The tech industry avoids regulation when it can, and the issue of protecting data across national borders is no exception. So an Intel executive on Wednesday proposed a technology solution to ensuring compliance with European data privacy laws.
Diane Bryant, general manager of Intel's data center group, was asked how, given Europe's strict laws governing movement of personal data, service providers can link data centers in different regions while staying in compliance with regulations.
"We’re better off solving these problems with technology than regulation; I think that's a much more logical approach to the problem," she said during an on-stage interview at the Structure conference in San Francisco.
But given that regulations exist and have to be adhered to, she proposed geotagging virtual machines as a practical way to ensure compliance.
"Geotagging is a great solution to that. We've been working with the industry on a way to create VMs and, through policy and cloud orchestration tools, to guarantee those VMs will only be executed within a certain geographic boundary," Bryant said.
Auditing manually to ensure compliance is laborious and doesn't scale, she said. Geotagging can ensure that workloads and data stay within the regions where they're permitted to reside.
Intel has worked on the problem with cloud security company HyTrust, Bryant said, and geotagging VMs is "a solution that's in the market today."
That's not to say it's simple to implement, necessarily, but it gives cloud providers another option if they want to transfer workloads between data centers in different countries for tasks like backup and recovery, or just to store data closer to end users.
It's one possible solution to a problem that grew more complex last month when Europe's highest court struck down the Safe Harbor agreement between the U.S. and the European Union, which for years allowed companies to transfer information across the Atlantic without running afoul of European privacy laws.
The court determined the existing Safe Harbor provisions were insufficient and authorities are crafting new rules to replace them -- though that could take some time.
Another option for companies is simply to keep personal data within national boundaries, and cloud providers like Amazon and Microsoft have been opening new data centers in Europe to let them do that too.
Being able to share information among different cloud providers is important for realizing the promise of big data, according to Bryant. "The more data you have, the greater the insights you're going to get," she said.
She cited a cloud service Intel is helping to build that will let cancer research institutes share gene sequencing information about patients, with a view to speeding up research and diagnosis. The cloud service will come online in the first quarter next year, she said, with Oregon Health and Sciences University and two other hospitals.
"The largest cancer institute in the world has access to less than 1 percent of the genome sequences worldwide," Bryant said. Expanding that access will provide researchers with better insights that could help cure diseases, she said.
Linking different clouds also opens a new business model in the form of data exchanges, according to Bryant, where banks, for example, could pay each other for access to each others' data sets to help spot fraud or identify people who are credit risks.
But the example seems to only strengthen the case for imposing limits on data sharing.
"We know that your social media site is the best predictor of whether or not you're a credit risk, so the more you talk about 'you' on social platforms" the easier it becomes for banks to identify people who will be a credit risk, Bryant said.
"So you should talk about others and not yourself," she said.