Why ownCloud's CEO isn't worried about the death of Safe Harbor

PadlockImage: IDGNS

Data sovereignty has become a hot-button issue ever since the EU’s top court struck down the Safe Harbor agreement in October, and for many users of file-synchronization and sharing services, it poses a considerable problem. OwnCloud CEO Markus Rex sees it as more of an opportunity.

That’s because OwnCloud — which in many ways competes with the likes of Dropbox and Google Drive — does file sync and share a bit differently from many of the better-known contenders. Most notably, it doesn’t provide the storage: Customers can use whatever they want for that part of the equation.

What OwnCloud delivers is software giving users access to their data through a Web interface, sync clients or WebDAV while providing a user-friendly platform for viewing, syncing and sharing across devices easily.

It’s essentially a self-hosted file-sync and share service, and it focuses on giving users control. Permissions, access control lists and compliance requirements are respected and can be met or configured at the file, object store or user level. Users have full control of their encryption keys, which are kept entirely separate from storage.

“We’re really an abstraction layer,” Rex said. “You get access to all your on-premises and off-premises files through an easy-to-use interface, and it’s all under the CIO’s control.”

Europe has long had strict data-protection laws, and the Safe Harbor agreement was an attempt to ensure EU-level protection for European data processed in the U.S. It was deemed inadequate by the Court of Justice of the European Union, however, leaving many companies scrambling over cross-border issues.

Whereas providers such as Dropbox have been racing to set up European storage infrastructure in response, OwnCloud hasn’t had do to any of that since it doesn’t provide the storage component to begin with.

“It’s very explicit: You own your own storage,” Rex explained. “Companies just run our software behind their own firewalls.”

Because OwnCloud is open source, the software is even available for inspection, should the need arise.

OwnCloud may be set apart to some extent by the fact that it’s open source, but it’s not alone in its ability to use on-premises storage as the central repository for enterprise file sync and share, noted Guy Creese, a research vice president with Gartner.

Citrix ShareFile, Egnyte, Novell Filr and Syncplicity also offer similar capability, Creese said.

Such services have been providing enterprise-class products for some time already, so “any concerns have long since been vetted by their users,” noted Rob Enderle, principal analyst with Enderle Group.

“You pay a bit more, but you get a lot more control,” Enderle explained. “Particularly if you are talking about sensitive or regulated data, that control becomes a requirement.”

Since Safe Harbor’s defeat in October, OwnCloud has seen an increase in the number of inquiries it’s received, Rex said.

“It’s tough for enterprises operating across national boundaries because the laws are all different — at least for now — and the legal environment is changing rapidly,” said Roger Kay, principal analyst at Endpoint Technologies Associates.

Generally, if an organization is in charge of its own storage, it can set up its “depots” in each country according to its legal requirements, Kay pointed out.

“Of course, this is more expensive, since a single data center might be able to handle a whole region,” he added. “But it’s a best practice to spread data around among data centers anyway, for redundancy, efficiency of access and disaster recovery.”

There is a slight risk if the system includes resources from multiple parties — in this case, the EFSS and storage providers, Kay said. Specifically, “the interface between the two and with the enterprise customer may offer an exploitable weak link.”

A fully integrated system could also run more smoothly.

Still, “if a company follows the rule ‘keep the data in its country of origin,’ it’s in pretty good shape legally,” Kay said. “There is a cost to that schema,” but it may be less than the fines the company might face for not following such a regimen, he added.

OwnCloud’s software has been downloaded some 7 million times this year — roughly double last year’s count. It claims more than 2.5 million users today. There’s also an enterprise version offering features such as SharePoint integration, Oracle database support, a file firewall and a logging module with reporting. That version is priced starting at $9,000 per year for 50 users. OwnCloud currently boasts about 250 paying customers, the majority of which are split pretty evenly between EMEA and North America.

For CIOs wrestling with data-sovereignty questions, Rex has a few suggestions. First and foremost, “make a conscious decision,” he said. “Watch out for your shadow IT, and don’t let your traveling sales team decide your data privacy laws.”

Second, “what really matters is where the encryption keys are stored,” he warned. “Just because someone tells you the files are encrypted, if they have the keys, it’s a bit pointless.”

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注