< Previousrity is that each cloud environment is dif- ferent. There’s a high cost of learning how to secure everything in each environment, White observes. “What’s more, the attack surface area for cloud providers is much larger than for a single company with an on-premises data centre — which is exactly what attackers want. While your company might not be a target for hackers, Amazon for sure is,” he adds. The traditional disk and tape- based data protection model is failing to keep up with the demands of the cloud era, says Smith. “At a minimum, enter- prise applications that are in the cloud need the same capabilities for data protec- tion and disaster recovery that they received in a data centre. Back- ups are necessary to enable customers to recover to a previous point in time should data corruption occur, and as a protection against malware and other malfeasance. As for cloud-native applications, because they are often architected to be resilient, the importance of data protection can get over- looked even though it remains a key aspect in protecting business data,” he adds. As such, when a hybrid cloud strategy is being implemented, it may be wise to re-evaluate data protection and disaster re- covery to ensure that the protection meets business needs. If a customer’s recovery objectives have changed, or data volumes have grown to such a degree that recovery is no longer fast enough to meet business demands or SLAs, it may be advisable to consider backing up to flash storage for accelerated recovery, Smith says. “If backup data needs to be re-purposed for other uses, object storage is a good op- tion for long-term backup retention as it keeps data more accessible,” he adds. The simplest way to implement data protection based on flash and object storage is to move to flash storage that incorporates cloud data protection any time you refresh storage systems. The right flash systems make it simple to combine local snapshots with snapshots stored in the cloud, Smith explains. resiliency so that applications can be built once and run anywhere in the hybrid cloud,” he explains. Cloud platforms change the applica- tion development lifecycle. To succeed, IT teams may need to become adept at using new, emerging technologies and be able to efficiently manage cloud resources during PoC, test, staging, and production—across multiple different environments. Because hiring people with these skills is a challenge, organisations may have to re-train existing staff and supplement with consultants and profes- sional services, says White. The 2018 Enterprise Cloud Index conducted by Vanson Bourne commissioned by Nutanix illustrates that finding hybrid IT talent is difficult. Respondents say scarcity of hybrid experts is a challenge, with 54% claiming talent retention is part of the problem. “Additionally, while technologies such as containers, microservices and APIs are helping to make apps a lot more portable, deployment, monitoring, and management capabilities are lagging behind, further compounding the skills shortage,” says White. Storing sensitive and proprietary data in external cloud environments that aren’t fully under your control carries some risks. While public clouds provide best practices guides and case studies, organisations may still be apprehensive about moving data to the cloud. “Many datasets have been exposed simply because operators weren’t familiar with the security model and tools in a given cloud versus the on-premises security environment,” White observes. Once data is in the cloud, companies don’t have a lot of control over where it’s physically located. “Where is data getting backed up and replicated? Who can look at it? Can someone in a different country look at it? Companies often don’t have enough controls to meet compliance objectives,” says White. Another challenge to hybrid cloud secu- Having a single storage platform will deliver consistent storage services, resiliency and APIs.” Patrick Smith, EMEA Field CTO, Pure Storage 54% Say talent retention is a problem storage have different features and APIs, rendering the development of applications that can run seamlessly across both nearly impossible,” says White. Cloud services are priced differently from the simple fixed-price models of the traditional datacentre. Budgeting and managing costs in the public cloud is still a worry for many businesses, and there are plenty of horror stories about companies that have been saddled with huge and unexpected costs, says White. Building an effective hybrid cloud ar- chitecture requires bridging a cloud divide that exists at the application, management and storage layers, notes Patrick Smith, EMEA Field CTO, Pure Storage. “While significant technological strides have been made toward standardising at the orches- tration layer, the challenge remains at the storage layer, requiring businesses to look harder to find solutions that unify cloud and deliver a common set of data services across on-premises and cloud, enabling consistent storage capabilities, APIs, and 40www.commsmea.com SPECIAL REPORT HYBRID CLOUD CommsMEA September 2019 One of the most compelling cases for hybrid cloud for many organisations is that it reduces the risk and cost of cloud migration. Ihab Farhoud, director, systems engineering, METNA, VMware Middle East, Turkey, and North Africa “Our approach embeds security into the platform, compartmentalising the network through micro-segmentation, encrypting in-flight data and automatically detect- ing and responding to security threats. It delivers a WAN solution that provides full visibility, metrics, control and automation of all endpoints,” Farhoud adds. When properly configured, hybrid cloud can be an effective networking environ- ment that combines the best parts of multiple cloud deployments to fit an ever- changing and complex IT environment. It allows for leveraging the public cloud when the need arises, but without having to ex- pose sensitive data to the public cloud. As enterprises pursue digital transformation, hybrid cloud offers a path those looking to ease into cloud migration while limiting data exposure and remaining compliant with security protocols and data sover- eignty laws. Despite these challenges, hybrid cloud remains the optimal IT environment for most businesses today. Organisations can build private clouds on-premise or in hosted environments to deliver storage-as- a-service with the performance, availability and ease of use Smith says. Additionally, businesses can run applica- tions in on-prem or hosted environments, yet also run them seamlessly in the public cloud. “Having a single storage platform will deliver consistent storage services, resiliency and APIs meaning applications can be built once and then run anywhere in the hybrid cloud model,” Smith adds. To get a grip costs, White recommends that organisations consider dynamically provisioning and decommissioning system resources based on parameters such as workload and user traffic. “By dynami- cally optimising resource utilisation, you could bring down the operational costs. Advanced dashboards are needed that help [to] establish budgetary controls and track actual cost accruals against planned costs,” he adds. “With a well-designed cloud architec- ture, and a comprehensive hybrid cloud management plan, you can not only keep private and public cloud costs under control, but you can also optimise your spending and completely avoid bill shock,” he says. For security, White of Nutanix recommends three attributes towards an effective security strategy include. First is having in place compre- hensive security-any security plan has to address the network, endpoints and data. For the network, that includes protecting data in motion over the wide-area as well as data flowing between virtual machines in- side a data centre, a gap that typical perim- eter security solutions won’t likely address. Endpoint security should include an agent- less architecture that’s simple for both end users and IT but protects against viruses, malware and intrusions. “Data should be protected according to consistent policies to ensure compliance, with a centralised encryption key management solution to ease administration,” says White. Organisations also need to have in place sound security policies and processes. “Se- curity policies and procedures developed over the years shouldn’t be abandoned in a hybrid cloud environment. Rather, they should be extended to include and apply to the cloud elements. “Customers share much of the responsibility for the security of their cloud workloads with their cloud provider,” he explains. Organisations also require a unified security approach. One way to accomplish that is by using tools that can deal with data located both on-premises and with different cloud providers. In addition, automation is also key to security strategy. Automation should apply not only in responding to security events but to applying security policy in the first place. The only way security really works is with a small set of policies applied centrally and then spread everywhere. Nu- tanix Calm, for example, is an application automation and lifecycle management ap- plication that enables companies to create security rules when an application is devel- oped, then applied every time the application is deployed. “Once you figure out the best way to secure an application, every time someone cre- ates a new instance of the app, the security policies come along with it. It’s a cookie cutter approach that’s important to ensuring security is simple but effective,” White adds. VMware’s software-based approach de- livers a networking and security platform that enables customers to connect, secure and operate an end-to-end architecture to deliver services to the application wherever it may land, says Farhoud. “Our software-based approach enables cloud architects to design and build the policy driven data centre that connects, secures and automates traditional (hypervisor) as well as new microservices-based (contain- er) applications across a range of deploy- ment targets (data centre, cloud).” 91% Say hybrid cloud is ideal IT model 41www.commsmea.com SPECIAL REPORT HYBRID CLOUD CommsMEA September 2019 Got something to say? If you would like to be featured in Backchat, please message: ben.mack@itp.com What we’ve learnt so far. By: Alex King, FireEye executive VP The GDPR one year later The first anniversary of the enforce- ment of the General Data Protection Regulation (GDPR) has come and gone. The two years that preceded the 2018 enforcement date saw an unprecedented scramble by companies examining and altering their practices to try to comply with GDPR and avoid a potential fine of up to 4% of global revenues. Over the last 12 months, that scramble has given way to a more cautious and deliberate pace as regulators develop their process for review- ing the hundreds of thousands of complaints that have already been lodged. To date, there have been a relatively small number of enforce- ment actions, resulting in relatively low fines, as regulators get their arms around GDPR and the most effective ways to enforce it. In the absence of large headlines about closed investigations that result in enormous fines, one of the questions about GDPR now is whether companies will become complacent and downscale their privacy programs. Any retraction is inherently risky, as stale privacy impact assessments or outdated inventories result in incomplete records of processing activities. And One of the questions about GDPR now is whether companies will become complacent and downscale their privacy programs.”Published by and Copyright © 2019 ITP MEDIA GROUP FZ-LLC. MEDIA PO Box 500024, Dubai, UAE Tel: + 971 (0)4 444 3000 www.itp.com Offices in Dubai, Abu Dhabi, London and Mumbai ITP MEDIA GROUP CEO Ali Akawi Executive Director Alex Reeve Group Publishing Director Ian Stokes Group Editorial Director Greg Wilson EDITORIAL Editor Ben Mack Tel: +971 4 444 3120 email: ben.mack@itp.com ADVERTISING Sales Director Andrew Cover Tel: +971 4 444 3502 email: andrew.cover@itp.com ITP LIVE General Manager Ahmad Bashour Tel: +9714 444 3549 email: ahmad.bashour@itp.com PHOTOGRAPHY Senior Photographers Efraim Evidor, Adel Rashid Staff Photographers Aasiya Jagadeesh, Ajith Narendra, Fritz John Asuro, Yuliya Petrovich, Jessica Samson PRODUCTION & DISTRIBUTION Group Production & Distribution Director Kyle Smith Production Manager Basel Al Kassem Production Co-odinator Manoj Mahadevan Image Editor Emmalyn Robles CIRCULATION Head of Circulation Vanessa D’souza Circulation Executive Loreta Regencia MARKETING Director of Awards & Marketing Daniel Fewtrell Marketing & Events Manager Brian McNamara ITP GROUP CEO Ali Akawi CFO Toby Jay Spencer-Davies Subscribe online at www.itp.net/subscriptions The publishers regret that they cannot accept liability for error or omissions contained in this publication, however caused. The opinions and views contained in this publica- tion are not necessarily those of the publishers. Readers are advised to seek specialist advice before acting on information contained in this publication, which is provided for general use and may not be appropriate for the readers’ particular circumstances. The ownership of trademarks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system or transmitted in any form without the permission of the publishers in writing. An exemption is hereby granted for extracts used for the purpose of fair review. incomplete records of processing activi- ties are an obvious sign to regulators that maintenance of a privacy program is lack- ing and likely deserving of a closer look. Another major question is whether com- panies’ claims of compliance will be vetted by third parties or will stand unchallenged until or unless regulators come calling and are not satisfied with what they see. GDPR is also setting the example for enhanced privacy laws in the United States. The California Consumer Privacy Act (CCPA), which is still taking shape, contains similarities with GDPR, includ- ing providing Californians with rights to access personal data collected about them by companies covered under the law. California is not alone, as other states are putting lessons learned from GDPR into legislation that could develop into a contradictory, burdensome patchwork for companies to follow. The GDPR is in its infancy, and undoubtedly there will be changes in its interpretation as we move forward. However, one thing that is clear is that GDPR has already dramatically shaped the approach that thousands of companies take to handling data. Moreover, as the privacy landscape and the regulations governing it evolve, new questions and approaches to data privacy will continue to arise worldwide. 42www.commsmea.com BACKCHAT DATA CommsMEA September 2019Synergising the Mind & Technology Economy The biggest tech show in the Middle East, North Africa & South Asia #GITEX2019 gitex.com#gitexfuturestars futurestarsSales@dwtc.com GTX19_ADVERTS_Media Partner_20.5x27.5cm.indd 18/5/19 4:41 PMNext >