Join Storage Switzerland and Tegile Systems for our on demand webinar, “How to Design Primary Storage for GDPR,” to learn how design primary storage architectures in the GDPR era. The data center now has three realities to deal with.
Powerful Google developer tools for immediate impact! (2023-24 C)
Webinar: How to Design Primary Storage for GDPR
1. Webinar
How to Design Primary Storage for GDPR
In this Webinar
You Will Learn About:
1. Meeting the applications demand for more and
more performance
2. Meeting the immediate disaster recovery
demands of GDPR
3. Meeting the long-term data retention demands
of GDPR
For audio playback and Q&A go to: http://bit.ly/GDPRStorage
2. Our Speakers
Narayan Venkat, Chief Marketing Officer at Tegile Systems is a highly passionate and experienced
technology professional with over 20+ years of experience in the IT industry. Experienced executive
with a demonstrated history of success in the computer systems industry. Skilled in Enterprise
Software and Storage, Go-to-market Strategy, Demand Generation, and Digital Marketing. Extensive
start-up leadership experience, great team builder, and accomplished marketer with a MBA focused in
Marketing, Finance from The University of Chicago - Booth School of Business.
George Crump is the founder of Storage Switzerland, the leading storage analyst focused on the
subjects of big data, solid state storage, virtualization, cloud computing and data protection. He is
widely recognized for his articles, white papers, and videos on such current approaches as all-flash
arrays, deduplication, SSDs, software-defined storage, backup appliances, and storage networking.
He has over 25 years of experience designing storage solutions for data centers across the US.
3. What is GDPR? ● EU Regulation focused on data
protection and management of personal
data
● Impacts ANY business doing business in
the EU
● Enforceable after May 25th 2017
● Does not require national governments to
pass any enabling legislation
4. Key Factors
● Right of Access
● Right of Erasures
● Data Portability
● Data Protection
5. GDPR and Storage
● Heavy Security Focus
● Encryption and decryption operations
carried out locally, not by remote
service
● Keys and data must remain in the
power of the data owner if any privacy is
to be achieved
● Outsourced data storage on remote
clouds is practical and relatively safe, as
long as only the data owner, not the
cloud service, holds the decryption keys
6. GDPR and Data Protection
● Largely overlooked is Article 32 “The Security
of Processing”
● “the ability to ensure the ongoing
confidentiality, integrity, availability and
resilience of processing systems and services”
● “the ability to restore the availability and access to personal data in a timely
manner in the event of a physical or technical incident”
● “a process for regularly testing, assessing and evaluating the effectiveness of
technical and organisational measures of ensuring the security of the
processing”
7. The “Timely
Manner”
Problem
● The problem is
“Timely Manner” is not
defined anywhere!
● Previous EU
regulations gave
seven days, but
“timely manner”
implies something far
less
8. The Data Protection
Problem
● Most organizations count on backup for
both day to day recovery and for long
term data retention
● Typical backup and recovery takes
hours-days to recover systems
● Retention is challenged by inability to
find data
● Further challenged by inability to delete
discrete data sets
9. Meanwhile… Users still
want High Performance
NOW!
● All-flash is becoming the dominant
architecture
● But not ideal for data protection and data
retention
● Yet many primary storage systems have
attributes that will help with GDPR
compliance...
10. Modern Storage and
GDPR Compliance
● Instant and unlimited
snapshots
● Rapid full volume copies
● Improving search tools
● Replication
12. Two or Three
Storage Systems
● System A on-premises to service
production applications
● System B off-site to cover DR
requirement
● Optional System C on-premises to
protect from more common disaster
● Each set with a different snapshot
schedule to protect from
ransomware and other cyber-
attacks
A
C
B?
13. Overcoming the Expense of All-Flash
● Don’t do All-Flash
● System B and System C
should be Hybrid (HDD and
Flash)
○ Assumes vendor has
flash and hybrid
options and can
replicate between them
● Amount of flash in each
system will vary
14. The Role of
Data Protection
● The backup of last
resort
● Can service retention
requests but
○ An archive
system is a much
better choice
15. Solution
● Invest in Primary Storage
instead / with backup
● Change backups role to
backup of last resort
● Invest in archive solution to
provide search and deletion
assurance