The following post is contributed to the Cloud Foundation Blog by Andrew Guerra, Offering Manager, VMware on IBM Cloud
On 25 May, 2018, the new General Data Protection Regulation (GDPR) goes into effect in the European Union (EU), with sharper teeth than any other compliance regulation to date. With tighter controls and higher penalties, the new law enforces data sovereignty like never before, forever impacting the way EU and multinational organizations handle private data. It’s likely GDPR will set a new standard that other regulatory bodies will be inspired and compelled to follow.
The impact of GDPR is broader than one may think. It applies to any organization that does business in the EU. Companies must ensure data sovereignty and provide the exact location of a client’s data at any point in time. It also requires that corporations keep said data within specific geographic limits. The penalty for not complying with the GDPR regulations is a fine of a staggering 4 percent of overall, worldwide corporate revenue.
This restriction will have many companies considering their approach to data sovereignty and how to store sensitive customer data in the region. This may include seeking cloud-based solutions for remote coverage, as their current data centers may not be within the covered region or may require upgrades to meet GDPR requirements.
These rapidly approaching compliance changes bring potential concerns for organizations looking to use the agility, scalability and efficiency of the cloud. As it stands, many cloud providers aren’t prepared for GDPR compliance and may not have the infrastructure needed to meet the new requirements. According to the June 2016 Netskope Cloud Report on readiness in the cloud, up to 75 percent of all apps used in enterprises are out of compliance with these impending rules.
To address these new compliance concerns, IBM has developed IBM Cloud Secure Virtualization built on VMware Cloud Foundation on IBM Cloud. This first in market offering leverages partnerships with VMware, Intel TXT and HyTrust CloudControl to specifically address the concerns of security and compliance for enterprises. Created using single-tenant IBM Bluemix bare-metal servers on IBM Cloud, this offering enables automated, policy-based enforcement of all major regulatory compliance standards, including PCI-DSS, HIPAA, FedRAMP, CJIS, and EU GDPR.
This integrated technology can precisely control where encrypted data is allowed to be decrypted and run, based upon customer-defined security and compliance policies. This unique “boundary-controlled encryption” capability is essential for compliance with the EU General Data Protection Regulation (GDPR) and other Data Sovereignty/Residency requirements.
Released in Q2 2017, IBM Cloud Secure Virtualization allows leading global enterprises to enjoy the safety and benefits already provided to them through the industry leading VMware Cloud Foundation software-defined data center, while being confident that they are compliant with all new upcoming regulatory requirements.
For more information on IBM Secure Virtualization, please visit: https://www.ibm.com/cloud-computing/bluemix/products/secure-virtualization
