Data Classification and Desktops - Geographic Use Cases
It’s been a hot minute since I wrote anything, and for good reason - having children and a summertime schedule is exhausting! That and a job change spelled out a lot of moving parts for us.
Now, though, we’re going to be getting back to our regularly scheduled programming with a review of how where your desktops are, matters.
I’m not talking about latency, since that has been written about exhaustively since the earliest days of VDI. Instead, modern admins are tasked with making sure VDI environments are up to par with the latest modern regulatory compliance sets.
The most prominent of these is GDPR. Phrased simply, if data is supposed to remain in your country, you had better confirm that - or else. That “or else” has real teeth - several million dollars worth, or a percentage of your annual earnings. It’s very much a penalty that can sink a busines, ruin a financial report, etc.
Data classification tools like Purview or Cloud Data Sense by NetApp can empower customers with visibility into what data is where, which is invaluable in proactively preventing any GDPR violations.
Alternatively, look at SOC and ISO 27001 audits. These confirm that you do what your processes say you do, and that your processes are what they ought to be (respectively). If your processes and policies say that data resides in a sepcific location but your classification/visibilty tools say that it has spread to various locations (say, alternate folders in a tree struture or edge sites/offices) then that’s a violation of your policies that you can get out in front of before a visit from your auditors. From experiene, I can say that anything you can do to minimize your remediation list is a big win.
Lastly, some countries - Singapore comes to mind - have strict data soverignty rules. Data MUST remain within their borders, no exceptions. How does one control and prove that, if a salesperson is travelling? VDI plus a data classification tool can prove without a shadow of a doubt that the user’s session is based in the country is ought to be based in, and that the data mapped to that session is from the region it ought to be.
We’ll continue this series soon - sooner than a month between posts - with a different set of industry-driven use cases. Until then - the summer is over, so we’re back!