Cloud Series: Data Control in the Cloud: Public, Private, and Sovereign

A fundamental transformation is occurring in the gaming industry as we witness a transition from on-premise technology infrastructure to leading data centers. This evolution in our industry is essential for its survival and organizations who embrace it will continue to be competitive. In this four-part article series, we will dive into aspects of this transformation.

This article seeks to educate our readers on data control in the cloud and the attributes of public, private, and sovereign cloud services.  

Data Control in the Cloud

The cloud in its simplest form is professionally- managed infrastructure. Clients essentially rent infrastructure resources in real-time and pay for use. Data center providers focus their energy and resources on securing data, keeping infrastructure current, and developing software for clients to interact with and manage infrastructure remotely.  

Adopting modern architectures that enable this type of elasticity, georedundancy, and continuous deployments makes sense in today’s technology environment. Consumers expect instantaneous response times, 100% availability, top security, and continuous updates. Most companies do not have the financial resources to procure the type of infrastructure – including Artificial Intelligence (AI) – needed to deliver these expected capabilities. The data center model solves these challenges by enabling specialized providers like Microsoft Azure and AWS to focus their attention and resources exclusively on these capital-intensive matters, investing billions of dollars annually.

Although leveraging top capabilities in a pay-for-use model is advantageous, data control is a critical consideration. In the following sections we will outline each type of infrastructure set-up and examine many of the pros and cons in terms of data control and security.

Commercial Cloud (aka Hyperscale Cloud)

The commercial cloud is what is commonly referred to as “the cloud.” This is the commercially-available cloud from major cloud providers like Microsoft Azure and AWS. These providers have data centers covering the globe with millions of servers, allowing near infinite computing power to any client. Commercial cloud providers invest billions of dollars annually to provide hyper-scalability, resiliency, georedundancy, and security. This option provides the most data control in terms of security such as DDoS (distributed denial-of-service) attacks, ransomware attacks, and data breaches.

The main data control drawback of the commercial cloud is that the physical location of the data center will determine the privacy laws that govern the data. For instance, if the data center is located in the United States, there is a possibility the US government could subpoena the records directly from the cloud provider.

Sovereign Cloud (aka Confidential)

The confidential cloud or cloud for sovereignty has additional layers of encryption where data is encrypted even while being processed and stored in memory. Additionally, the encryption keys are managed outside of the cloud environment, thereby giving the client complete control of who can read the data. This results in a highly-confidential data environment and gives government customers the highest level of data protection and control. In the gaming industry, the confidential cloud is becoming popular for sovereign tribal governments because it ensures that  any other governments or third-party cannot access their data without going directly through the tribe. This solution offers the same general advantages of the commercial cloud, including hyper-scalability, resiliency, georedundancy, and security.

Private Cloud

Private clouds were popular before Microsoft Azure and AWS invested billions in robust infrastructure, including industry-leading security capabilities and an array of software for clients to interact with and manage remote infrastructure. Private cloud services in the gaming industry have continued to find niches where outmoded laws and regulations require data to stay within a jurisdiction where there is no commercial cloud data center. They also provide additional control over network access and operational independence. For instance,  companies can have dedicated infrastructure that only processes their data.

The downside of this model is missing out on cost efficiencies such as “pay for what you use” and there is no hyper-scalability due to the lack of infrastructure that leading providers like Azure and AWS have. Simply put: Microsoft, Amazon, and Google have massive amounts of buying power, global infrastructure, and industry-leading security professionals and capabilities. This expansive infrastructure allows for three key advantages: 1) hyper-scalability with near unlimited processing power; 2) georedundancy; and 3) unparalleled security capabilities.

Additionally, leading cloud providers like Microsoft, Amazon, and Google offer proprietary software to automate software deployments, interact with infrastructure, and automate most IT functions. Due to the limited capabilities that private cloud providers  offer, some are becoming resellers of commercial cloud services like AWS to help solve these limitations and allow clients to mix private and commercial cloud services.

On-Premise Infrastructure

On-premise infrastructure provides the greatest physical control of resources and data, but has no scalability and the weakest data security. On premise infrastructure is also expensive to maintain, since new equipment must constantly be purchased to stay current and staff large IT teams are needed to physically install software and manage the infrastructure.  

Some outmoded laws and regulations in the gaming industry prioritize geography over cybersecurity. As a result, some executives may incorrectly think that because they own their infrastructure and are physically close to it, they can secure it best. This fallacy does not hold water as the news is rife with stories of cyber breaches. Russian and Chinese hackers penetrate infrastructure constantly, and groups that are physically far from gaming locations have penetrated top gaming brands in the US and Canada. In today’s world, location does not matter when it comes to data security. Modern software relies on infrastructure that is scalable in real-time and data control is only as good as data security.

No one wants to go back to the days when computers needed to be updated regularly via CD-ROM or other physical media, nor should businesses continue to operate on a model  where on-premise infrastructure has to by physically managed by large teams of IT personnel. Modern companies take advantage of everything the cloud has to offer, while older companies that refuse to migrate to the cloud are quickly becoming uncompetitive.

‍

Stay tuned for the next article in this series: Future State of Technology

‍