Cloudian supports Calligo development of GDPR-compliant storage services

Cloudian supports Calligo development of GDPR-compliant storage services

Calligo – The trusted cloud

Calligo is a data optimisation and privacy specialist, offering mid-sized companies the highest levels of data privacy and security, application performance guarantees, commercial flexibility and personalised support. It has data centres in numerous global locations, including the UK, Jersey, Guernsey, Bermuda, Singapore, Zurich and Geneva.

The company offers a range of cloud-based managed services, including Infrastructure-as-a-Service (IaaS) and Software-as-a-Service (SaaS) products. Each offering is underpinned by a strong focus on privacy, including supporting clients’ needs under the new EU General Data Protection Regulation (GDPR). Client workloads include financial, insurance, legal and online gaming applications.

Background

In response to a growing customer demand for object storage services, Calligo partnered with Cloudian, a leader in enterprise object storage systems, to provide an S3-compatible service. Cloudian was chosen for its high-degree of S3 API compatibility and rich service provider feature set, which allowed for easy integration and management.

Calligo deployed a fault-tolerant, disaster-resilient service 18 months ago which was made up of Cloudian HyperStore appliances and Lenovo server infrastructure, with three nodes running across two data centres. The result was a cost-effective cloud storage solution that is highly S3 compatible and easy to use.

According to Julian Box, Chief Executive Officer at Calligo, S3 compatibility for its storage proved to be a significant benefit for Calligo’s clients, as many of them have applications and other third party services that already support the S3 API. “We evaluated other S3-compatible products and Cloudian’s HyperStore came out top with its market-leading S3-compatibilty and easy integration with other cloud services that allowed us to accelerate the implementation of additional services.”

Box added that Cloudian’s support for GDPR-additive features provided a further catalyst to deploy Cloudian HyperStore. The end result is a global, service-focused consultancy service alongside a portal-based cloud platform, specifically to help Calligo clients ensure GDPR adherence.

GDPR-as-a-Service

GDPR began on May 25, 2018 and represents the biggest regulatory change in how personal data is processed and stored since the inception of the Internet. With global reach, GDPR impacts companies and organisations that utilise or store personal information of European citizens globally. Therefore, its remit includes most organisations anywhere in the world.

Box said: “For many companies, the necessary changes to infrastructure and internal processes, plus the training and education of staff, can be daunting. GDPR observance requires constant vigilance, which presented an opportunity for Calligo to take advantage of its long history as a cloud service with data privacy at its core. Starting with the solutions we already have in place, we developed a range of services designed to help and support customers as they navigate towards meeting their ongoing GDPR obligations.”

Cloudian HyperStore complements this service with specific GDPR-friendly capabilities including:

  • Customisable metadata tags: To ensure compliance, you must be able to find information. Traditional file systems only allow you to view limited metadata information on a file, such as the owner and the date created. With object storage metadata, you have no limit on how you tag your data, making it easily searchable for data requests
  • Scalability: When data is consolidated, it’s much more easily searched and checked for duplicate records. The limitless capacity of object storage makes it feasible to consolidate data to a single, searchable pool
  • Data protection features: Data must be available at all times. With data protection features such as erasure coding, replication and multi-tenancy (to segregate users), you can ensure that data can still be retrieved no matter what situations arise

Current GDPR services offered by Calligo include:

  • GDPR Gap Analysis. A team of certified GDPR experts will audit a business and identify how the organisation’s current status compares to the requirements of the regulation. This includes a thorough investigation of the customer’s technology, people and processes (the three pillars of GDPR adherence), looking specifically at progress in eight key areas:
    – GDPR governance and accountability
    – Data privacy risk management
    – Understanding of GDPR scope
    – Personal information management
    – Security management
    – Third party management
    – Incident management
    – Protection of data subjects’ rights
    This analysis forms the starting point of a client’s GDPR adherence journey and serves as a baseline against which subsequent progress is measured.
  • GDPR Alignment. Based on the results and plans of Calligo’s GAP Analysis, or on an independent assessment, Calligo will help a business to build an immediate and ongoing plan for GDPR adherence
  • GDPR Assurance. Provides ongoing management and advisory services to help a business manage its daily adherence obligations
  • Data Protection Officer-as-a-Service. Some businesses are mandated to have a Data Protection Officer, for example a public authority or a business that processes personal data on a large scale. As appointing a suitable person may be a challenge from a cost and skills perspective, Calligo offers this as a service via its team of dedicated data privacy consultants

Additional GDPR services include:

  • EU Representative. Available as part of an ongoing GDPR Assurance or Data Protection Officer-as-a-Service engagement
  • Data Privacy Architects. A specialised service that helps organisations fulfil the ‘Data Privacy by Design’ requirement of the GDPR within new IT projects, for example the development of new apps and services

The future

Calligo has already seen a lot of customers using its range of GDPR services. “We find a lot of companies approaching us for help with GDPR planning and implementation across their whole data journey, particularly in the financial, insurance and legal sectors,” said Box. “For us, this affirms our decision to offer GDPR-as-a-Service, alongside innovative, cloud-based services that optimise clients’ data and will immediately meet their data privacy needs.”

The company is continuing with its plans to use Cloudian to cover areas such as backup, archive and storage as a service.

Intelligent CIO Europe asked Box some further questions:

How do you think Cloudian’s HyperStore solution has benefitted the company now that GDPR has come into practice?

Cloudian HyperStore object storage has a number of capabilities that provide real advantages in supporting GDPR compliance and therefore our GDPR Data Privacy Services portfolio. Specific competencies include customisable metadata tags, scalability and data protection features.

How successful have the GDPR services you offer been for your customers?

Very successful. We have seen significant interest from around the world in our data privacy consultancy services and in our privacy by design services that specifically address the needs of businesses, to balance innovation with data privacy obligations in their new applications and services. Our cloud infrastructure services are also increasingly sought after as businesses seek out data residency guarantees and expertise in their cloud platforms.

How far do you think the solution has enabled you to maintain the requirements of the GDPR regulation and do you see other companies discovering the same?

Cloudian Hyperstore’s functionality has supported our ability to deliver services that address our clients’ GDPR obligations. As the number and severity of data privacy legislation frameworks increases worldwide, the importance of these capabilities and overlying services will naturally increase too.

Has the rollout of the solution within your system been a success across the global network?

Yes. Thanks to our global storage network, supported by Cloudian Hyperstore, Calligo is now servicing customers’ data privacy needs on both sides of the Atlantic – our footprint extends to Canada and Europe, as well as the US, UK and Channel Islands.

Browse our latest issue

Intelligent CIO Europe

View Magazine Archive