I’ve spoken with a lot of people about data compliance, the importance of knowing what data you have, where it is, who is using it and how. This knowledge is not only crucial, but it needs to be integral, a modern data platform should be smart enough to understand data, classify and act upon it as needed when it is written. To date, this usually has required the integration of multiple solutions, when really, what would be ideal is that our storage repositories natively provide insight into our data.
There have been attempts at this before, but these have often needed a leap of faith to move critical business data to a storage appliance provided by a perceived “niche” vendor, that is perhaps about to change as NetApp takes some tentative steps along this route with their soon to be released Cloud Compliance product.
Cloud Compliance has developed via the acquisition of Cognigo and provides native governance and compliance reporting on NetApp’s Cloud-based storage repositories.
What it is
Cloud Compliance is a service designed to supplement NetApp’s Cloud Volumes ONTAP (CVO) service, providing native compliance reporting to any CVO data repository. As data is written into your CVO volume the compliance engine studies it and reports on it and places it in a classification category highlighting where you may hold sensitive or “risky” information that you need to understand or better secure.
There is also the ability to generate more detailed reports that tell you which files contain the sensitive information and their location, as well as the ability to carry out data subject searches, building queries from which you can report on all instances of data that contains the requested information.
What it isn’t
The dashboards, reports and subject searches are useful and fast, however, this is very much a version 1.0 release and is restricted to these capabilities. For example, it does not allow for automation or remediation activities based on the information found and does not provide much in the way of customisations such as creating your own data classifications. There are also no integrations currently with third-party platforms like Office 365 or on-premises data stores.
What it does deliver
While it has limitations, what it does bring is extremely important when it comes to how we manage data. The need for insight into our data is a crucial part of the modern data platform but is usually something that comes at additional cost and complexity, which in turn can limit many organisations ability to adopt this critical capability. To have this both built-in and available as a service is hugely useful, making it both easier to make informed decisions about our data as well as, potentially, more accessible.
Using it as part of your plan
While this is a NetApp product designed to offer insights into data stored on Cloud Volumes ONTAP volumes, it doesn’t mean that it is unusable for those who don’t have CVO or even have NetApp at all as part of their infrastructure.
While the easiest way to exploit the technology is to migrate your unstructured data to a CVO instance inside AWS, Azure or GCP, this may not be ideal or realistic. However, this is where NetApp’s data fabric strategy can be valuable as it is designed to make it easy for you to move data around locations and utilise services where and when you need them.
For example, if you have NetApp in your datacentre, you can use the SnapMirror engine to replicate your data into a CVO repository, run compliance reporting against it, then either choose to maintain this and update regularly or if you just wanted a one-time scan, mirror the data to the public cloud, run the report and then destroy the repository.
But if you’re not a NetApp customer then surely this isn’t for you? No, it really doesn’t matter, If you want to move data from any SMB or NFS repository you can use NetApp’s Cloud Sync service to move it into the CVO repository, run the reports and then, in exactly the same way, either maintain the copy and keep it in sync or destroy it.
This is a great example of NetApp exploiting data portability, allowing you to move data to where you need it to gain benefit from a cloud service and then choose whether to maintain it or not.
While I don’t tend to write “product reviews” Cloud Compliance, I believe, is not only a really nicely executed bit of technology, it provides a powerful and viable option for organisations of all types, to start to get crucial insight into their unstructured data sets, something that is core to a modern data strategy.
While Cloud Compliance is limited in this initial release and doesn’t have the scope of specialist data governance tools, if you want to quickly understand your data, the type of information it holds, its classifications, sensitivity and the risk this poses then Cloud Compliance is a smart, simple tool, available as a service, which you can consume as you need it for as long as you need it, whether you use NetApp in your storage infrastructure or not.
It will be interesting to see how this solution develops and if this encourages other vendors to follow suit, but insight into our data is crucial and it been offered as a native capability inside a storage solution is a great step forward.
You can find out more about NetApp Cloud Compliance here.
One thought on “Cloudy Compliance by Default”
Great post Paul. I may not be very objective but this solution is definitely a new approach to privacy requirements.