Intralinks Uses Hybrid Computing to Blaze a Compliance
Trail Across the Regulatory Mine Field of Data Sovereignty
Transcript of a sponsored discussion on how regulations around data sovereignty are forcing
enterprises to consider new approaches to data, intellectual property, and cloud collaboration
services.
Listen to the podcast. Find it on iTunes. Get the mobile app. Sponsor: Hewlett
Packard Enterprise.
Dana Gardner: Hello, and welcome to the next edition of the Hewlett Packard Enterprise
(HPE) transformation interview series. I’m Dana Gardner, Principal Analyst at Interarbor
Solutions, your host and moderator for this ongoing discussion on IT
transformation and innovation -- and how it's making an impact on people's
lives.
Our next hybrid computing IT case study discussion explores how
regulations around data sovereignty are forcing enterprises to consider new
approaches to data, intellectual property, and cloud collaboration services.
As organizations move beyond their on-premises data centers, regulation and data sovereignty
issues have become as important as the technical requirements for their infrastructure and
applications.
To learn how organizations have been able to get the best of data control and protection -- along
with business agility -- from hybrid cloud models, we're joined Richard Anstey, CTO at
Intralinks, and he is based in London. Welcome, Richard.
HPE Cloud
HPE Helion
Click Here to Learn More
Richard Anstey: Thank you, Dana. Nice to be here.
Gardner: Good to have you with us. Tell us about the trends making data sovereignty so
important as a consideration when organizations look at how and where to manage, house, and
store their data.
Anstey: This is becoming a much more important topic. It has obviously been in the news very
much recently in association with the Safe Harbor regulation having been effectively annulled by
the European courts.
Page 1
Gardner

This is the regulators catching up with the Internet. The Internet has been somewhat unregulated
for a long time, and quite rightly, the national and regional authorities are putting in place the
right protections to ensure that citizens’ data are looked after and treated with
the respect they deserve.
So it's becoming more important for companies to understand the regulatory
environment, even those organizations that did not previously feel that they
were subject to such regulation.
Gardner: So the pendulum seems to have swung from the Wild West Internet
over toward greater security oversight. Do we expect more laws across more
jurisdictions to make placement of data more restricted? Are we seeing this pendulum swing
more toward regulation?
Anstey: Yes, it’s certainly swinging that way, and the big one for the European Region of course
is the General Data Protection Regulation (GDPR), which is the European Commission initiative
to unify the regulations, at least across the European Union. But the pendulum is swinging
towards a greater level of regulation.
Gardner: How about in Asia-Pac and North America, what’s happening there?
Global issue
Anstey: Post-Snowden, this has become much more of an issue globally, and certainly across
Apac there have been some very specific regulations in place for sometime, Singapore Banking
Authority being the famous one, but globally this is becoming much more of an important issue
for companies to be aware of.
Gardner: So while the regulatory atmosphere is becoming more important for
companies to keep track of, perhaps more onerous for them as businesses is to
make sure they comply. The Internet is still a very powerful
tool and people want to take advantage of cloud models and
data life cycle models and take advantage of hybrid
infrastructure. Tell us a little bit about Intralinks, and how can organizations
have the best of both?
Anstey: Intralinks is in the fortunate position of having been offering cloud services in highly
regulated environments for almost 20 years now. Back when we were founded, which by the way
was really before most people would do their shopping online, Intralinks was operating things
called Virtual Data Rooms to facilitate very high value, market-moving transactions through
effectively a cloud service. We didn’t call it cloud at that time; we called it software as a service
(SaaS).
Page 2
Anstey

But Intralinks has come from this environment. We've always been operating in highly regulated
environments, and so we're able to bring that expertise that we have built up over the last 20
years or so to bear on solving this problem for a wider range of organizations as the regulation
really steps in to control a greater part of the services delivered over the Internet today.
Gardner: In a nutshell, how is it that you're able to do, in a highly regulated environment, what
people think of as putting everything up in the cloud?
Anstey: Well, in a nutshell, it may be tricky, because there's lot to it. There's a lot of technology
that goes into this. And there are a lot of dimensions around which you need to consider this
problem. It's not just about the physical location of data. Although that may be important, there
are other dimensions. Physical location may be one thing to think about, but there's another thing
called logical location.
The logical location is defined as the location of the control point of the encryption as opposed to
the location of highly encrypted data, which many people would argue is somewhat irrelevant. If
it's sufficiently encrypted, it doesn't matter where it is. The location of the key is actually more
important than who controls that key, and more important than where your encrypted data lives.
In fact, we all implicitly accept that principle. When you use your online bank, you don't know
the route that that information takes between your home computer and the bank. It may well be
routed across the Atlantic, based on conditions of the Internet. You just don't know, and yet we
implicitly accept that because it's encrypted in transit, it doesn't really matter what route it takes.
So there is the physical location and the logical location, but there is still also the legal location,
which might be to what jurisdiction this information pertains. Perhaps it pertains to a citizen of a
certain country, and so there is a legal location angle to consider.
And there is also a political location to consider, which may be, for example, the jurisdiction
under which the service provider is operating and where the headquarters of that service provider
is.
Four dimensions
There are four dimensions already, but there is another one as well, which is the time
dimension. While it may be suitable for you to share information with a third party in perhaps a
different jurisdiction for a period of time, the moment that business agreement comes to an end,
or perhaps the purpose or the project for which that information was being used has come to an
end, you also need to be able to clear it up.
You need to tidy up and remove those things over time and make sure that just because that
particular information-sharing activity was valid at one point, it doesn't mean that that’s true
forever, and so you need to take the responsibility to clear it up. So there are technologies that
you can bring to bear to make that happen as well.
Page 3

Gardner: It sounds as if there is really a full spectrum, a whole marketplace of different
solutions and approaches to suit whatever particular issues an organization needs in order to
satisfy the regulatory, audit, and other security requirements.
Tell us about how you have been working with HPE to increase this marketplace and solve data
sovereignty issues as they become more prominent in more places?
Anstey: The thing that HPE really helps us with is the fact that while we've been able for quite a
long time to have data centers in multiple regions, as the regulation and the requirements of our
customers grow, we need to be even more agile with bringing new workloads up, running in
different locations.
With HPE Helion OpenStack we're able to spin up a new environment, a new data center
perhaps, or a new service to run in a new location far more quickly and more cost effectively
than we would otherwise be if we were starting from the ground-up.
HPE Cloud
HPE Helion
Click Here to Learn More
Gardner: So it's important to not just be able to take advantage of cloud conceptually, but to be
able to move those clouds, have the fungibility, if you will, of a cloud infrastructure, a
standardized approach that can be accepted in many different data-center locations, many
different jurisdictions?
Is that the case, and what can we expect for the depth and reach of your services? Are you truly
global at this time or where will you be headed next?
Anstey: We are certainly truly global. We've been operating right across the world for a number
of years now. The key elements that we require from this infrastructure are things like workload
portability and the ability to plug into additional service providers at any time we need to be able
to create a truly distributed platform.
In order to do that, you need some kind of cloud operating system, and that's what we feel we get
from the HPE Helion OpenStack technology. It means that we have become much more portable
to move our services around whenever we need to.
Gardner: When you're an organization and you know that there's that portability, that there's a
true global footprint for your data that you can comply with the regulations regardless of how far
the pendulum moves, what does that do for you as a business, other than perhaps scope and
scale? Are there other quantitative attributes that we can point to?
How does this, from a business perspective, benefit your bottom line? Are there perhaps risk
issues that are reduced? Are there availability and addressable market issues that you can pursue?
How does it translate into business terms?
Page 4

Enormous uncertainty
Anstey: The key thing to realize is that there has been an enormous amount of uncertainty, and
in a way, the closure of the Safe Harbor agreement has been a good thing in the sense that there
was always some doubt over its applicability and its suitability. If you'll forgive the pun, there
was a cloud hanging over it. When you remove that, you still have to get a little bit more
certainty,"Well, that thing definitely doesn't work and so we need to have a different structure."
Nevertheless, what happens in that environment of uncertainty is that people start to play it safe
and they start to think, "This cloud thing is a bit scary. Maybe we should just do it all ourselves,
or maybe we should only consider private cloud deployments." When you do that, you cut off the
huge options and agility that's available from using the cloud to its full extent.
What would be a bad thing is if, as the pendulum swings, as you described, towards regulation,
people retreat and give up and say, "This Internet thing, we don’t want to do that. We're going to
reverse the trends and the huge technological advances that we've been able to leverage over the
last 10 years of growth of cloud."
We believe that by building technology in the way that we are able to construct it, with all of
those options associated with ways in which you can demonstrably prove that you are
responsibly looking after data over time, you don't have to sacrifice the agility of the cloud in
order to adhere to the regulations as they come in.
Gardner: Richard, we've talked about data sovereignty from a geographic perspective, but how
about vertical industries? Are there certain industries that really require that global reach, the
agility of moving in and out of markets, but also need to be highly regulated?
Can you think of several examples perhaps of the low-hanging fruit in a general economy of
vertical industries where this is most important right now?
Anstey: The vast majority of the global banks are our customers already. We also have a very
large footprint in the life sciences, which often has a similar nature in terms of the level of
regulation, especially if you're dealing with patient data in the field of clinical trials, for example.
But the reality is that, as this pendulum swings, the net is cast wider and wider for the regulation,
to the point where any company that deals with personal data and needs to use that data for
legitimate business purposes will now be covered by regulation. This isn't just guidance now.
When we get through to the next level of EU regulation, there are some serious fines, including
criminal penalties for executives and fines of up to two percent of global revenue, which really
makes people wake up. It will make a far wider group of companies wake up than the previous
ones who knew that they were operating in a strict regulatory framework.
Page 5

Gardner: So in other words, this probably is going to pertain to many more industries than they
may have thought it being just for finance, for example. This is really something that’s going to
hit home for just about everybody.
Anstey: Absolutely. Every industry becomes a regulated industry at that point, when to do
business you need to handle the type of data that gets covered by the regulation, especially if you
are operating in the EU, but as we described, more to follow.
Gardner: I'm afraid we will have to leave it there. We've been exploring issues around data
sovereignty and how it's forcing enterprises to consider new approaches to data, intellectual
property and cloud collaboration.
HPE Cloud
HPE Helion
Click Here to Learn More
We have heard from Intralinks, based in New York, about how they have developed Virtual Data
Rooms and are working with Hewlett-Packard Enterprise to extend their services to virtually any
market around the world.
So a big thank you to our guest. We've been here with Richard Anstey, CTO at Intralinks. Thank
you, Richard.
Anstey: Thank you very much.
Gardner: And a big thank you as well to our audience for joining us for this Hewlett Packard
Enterprise transformation and innovation interview. I’m Dana Gardner, Principal Analyst at
Interarbor Solutions, your host for this ongoing series of HPE-sponsored discussions. Thanks
again for listening, and come back next time.
Listen to the podcast. Find it on iTunes. Get the mobile app. Sponsor: Hewlett
Packard Enterprise.
Transcript of a sponsored discussion on how regulations around data sovereignty are forcing
enterprises to consider new approaches to data, intellectual property, and cloud collaboration
services. Copyright Interarbor Solutions, LLC, 2005-2016. All rights reserved.
You may also be interested in:
• Big data enables top user experiences and extreme personalization for Intuit TurboTax
• Feedback loops: The confluence of DevOps and big data
• Spirent leverages big data to keep user experience quality a winning factor for telcos
• Powerful reporting from YP's data warehouse helps SMBs deliver the best ad campaigns
• IoT brings on development demands that DevOps manages best, say experts
• Big data generates new insights into what’s happening in the world's tropical ecosystems
Page 6

• DevOps and security, a match made in heaven
• How Sprint employs orchestration and automation to bring IT into DevOps readiness
• How fast analytics changes the game and expands the market for big data value
• How HTC centralizes storage management to gain visibility and IT disaster avoidance
• Big data, risk, and predictive analysis drive use of cloud-based ITSM, says panel
• Rolta AdvizeX experts on hastening big data analytics in healthcare and retail
• The future of business intelligence as a service with GoodData and HP Vertica
• Enterprises opting for converged infrastructure as stepping stone to hybrid cloud
Page 7