business by day, which is often sitting in the customers’ own datacentres. But because

of the rules and regulations we’re seeing coming in with GDPR, companies are having to store more and more data, probably for longer periods of time, so it makes no sense to do it in a tra­ditional datacentre, which can be very expensive. So customers are moving it to object stores and shipping it off to AWS, and those are growing very quickly.

Roundtable attendees

Dan Chester, regional sales manager (UK & Ireland), Cloudian

Ezat Dayeh, regional technical architect, Cohesity

James Hall, EMEA strategist (storage), HPE

Nicolas Maigne, senior business development manager, EMEA – storage, Micron

Jerry Rijnbeek, director of sales engineering, EMEA & APAC, Rubrik

Andy Corcoran, UK sales director, channel, Dell

Mathias Grobet, managing partner, Velocity Business Design

Chris James, marketing director, EMEA, Virtual Instruments

Bob Plumridge, CTO and member of board of directors, SNIA Europe

 Nigel Tozer, solutions marketing director, EMEA, Commvault

DAN CHESTER: We see something very similar to that. We saw an initial wave of public cloud adoption from customers that were willing to go all-in on public cloud, and some of those were very large. Of course, that suits the public cloud vendors well. Then there is a second wave of public cloud adoption from customers who weren’t willing to go fully into public cloud, and they are looking at hybrid cloud deployments. Rather than resisting this, we’re seeing the large cloud providers being open with customers on how to work in a hybrid way. A lot of the conversations we are having are with customers who are

looking to find out about hybrid and migration strategies. They are interested in our on-premise S3 storage as part of their preparation for a hybrid, or perhaps even public cloud-only, end game. However, since relatively few immediately move to a hybrid deployment, it seems to be primarily a way of future-proofing themselves.

JAMES HALL: Most customers I speak to have some kind of public cloud strategy, but the reality of putting something in the public cloud is a long way off for some. The cold data is the obvi­ous place to start, but I think, from an infrastructure group point of view within a customer, it’s coming from the top because it looks cheap and it’s an opex [operational expenditure] cost, but you need to make it work.

The reality of it is that it is about the standard of applications that sit in the datacentre. Some will need to move, and moving cold data and having a data management platform to do it for you is quite straightforward. But picking up any kind of trans­actional workload that runs any part of the business that has a whole bunch of processes and people and support around it is much harder.

I think most organisations that satisfy the strategy at the top, saying, “We need something in public cloud” – which is a bit of a knee jerk – will look for the lowest hanging fruit. The hybrid model is a great place to start – some on-premise and some off-premise instances. It’s a tick in the box to say they have carried out the strategy and got something in the public cloud.

A lot of organisations have either done it or are just about to do it and are working out very quickly how to do it to satisfy that strategy. From a vendor point of view it forces us to be much more innovative. We can see hardware sales going out to public cloud and we need to think of innovative ways to help that happen because we are not going to stop it, but how do we help it happen with infrastructure products and software so that we stay in the datacentre and help the customer deliver against their strategy. This makes it a very interesting world for the vendor.

Is security still a big concern for customers, and holding back greater movement to the cloud?

JAMES HALL: I think it is one of the biggest concerns. Some of the cus­tomers I work with are large invest­ment banks, and several of those have security certified Azure very recently. That says to me that it is happening, but only now.

It boils down to this burning desire to say, “We have a strat­egy to put something in the public cloud and we need to get this off the to-do list”. I think that’s a big driver for a lot of organisations – it may not necessarily be the right one, but that has been driving it.

And I think the other thing is companies thinking, “We need to do something or we’re just going to end up with shadow IT everywhere, and shadow IT is not acceptable. We need to know what’s going on, then we need to consciously put it there”.

NIGEL TOZER: We’ve had more discussions with banks in the past six months than we have previously had about cloud specifi­cally. When the banks are thinking about it, then you know secu­rity concerns are starting to fade. The other thing we are seeing more of than ever is businesses shutting off their own datacentres, where the redundant/disaster recovery sys­tems would usually run, and they are looking to push that off-premise and shift it to the public cloud.

CHRIS JAMES: One thing people don’t talk about much is the num­ber of organisations coming back from the cloud. We have been dealing with some large organisa­tions that have got burned by the cloud, found they don’t like it and/ or it has been too expensive and not flexible, so they are bringing everything back in-house.

NICOLAS MAIGNE: For some customers the public cloud can be more expensive than doing it in-house. The growth in storage spending from public cloud providers has exploded, so there is clearly a shift in spend in that direction. When I talk to banks they say that they will have a public cloud strategy, but not all are ready at this time to move to the cloud.

Hybrid cloud is the operating word here, because not every­thing will go to the cloud.

MATHIAS GROBET: There are geographical issues here as well. We work with vendors in Asia and Europe, and see that in some countries users are very sensitive and don’t want their data stored outside of their countries. Vendors are pushing the cloud hard and the channel wants to support it, but if you don’t have datacentres locally it’s going to be a challenge. There’s a push from the vendors and there’s a push from the companies to store in the cloud, but the reality is that, in some cases, the infrastructure is not fully there yet.

BOB PLUMRIDGE: But that will be the case across all of the 28 EU countries by next year because the GDPR is going to enforce those rules on everybody. It is not optional, and GDPR is not something you can be in or out.

MATHIAS GROBET: Some governments simply demand that you store the data in the same country. That leads us into the GDPR issue. Is this going to be a big driver of firms buying storage in the next year?

NIGEL TOZER: The really critical thing about GDPR is that there is not a quick-fix solution for it. Some of the channel, along with some customers, just want a box to put in, but it doesn’t exist. GDPR cuts across so many different areas, and touches every part of a business. Yet some vendors are saying, “Look at my GDPR solution”, when in reality they have something that helps but has such a narrow focus it’s far from a solution. I think that as we move forward there’s going to be some GDPR fatigue, both in the channel and among customers.

JAMES HALL: Everyone’s understanding or interpretation of something like this is different, which doesn’t help. So whether you’re a partner or a vendor, what each organisation needs is people who fully understand what GDPR means and what it crosses, before they can even think about what software, infrastructure, people and processes are needed to comply with it. The problem is that every­one talks about it but no one really understands it. The deadline is looming and no experts are coming to say, “This is how you can com­ply”. There’s no process.

NIGEL TOZER: The other big issue is from a customer per­spective. Resellers are having to deal with people from their customers’ businesses who they’re not used to dealing with. Some companies see it as a legal problem, and have a legal lead trying to get them compliant, while others see GDPR as a sales and marketing problem and they put someone from that space into lead role. For most organisations it is going to affect every part of the business, but they are just not thinking broadly enough about it.

EZAT DAYEH: The question of GDPR is being asked daily, with customers currently asking us what we have around GDPR. It is still very woolly at the moment, and not everyone knows what the requirements are. I saw a statistic recently that here in the UK 78% of businesses don’t think it’s going to apply to them because of Brexit and about 50% of all cus­tomers don’t actually have any active plans for GDPR. That’s a real­ity that we’ll all have to deal with.

NIGEL TOZER: Where’s the first place organisations should look for information on GDPR? It’s the Information Commissioner’s Office (ICO) – as the regulator for the UK, the ICO has comprehensive guides and explanations about how to tackle it. It provides many news stories, blogs and videos that talk about how it is tooling up, getting staff ready and changing its funding model to cope with GDPR.

EZAT DAYEH: I think the key piece that people are missing when it comes to hybrid cloud and GDPR is the integration of these processes within their software, starting from the soft­ware vendors. When it comes to GDPR protection or being able to move data between on-premise and public cloud or private cloud, I don’t see the software vendors making a huge push. Consequently, customers are approaching infrastructure ven­dors and asking what they can do to help. The problem is, we don’t have the intelligence to look inside the applications and understand the workflow to be able to deliver that complete end-to-end solution.

There is definitely scope for consultancies to spring up and to focus specifically on this area, but, ultimately, everyone needs to keep in mind that when it comes to liability, it’s with the customer. The consultant is going to advise in the best way they can, but when it comes to the legislation, it’s the customer’s responsibility. Time is running out and it will be interesting to see if the EU will get its teeth out and actually fine organisations.

NIGEL TOZER: The impression I get is that the ICO is saying, “Be collaborative with us and if you have a breach, tell us straight away, we’ll help you get through it”. And if you do that, as long as you can demonstrate that you’ve made a serious effort to com­ply, I think it is going to be a lot more lenient with fines and the audits it does. However, I think if you have a breach and the ICO has to come to you and you’ve done nothing [to comply], that’s when the fine is going to hit.

JAMES HALL: It then becomes just a business of setting aside a whole bunch of cash, knowing it is going to happen and keep­ing reserves for fines, which is what investment banks have done for years. It can be easier to ignore the audit and pay a legal fee, but are they going to step up because that’s not going to be acceptable.

BOB PLUMRIDGE: There are significant fines in GDPR. Is there a risk that customers are mis-buying and being mis-sold GDPR solutions that fail to produce the right results?

EZAT DAYEH: Undoubtedly, this is going to happen to some extent. Similarly to Y2K, and because less than a year is left to become compliant, some organisa­tions are going to implement solu­tions that will eventually fail to pro­duce the anticipated results. It’s a very delicate thing, as missing little things can result in enormous fines.

NIGEL TOZER: I rarely see the IT buyer as the one worried about GDPR at the moment. It tends to be the security or compliance leads. Whoever the GDPR project lead is, they are only going to get so far without a business-wide review, which includes wider IT teams. Unless they do this, IT and related operations are going to have a really big problem dropped in their lap in six to nine months’ time.

MATHIAS GROBET: There will be a lot of consultants and law­yers making a big paycheck in the next 12 months.

ANDY CORCORAN: This is one of the key elements that part­ners want to be able to sell. The most active partners we see offering GDPR have large-scale backup recovery solutions in the cloud, because the impression is that, “As long as I have got all of this covered at the back end, I have a path to recovery and I can protect myself in that way”. But the reality is that it is the convergence of every part of business and technology that is the problem – this touches almost every part of a business. So if you accept the responsibility and be a partner around GDPR, how do you ensure you’re not completely ruining your organisation in trying to put it all together?

MATHIAS GROBERT: Most of the vendors we work with have moved from a transactional to a subscrip­tion revenue stream business model, so that’s why they need channel partners to transform to become that trusted advisor and service pro­vider. One of the opportunities for the channel ecosystem is to be able to offer consulting services around GDPR. It’s not a technology or product thing, but more of a gov­ernance and process thing.

In the second part of the roundtable coverage the vendors will discuss DevOps and flash and detail just how they are helping their channel partners prepare for the future.

Read more on Data Storage Hardware

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.