A middle path for data sovereignty: Bring Your Own Cloud

Don't choose between data sovereignty and a fully managed experience. BYOC lets you have your cake and eat it too.

By
on
August 30, 2023

Emerging requirements for data sovereignty are driving an evolution in cloud deployment topologies. A new approach, known as Bring Your Own Cloud (BYOC), melds the control, compliance, and data sovereignty benefits of self-hosting with the operational agility gained through fully managed SaaS offerings.

Data sovereignty” is the notion that corporate data is subject to the laws and governance of the nation where data is collected, stored, and processed. More than 100 countries have data sovereignty laws in place. Organizations running services in the cloud are often subject to these data sovereignty requirements. However, it has been notoriously difficult— if not impossible—to be sure that cloud services store data in only a particular region.

For years, organizations operating in the cloud have focused on data privacy in isolation, seeking to comply with a range of regulations. For example, GDPR in the EU and the Health Insurance Portability and Accountability Act (HIPAA) in the United States. As it turns out, data sovereignty is much more complex than data privacy alone.

Untangling data privacy and data sovereignty in the cloud

Privacy can be achieved in a straightforward manner by relying on policy, which enables a declarative approach to deleting, masking, obfuscating, and indexing sensitive data. Such an approach is commonly employed to protect pre-defined personally identifiable information (PII).

Data sovereignty, on the other hand, can be achieved only when the responsible organization controls the life cycle of the hard drives where data resides. There is no middle ground and no debate — data either resides on hard drives under your control or it does not.

For this reason, it would seem that the only path to data sovereignty is self-hosted, single-tenant cloud deployments. An even more extreme solution, “cloud repatriation,” moves everything back to on-premises infrastructure. Yet a move back to on-premises and self-hosted deployments often means sacrificing the operational, cost, and scalability benefits that have made SaaS models so popular.

The challenge lies in the legacy of SaaS, which emerged long ago at a time when the world needed relief from self-hosting, but in so doing, SaaS introduced its own set of tradeoffs. We have noted the challenge of data sovereignty, but SaaS solutions can also introduce the risk of vendor lock-in and the loss of visibility and control over sensitive data.

And, while it used to be easier for organizations to simply mandate that some sensitive applications should remain on premises indefinitely, we are now so addicted to the benefits of fully managed cloud services that it’s hard to imagine a permanent divorce.

The dawn of BYOC

Thankfully, there is a third path that balances the tradeoffs between self-hosted and SaaS models and provides a manageable path to data sovereignty: Bring Your Own Cloud (BYOC).

In a BYOC deployment, an organization’s data remains inside its own virtual private cloud (VPC), while the vendor remotely operates and maintains the infrastructure. This option gives platform engineering teams more visibility and control than a pure SaaS model, while still allowing them to offload the time-consuming and resource-intensive work of managing cluster operations. This model has the added bonus of freeing them to focus on top business opportunities.

Fully managed services—in your cloud or ours ☁️

You stay in control. We handle the rest.

FREE TRIAL

These factors — visibility, control, and operations — are even more critical when managed services are powering an organization’s real-time data infrastructure. Many infrastructure teams are overwhelmed by the complexity of supporting real-time workloads at scale in the cloud — for example by maintaining large Kafka clusters in multi-availability zone (AZ) environments.

At the same time, they struggle with data sovereignty issues as data regulations become increasingly onerous. A BYOC approach is ideal for navigating the compliance and regulatory requirements for real-time streaming data infrastructure as the data plane remains in the customer’s virtual private cloud (VPC), and Redpanda’s control plane manages cluster operations.

Redpanda Cloud BYOC Clusters as an example of a Bring-Your-Own-Cloud deployment model

BYOC: beyond the tradeoffs

BYOC balances the benefits and drawbacks of both self-hosted and SaaS models by giving you the control and flexibility of self-hosting without the complexity and risk. With BYOC, you are also able to implement security measures tailored to your specific environment. BYOC frees you from managing the platform on your own infrastructure, so you can offload operations, support, and maintenance to trusted experts.

Control

BYOC is a fully managed cloud model, but you retain more control than in a traditional SaaS model due to the separation of the control plane, which sits in the vendor’s cloud environment, and the data plane, which sits in your environment. This separation means that even when the vendor’s control plane is down, your system can run as usual and your data is available.

Cost

Cloud providers reward customers for long-term spending by providing committed spend or committed use discounts. The beauty of the BYOC model is that it enables organizations to continue taking advantage of those infrastructure discounts as if they were self-hosting.  

Security

Beyond data sovereignty, BYOC also helps organizations comply with data privacy regulations. Leveraging zero trust access control and an isolated protected cluster, BYOC deployments can enforce multiple layers of security, all under the control of the team running the platform. BYOC also helps you to maintain the least privilege for critical resources because the vendor’s control plane doesn’t have excessive credentials or permissions.

Choosing the right deployment option for you?

Platform engineering teams facing a range of deployment options, while dealing with spiraling cloud costs and service sprawl, now have the additional challenge of tackling data sovereignty. BYOC is a good option for organizations that need the benefits of self-hosting, such as control, observability, and governance without the inherent complexity and risk.

If your organization is embracing real-time data streaming and processing while also struggling with data sovereignty challenges, then BYOC is an option that engineering leaders in your organization should evaluate.

To get started, sign up for a free trial of Redpanda Cloud or grab the free Community Edition from our Redpanda GitHub repo. If you have questions about the latest updates or just want to chat with our team, join our Redpanda Community on Slack.

No items found.
Graphic for downloading streaming data report
Save Your Spot

Related articles

VIEW ALL POSTS
The future of data privacy in the age of AI
James Kinley
&
&
&
December 10, 2024
Text Link
Batch tuning in Redpanda to optimize performance (part 2)
Travis Campbell
&
Paul Wilkinson
&
&
November 26, 2024
Text Link
Batch tuning in Redpanda for optimized performance (part 1)
Travis Campbell
&
Paul Wilkinson
&
&
November 19, 2024
Text Link