How To Ensure POPI / GDPR Compliance For Your Call Centre
For the most part, GDPR and POPI are about updating your business processes and leveraging technology to handle personal data you collect about EU and SA citizens respectively. You must be able to obtain, update, restrict, and/or destroy data specific to a citizen’s request.
There are multiple things that enterprises can do to achieve this:
- Consolidate data
- Ensure data availability
- Provide restricted and audited access to data; and
- Secure data through encryption
Teleforge uses all-flash FlashArray and FlashBlade products from Pure Storage that are shared accelerated storage systems. The enterprise NVMe Direct Flash modules we use provide the highest levels of enterprise performance and is capable of supporting multiple mixed workloads – including SAP HANA, Oracle, Microsoft SQL, artificial intelligence/machine learning (AI/ML), analytics, file, and object workloads.
Ensure Data Availability
Data availability translates into having a robust data centre infrastructure. It starts with the data storage system or technology used. However, having a highly available network, and highly available physical and/or virtual server farms is a good start, but without the data, everything falls apart.
Our core reason for implementing Pure Storage is due to the non-disruptive everything approach. Pure Storage Flash Protect is a set of resiliency technologies within Purity (The Pure Storage Array operating System), delivering High Availability, RAID-3D dual drive failure protection, non-disruptive everything (controller upgrades, capacity expansion, and software upgrades), and always-on encryption.
Proven greater than 99.9999% availability means our client data is always available, and always protected – with no performance loss, even with active controller upgrades, capacity upgrades, and even complete chassis upgrades.
Teleforge provides Stateless HA (High Availability) architecture: We use Pure’s FlashArray that is designed that controller failure/fail-overs do not have any bearing on performance or data availability. Controllers are stateless (no persistent data in them, including in-flight writes), and HA events are designed to be transparent to host I/O activity.
We do no work on the production arrays without thorough pre-action checks conducted by Pure Support, ensuring that the environment is stable and ready for any interaction; be that code upgrades, hardware changes, capacity increases or part replacement.
Teleforge can do a non-disruptive upgrade of all components including Flash drives, power supplies and storage controllers. Even substituting storage controllers is done completely non disruptively, with no downtime and no performance degradation. We can even upgrade microcodes non-disruptively, there is no need for an outage or a “quiet” production period. Teleforge has also completely outsourced support for all microcode upgrades to Pure Support that does this remotely and completely non-disruptively.
Provide Restricted and Audited Data Access
Our arrays require credentials to access the array. Moreover, each user has a defined role. Administrators cannot access or modify data. We keep a detailed audit trail of who logs into the arrays, and when.
In today’s IT world, encryption should not be an afterthought. It is essential. Data encryption can occur at one of many points – at the application, in flight, and at rest (i.e. on the storage system).
Encryption At The Application Layer
At Teleforge, we believe this encryption method is the least effective, both concerning allocation of resources, and regarding business efficiency. Servers (virtual or physical) are usually sized for the application they run. When encryption is added on top of this, it takes CPU cycles away from some applications, making the application less effective. Laying encrypted data down on a storage system makes that data exclusive to the application that wrote it, meaning that it is not sharable. Data that is not sharable cannot be consolidated. A lack of consolidation brings us full circle back to the first issue we highlighted above – multiple copies, more copies to manage, more points of error, more points of data leakage, more cost associated with additional storage.
Since encrypted data is hard to compress and deduplicate, this means that datasets cannot be reduced, and requires physically more data storage. These increases wear on the storage system, which in terms reduces the life of the storage system, leading to more cost.
Encryption In Flight
Data in flight would ideally be encrypted as well; being true for data that travels outside of the “four walls” of a data centre. However, within the “four walls”, it can be argued that the data should be secure enough that it does not need to be encrypted.
Skeptics argue that the data could be tapped. They are correct; if someone is tapping the network for data, that is a security issue that needs to be addressed. However, this is something that is so fundamental to basic network security, it leaves room for the question, whether a two-bit hacker could be stealing data from this enterprise from, say, the cafe across the street.
Part of the reason why SANs have been slow to converge with traditional LANs, and why fibre channel still exists as a leading storage networking protocol, is because it is abstracted from the LAN and the Internet, and data travelling on it only travels between servers and the storage system. Many of our customers and technology partners agree, and they confirm that data encryption within the confines of the data centre is not a high concern.
Encryption At Rest
That leaves data encryption at rest. At Teleforge, we believe the best way to secure data is to encrypt it at rest. Some storage vendors approach this with optional self-encrypting drives (SEDs). Dell EMC’s SC-series (previously Compellent) and IBM does it this way. Keep in mind, SEDs are expensive and inflexible. The encryption is on each disk, requiring keys for every drive, increasing the load on the storage system to manage and maintain keys. Unless an enterprise forks out the expense of upgrading every storage system with all SEDs, then, some data may be left exposed. Additionally, since each drive has its own encryption, it reduces the impact of compression and deduplication as each piece of data written to each disk, after compression and deduplication, would have to be individually encrypted, and decrypted for each read and write. It is simply illogical.
The best way is to enable it in software at the array level. For some systems, such as NetApp’s AFF A-series using its NetApp Volume Encryption (NVE), and HPE’s Nimble arrays, this is available. However, it comes as the cost of performance.
That is why Teleforge as opted for Pure Storage as only Pure can compress, dedupe, and encrypt data without any performance overhead. Furthermore, Pure’s industry leading compression and deduplication, along with its encryption algorithms are all done inline, always-on, without the need for the customer to tune or configure anything. So, using a Pure array result in the best cost efficiency, and the highest level of security for the enterprise’s data.
For details on Pure’s data at rest encryption features, IDC wrote a paper, “Data at Rest Encryption and Key Management in GDPR” that highlights new EU GDPR policy compliance requirements, specifically concerning the role, benefits, and considerations of data at rest encryption and key management. (Download PDF)
Our Call Centre Clients live in a data-centric world, in which new customer experiences, new business models, faster time-to-market, and the fastest insights are changing the course of businesses and enable market leadership. Since we do live in a data-centric world, we need a data-centric architecture to match. Our solutions ensure that your Call Centre has the best and most secure data-centric architecture.
“GDPR and POPI offer businesses a unique opportunity to take control of their most valuable asset: data. By using Pure, we enable customers to reduce costs associated with data management and storage and unleash intelligence and competitive advantage by processing data more efficiently and securely. Encryption by default and robust access control management are just part of a set of industry best practices Teleforge uses effectively to manage customer data most securely.” Francois