Computing reminded the enterprise of some of the stickier points of GDPR this week, after appearing on HelpSystems' web seminar Preparing for GDPR: The First Steps to GDPR Compliance.

As host Donnie MacColl, director of EMEA technical services at HelpSystems, worked his way through GDPR's "eight rights", Computing's Peter Gothard supplied commentary on the realities of complying with the regulations, which come into force on 25 May 2018.

MacColl reminded viewers that the "Right to be informed" covers first contact' details as specific as those made between firms and customers through phone calls or websites.

"You have to be notified either by the privacy policy - which will now need to be updated for GDPR - that has to be concise and intelligible, how it's going to be stored and how long it's going to be stored," said MacColl.

"[So] if you call an insurance company and they say they're going to record [the call], they'll have to give you their policy."

MacColl also cited the example on "Right to access" of his own mortgage application having his wife recorded as an "interested party".

"Under the new rules," explainexcd MacColl, "that would have to be made clear."

As for the "Right to rectification" and the "Right to erasure" - i.e. the right to be forgotten' goes, Gothard had a warning:

"While i[these two points] are common sense and all very good - because it just makes sense to have control over our own data - from CIOs and also lawyers I've spoken to over the past year or so, the real problem is how mired organisations are going to be in their old way of doing things, and how you're going to keep finding legacy processes in place that you'd never thought of, that may actually be blocking these processes from happening [beyond your direct control].

"So it might be that while a company undertsands it needs to rectify or remove data, it's held in a third party's servers or in a place you can't easily get to it."

Thus getting to this data will require impressing the requirements of GDPR on a number of business partners, and "like untangling a ball of wool," observed Gothard.

"In such a shot amount of time, it's the part of GDPR that's probably going to require the most thought really," concluded Gothard.

Visit link:
Get talking to your third party cloud storage partners now, as GDPR is coming - http://www.computing.co.uk

When Airtasker hit the magic hockey stick growth spurt it had always wanted, the Australian crowdsourcing service provider realised it needed to change its storage strategy.

This guide offers a comprehensive survey of the hybrid flash storage market. We give the lowdown on hybrid flash products from the big six storage vendors and the startups and specialists.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

When it was first launched in 2012, Airtasker easily attracted 45,000 users and had put through A$1m (US$760,000) worth of jobs in four years. Today, the platform boasts some 950,000 users.

We have been growing really fast over the past 18 months, said Paul Keen, chief technology officer at Airtasker, which has an annualised revenue run rate of A$85m for the 2017 calendar year. Eighteen months ago, that would have been close to A$15m.

Much of Airtaskers success may be attributed to its emphasis on building trust between job posters and workers who bid for 65,000 jobs each month, from transcribing videos to cleaning bedrooms.

Through the platform, workers will quote for jobs, while job posters award jobs based on the quotes and the workers task history, profile and reputation rating. Airtasker takes a 15% cut of the payment for completed jobs.

What we find now is that people assign and bid for tasks based on reputation we have 400,000 reviews on our site, said Keen. "When you have plenty of reviews to go by, you're likely to choose the person whos not necessarily the cheapest, but the best at a job.

Keen joined Airtasker a year ago when the company was climbing through its hockey stick growth curve. He had to make sure the companys technology enabled rather than impeded growth.

Then, Airtasker was using four production servers in a managed environment. They were about as powerful as a Macbook Pro, he said. It was a pretty basic scenario. We had a managed NAS (network attached storage), but we had no idea what it was really doing or when it would run out of storage.

Keen had already seen the problems that a shared NAS system could bring from his experience at his previous company. When that NAS went down, the whole site went down and theres nothing you could do, he said. Youve got to wait several hours for the environment to come back up.

To avoid similar issues, and the onerous task of managing a NAS system, Airtasker decided to move to Amazon Web Services (AWS), where infrastructure management would be taken care of. I dont know why you would want to manage storage nowadays when there are enough providers out there that can do it for you, said Keen.

Keen liked the fact that cloud service providers such as AWS offer snappy elasticity that ensures Airtaskers storage capacity scales up as the business grows.

Recently, we had to go from half a gigabyte of database storage to two terabytes, he said. It took just two clicks of a button for that to happen with zero downtime. Half an hour later, my entire storage environment was moved to the new environment.

The initial move to AWS, however, took more than two months, as Airtasker implemented an immutable infrastructure strategy, where IT components are replaced rather than changed when managing services and deploying software.

Immutable infrastructure is an approach that is only possible with cloud platforms, which have the automation capabilities required to build and deploy components. Airtasker worked with Rackspace on the deployment scripts.

Instead of upgrading our storage environment, we build a separate environment next to it, do some testing and switch users over. Once we are comfortable with the new environment, we destroy the old one, said Keen.

By building from scratch, Keen said he is now able to grow the companys storage capacity in an elastic manner, given that he knows exactly what is going on in the deployment script.

The best part is that this approach is invisible to Airtaskers developers, who need to work fast and focus on customer needs instead of firefighting. Theres no value in building storage environments, which should just be there for customers, said Keen.

Keen concedes there is supplier lock-in with using AWS, but it doesnt bother him. This is my third AWS migration and I have come to the conclusion that if you want to get the best out of these public clouds, theres a whole degree of supplier lock-in, he said.

Outside of IT, Airtaskers employees use Google Drive and Dropbox for cloud storage. We like that theres a lot of security around those services, and its the providers responsibility to ensure governance. We also store all the logs, but thats more for audit purposes, he added.

See more here:
Australian crowdsourcing platform turns to cloud storage to fuel growth - ComputerWeekly.com

If you have a new app or use case requiring scalable, on-demand or pay-as-you-go storage, one or more public cloud storage services will probably make your short list. It's likely your development team has at least dabbled with cloud storage, and you may be using cloud storage today to support secondary uses such as backup, archiving or analytics.

Every cloud storage option has its pros and cons. Depending on your specific needs, the size of your environment, and your budget, its essential to weigh all cloud and on-prem options. Download this comprehensive guide in which experts analyze and evaluate each cloud storage option available today so you can decide which cloud model public, private, or hybrid is right for you.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

While cloud storage has come a long way, its use for production apps remains relatively limited. Taneja Group surveyed enterprises and midsize businesses in 2014 and again in 2016, asking whether they are running any business-critical workloads (e.g., ERP, customer relationship management [CRM] or other line-of-business apps) in a public cloud (see "Deployments on the rise"). Less than half were running one or more critical apps in the cloud in 2014, and that percentage grew to just over 60% in 2016. Though cloud adoption for critical apps has increased significantly, many IT managers remain hesitant about committing production apps and data to public cloud storage providers.

Concerns about security and compliance are big obstacles to public cloud storage adoption, as IT managers balk at having critical data move and reside outside data center walls. Poor application performance, often stemming from unpredictable spikes in network latency, is another top-of-mind issue. And then there's the cost and difficulty of moving large volumes of data in and out of the cloud or within the cloud itself, say when pursuing a multicloud approach or switching providers. Another challenge is the need to reliably and efficiently back up cloud-based data, traditionally not well supported by most public cloud storage providers.

How can you overcome these kinds of issues and ensure your public cloud storage deployment will be successful, including for production workloads? We suggest using a three-step process to assess, compare and contrast providers' key capabilities, service-level agreements (SLAs) and track records so you can make a better informed decision (see: "Three-step approach to cloud storage adoption").

Let's examine specific security, compliance and performance capabilities as well as SLA commitments you should look for when evaluating public cloud storage providers.

Maintaining cloud data storage security is generally understood to operate under a shared responsibility model: The provider is responsible for security of the underlying infrastructure, and you are responsible for data placed on the cloud as well as devices or data you connect to the cloud.

All three major cloud storage infrastructure-as-a-service providers (Amazon Web Services [AWS], Microsoft Azure and Google Cloud) have made significant investments to protect their physical data center facilities and cloud infrastructure, placing a particular emphasis on securing their networks from attacks, intrusions and the like. Smaller and regional players tend also to focus on securing their cloud infrastructure. Still, take the time to review technical white papers and best practices to fully understand available security provisions.

Though you will be responsible for securing the data you connect or move to the cloud, public cloud storage providers offer tools and capabilities to assist. These generally fall into one of three categories of protection: data access, data in transit or data at rest.

Data access: Overall, providers allow you to protect and control access to user accounts, compute instances, APIs and data, just as you would in your own data center. This is accomplished through authentication credentials such as passwords, cryptographic keys, certificates or digital signatures. Specific data access capabilities and policies let you restrict and regulate access to particular storage buckets, objects or files. For example, within Amazon Simple Storage Service (S3), you can use Access Control Lists (ACLs) to grant groups of AWS users read or write access to specific buckets or objects and employ Bucket Policies to enable or disable permissions across some or all of the objects in a given bucket. Check each provider's credentials and policies to verify they satisfy your internal requirements. Though most make multifactor authentication optional, we recommend enabling it for account logins.

Data in transit:To protect data in transit, public cloud storage providers offer one or more forms of transport-level or client-side encryption. For example, Microsoft recommends using HTTPS to ensure secure transmission of data over the public internet to and from Azure Storage, and offers client-side encryption to encrypt data before it's transferred to Azure Storage. Similarly, Amazon provides SSL-encrypted endpoints to enable secure uploading and downloading of data between S3 and client endpoints, whether they reside within or outside of AWS. Verify that the encryption approach in each provider's service is rigorous enough to comply with relevant security or industry-level standards.

Data at rest:To secure data at rest, some public cloud storage providers automatically encrypt data when it's stored, while others offer a choice of having them encrypt the data or doing it yourself. Google Cloud Platform services, for instance, always encrypt customer content stored at rest. Google encrypts new data stored in persistent disks using the 256-bit Advanced Encryption Standard (AES-256) and offers you the choice of having Google supply and manage the encryption keys or doing it yourself. Microsoft Azure, on the other hand, enables you to encrypt data using client-side encryption (protecting it both in transit and at rest) or to rely on Storage Service Encryption (SSE) to automatically encrypt data as it is written to Azure Storage. Amazon's offering for encrypting data at rest in S3 is nearly identical to Microsoft Azure's.

Also, check for data access logging -- to enable a record of access requests to specific buckets or objects -- and data disposal (wiping) provisions, to ensure data's fully destroyed if you decide to move it to a new provider's service.

Your provider should offer resources and controls that allow you to comply with key security standards and industry regulations. For example, depending on your industry, business focus and IT requirements, you may look for help in complying with Health Insurance Portability and Accountability Act, Service Organization Controls 1 financial reporting, Payment Card Industry Data Security Standard or FedRAMP security controls for information stored and processed in the cloud. So be sure to check out the list of supported compliance standards, including third-party certifications and accreditations.

Unlike security and compliance, for which you can make an objective assessment, application performance is highly dependent on IT environment, including cloud infrastructure configuration, network connection speeds and the additional traffic running over that connection. If you're achieving an I/O latency of 5 to 10 milliseconds running with traditional storage on premises, or even better than that with flash storage, you will want to prequalify application performance before committing to a cloud provider. It's difficult to anticipate how well a latency-sensitive application will perform in a public cloud environment without actually testing it under the kinds of conditions you expect to see in production.

Speed of access is based, in part, on data location, meaning expect better performance if you colocate apps in the cloud. If you're planning to store primary data in the cloud but keep production workloads running on premises, evaluate the use of an on-premises cloud storage gateway -- such as Azure StorSimple or AWS Storage Gateway -- to cache frequently accessed data locally and (likely) compress or deduplicate it before it's sent to the cloud.

To further address the performance needs of I/O-intensive use cases and applications, major public cloud storage providers offer premium storage capabilities, along with instances that are optimized for such workloads. For example, Microsoft Azure offers Premium Storage, allowing virtual machine disks to store data on SSDs. This helps solve the latency issue by enabling I/O-hungry enterprise workloads such as CRM, messaging and other database apps to be moved to the cloud. As you might expect, these premium storage services come with a higher price tag than conventional cloud storage.

Bottom line on application performance: Try before you buy.

A cloud storage service-level agreement spells out guarantees for minimum uptime during monthly billing periods, along with the recourse you're entitled to if those commitments aren't met. Contrary to many customers' wishes, SLAs do not include objectives or commitments for other important aspects of the storage service, such as maximum latency, minimum I/O performance or worst-case data durability.

In the case of the "big three" providers' services, the monthly uptime percentage is calculated by subtracting from 100% the average percentage of service requests not fulfilled due to "errors," with the percentages calculated every five minutes (or one hour in the case of Microsoft Azure Storage) and averaged over the course of the month.

Typically, when the uptime percentage for a provider's single-region, standard storage service falls below 99.9% during the month, you will be entitled to a service credit. (Though it's not calculated this way for SLA purposes, 99.9% availability implies no more than 43 minutes of downtime in a 30-day month.) The provider will typically credit 10% of the current monthly charges for uptime levels between 99% and 99.9%, and 25% for uptime levels below 99% (Google Cloud Storage credits up to 50% if uptime falls below 95%). Microsoft Azure Storage considers storage transactions failures if they exceed a maximum processing time (based on request type), while Amazon S3 and Google Cloud Storage rely on internally generated error codes to measure failed storage requests. Note that the burden is on you as the customer to request a service credit in a timely manner if a monthly uptime guarantee isn't met.

Also, carefully evaluate the SLAs to determine whether they satisfy your availability requirements for both data and workloads. If a single-region service isn't likely to meet your needs, it may make sense to pay the premium for a multi-region service, in which copies of data are dispersed across multiple geographies. This approach increases data availability, but it won't protect you from instances of data corruption or accidental deletions, which are simply propagated across regions as data is replicated.

With these guidelines and caveats in mind, you can better assess whether public cloud storage makes sense for your particular use cases, data and applications. If public cloud storage providers' service-level commitments and capabilities fall short of meeting your requirements, consider developing a private cloud or taking advantage of managed cloud services.

Though public cloud storage may not be an ideal fit for your production data and workloads, you may find it fits the bill for some of your less demanding use cases.

Companies move toward public cloud storage

Evaluate all variables in the cloud storage equation

Public, private or hybrid? What's the right cloud storage for you?

Original post:
Overcome problems with public cloud storage providers - TechTarget

Today's highlighted deal comes from our Software section of Neowin Deals, where it's your last chance to save 87% off* a lifetime subscription to pCloud Premium Cloud Storage. Save, share and enjoy even your largest files quickly and securely with pCloud.

You've got too many files in your life to effectively manage on just one device, which is where pCloud comes in handy. A supremely secure web storage space for all of your photos, videos, music, documents, and more, pCloud gives you an easily accessible place to store your valuables without taking up any precious data on your devices. With unrivaled transfer speed and security, pCloud makes saving and sharing memories extremely easy.

For specifications, and license info please click here.

A lifetime license to pCloud Premium Cloud Storage normally represents an overall recommended retail pricing* of $478.80, but it can be yours for just $59.99 for a limited time, a saving of $418.81.

Stick with Neowin Deals and earn credit or even deeper discounts.

Get this deal or learn more about it | View more discounted offers in Online Courses

That's OK. If this offer doesn't interest you, why not check out our giveaways on the Neowin Deals website? There's also a bunch of freebies you can check out here.

Or try your luck on The Ultimate Entertainment Center Giveaway. All you have to do is sign up to enter this giveaway.

How can I disable these posts? Click here.

Disclosure: This is a StackCommerce deal or giveaway in partnership with Neowin; an account at StackCommerce is required to participate in any deals or giveaways. For a full description of StackCommerces privacy guidelines, go here. Neowin benefits from shared revenue of each sale made through our branded deals site, and it all goes toward the running costs. *Values or percentages mentioned above are subject to StackCommerces own determination of retail pricing.

Read this article:
Last chance to get a lifetime subscription to pCloud Premium Cloud Storage for just $59.99 - Neowin