Data in flight is a slept-on data sovereignty concern

The cloud has become a destination for business experimentation.

Digitally forward organisations often sign up to early access programs to test latest-release services ahead of general availability. This provides a preview of the applicability of forthcoming cloud services to specific business contexts. It also creates the possibility of first-mover advantages: early access participants often receive special attention from the cloud provider in order to be successful.

For the organisation, making use of an emerging cloud service may lead to material efficiency improvements, growth opportunities or new points of differentiation — but early access often comes with a key trade-off.

These services are almost exclusively piloted on US infrastructure, in US-based regions or availability zones. That hosting arrangement may continue even after general availability, with service expansion worldwide staged over several phases or months. Organisations based outside of North America, therefore, need to make choices about their ability to interact with these services.

More than likely, it means a long-distance relationship: routing data over submarine links to and from the US-based servers, with a mid-term view to migrating to the local instance of that service once it becomes available. Sometimes the choice is made for would-be experimenters. In highly regulated critical infrastructure sectors, for example, there may be restrictions on the type of data that can be transmitted to servers outside the country.

Even in organisations where early adoption of cutting-edge cloud services is both permissible and — from a risk standpoint — palatable, there will still be questions to answer about how data is routed to and from the new cloud service.

Organisations increasingly require assurance that that data ‘in flight’ — moving between the organisation and the cloud infrastructure — is to some degree controllable; that the path it takes between these two points is transparent and understood; and that any route deviation, due to prevailing or dynamic network conditions, can be quickly identified and verified.

Data sovereignty isn’t just about data at rest

‘Data in flight’ is an emerging data sovereignty consideration for many organisations.

Most conversations about data sovereignty are typically focused on data at rest — the location of the primary cloud-based storage infrastructure. However, data is not a static asset. Or, at least, creating value from data holdings often means moving it around — from edge-based collection points to a central warehouse or lake, through data pipelines, and in and out of analytics models. In addition, the distributed nature of organisational structures and IT infrastructure means there’s constant data movement between people, nodes and locations.

Cloud provider traffic routing decisions are based on complex rules that take into account the ambient, changeable conditions of internet-connected networks. These decisions about where to send data traffic may not be apparent or desirable. We’ve previously observed examples where domestic traffic, intended for a domestic destination, was routed via a second country due to the way an outsourced solution was architected.

This kind of decision-making creates an elevated risk for the customer organisation, especially if they do not anticipate this eventuality and/or have no way to monitor or detect it independently. While the routing of data through a second country is unlikely to be nefarious, any change to the in-flight path taken by data creates uncertainty. It may open an organisation up to security or geopolitical risks. It may also degrade the performance of the application or use case.

Knowing where data is and the path it’s taking between two points at all times is critical for sovereignty-conscious organisations. Inventory and path visualisation should be used to make all possible network paths — and the complex peering relationships that underpin those paths — transparent and observable.

Data route changes also carry DRP and SLA risks

It isn’t just the immediate risk to in-flight data posed by a sudden route change that’s of concern. There are also flow-on impacts to an organisation’s disaster recovery planning (DRP) and to agreed end-to-end service levels as well. These factors are collectively driving organisations to keep closer tabs on live traffic paths.

DRP mechanisms may need to kick in if data in flight is suddenly detected changing course to a less favourable route. A mitigation may be required to address that, and that would ideally trigger automatically as the anomalous route is identified.

For example, an appropriate mitigation may be to purposely shift traffic across to a backup or alternative ISP, and readvertise the corporate network there. The outcome of routing in-flight traffic via their network de-risks an active situation and produces more managed and controlled outcomes.

Any change to the routing of in-flight traffic also has a knock-on effect on application and workflow performance, and the service-level agreements (SLAs) that govern and set out minimum standards in this area.

A purposeful decision made by an organisation for the sake of data sovereignty over in-flight data — such as shifting ISPs — could add milliseconds, or even seconds, of latency or delay to the round-trip time for traffic movement.

This could mean a temporary reduction in transaction processing capacity that will need to be communicated to users, or it could be more serious, rendering a workflow or application completely unusable.

Organisations need to have means to understand the SLA impact of data transit paths so they can raise awareness of that impact and/or compensate for it.

Image credit: iStock.com/undefined