Hybrid Cloud: The Road to GDPR Readiness
The European Union’s (EU) new data privacy law, the GDPR (European Union General Data Protection Regulation), goes into effect May 25th. Today, two years after the GDPR was announced, many Hong Kong CIOs are still unprepared for the compliance regime it will require.
The regulation’s aim is to give EU citizens control over personal data. Even non-EU domiciled companies that possess EU citizen’s personal data must comply or be subject to stiff penalties –up to 4% of global turnover or 20 million Euros – whichever is higher. Hong Kong CIOs need to understand that no matter how big or small their operations are, whether in or outside of the EU, if they want to do business with the EU they must comply. A late start or lack of technical know-how, however, are not defendable excuses.
Hong Kong trade relations with the EU are important. The EU is Hong Kong's second largest trading partner after China. In 2017, EU exports to Hong Kong grew five percent year-on-year to 36.8 billion Euros (HK$353.06 billion), while Hong Kong exported 11.2 billion Euros worth of goods to Europe.
Ramping up for GDPR Readiness
Regardless of a company’s level of GDPR readiness, CIOs need to carry out a gap analysis between their own planned or implemented controls and GDPR’s technical and security requirements. A practical blueprint to execute on the required transformation can then be drawn up based on an audit report of evidenced controls and compliance with GDPR.
For many Hong Kong companies, their CIOs may ultimately recognize that the most pragmatic approach to ensuring GDPR readiness – and compliance, is to explore the use of hybrid cloud. Applying the appropriate security controls to either legacy internal systems or public cloud platforms can be a challenge due to technical limitations or limited availability of the necessary skills within an organization. New cybersecurity concerns have seen many companies planning to move their regulated data from the public cloud to on-premises for better control over its availability, integrity, and security. However, on-premises solutions are just as vulnerable to security breaches if they are not properly designed, implemented and maintained.
A well designed and maintained hybrid cloud solution enables CIOs to achieve the optimum balance between control, compliance, flexibility and cost. Based on our observations, many large and multinational enterprises have already begun to switch to a hybrid cloud solution, such as Azure Stack, to better manage their complex cloud deployment and complement existing legacy environments. Our latest survey conducted by IDG Connect found that at present, only 13.5% of Asian businesses are using Azure Stack. But Hong Kong is expected to see the strongest growth in adoption rate over the next 18 months, according to 61% of our research survey respondents, followed by Malaysia and Singapore at 51% and 49% respectively.
When shifting to hybrid cloud, common challenges CIOs face include how to migrate to the cloud and decisions on where to locate or host the private cloud. Some countries, Singapore for example, require companies to locate their data centers in-country and it is imperative for CIOs to ensure user data is kept on-premise no matter the size of business operation in these countries. Connecting different cloud environments globally while ensuring highly secure connectivity, manageability and control are other challenges CIOs face. Dealing with complex issues as these, often under tight deadlines for compliance goes a long way to explain why the survey tells us 90% of businesses expect that within 18 months they will be partnering with managed services providers (MSPs) to manage IT in-house. MSPs’ global resources and expertise, enable enterprises to keep and manage their regulated user data at the MSPs’ in-country data centers or on their own premises while providing businesses the access they need.
Many industry experts expect the GDPR will quickly establish itself as the de facto global standard for data protection. For Hong Kong CIOs, that will be a two-edged sword of both opportunities and challenges for their companies. Hong Kong companies slow to comply with GDPR put themselves and their lucrative EU business at risk. Worse yet, a misstep in GDPR compliance can mean not just lost business opportunities, but also stiff fines. The clock is ticking. If there are problems that cannot be solved in-house, or in an efficient and timely manner, CIOs should look to managed services providers now. Without a robust hybrid cloud strategy in place today, it will be difficult to meet GDPR compliance in time to avoid violations.
NTT Communications Managed Services
Download the Survey Whitepaper for more insights on how Asian businesses overcome the IT challenges and plan for a successful transformation!