Will GDPR Pressure SaaS Vendors to Go On-Prem?

Navigate to:

There has been a mad scramble to get data practices in order before and since the General Data Protection Regulation (GDPR) took effect May 25.

The intent behind GDPR seems like a reasonable set of regulations to protect the user. However, many, if not most of us, feel a little confused about how to implement a number of points written in the regulation.

Gravitational, an InfluxData customer, has a terrific blog post on its website that offers an interpretation of GDPR explaining many of the regulation’s ambiguous terms. It also covers how GDPR compliance could increase costs for SaaS providers, and may eventually lead the way for SaaS vendors to consider offering on-premise versions of their SaaS solutions.

The reason for this is simple: once SaaS vendors collect data on European Union (EU) residents, the regulation kicks in and the need for potentially new controls on that data must be implemented. The costs for this implementation could be significant and may warrant offering an on-prem version to EU customers to keep the data collected within the EU and within the protection of the customer’s own data center or private cloud.

However, building an on-prem version of a SaaS solution has traditionally been difficult and cost-prohibitive. This is because doing so requires deploying different versions of the infrastructure and facing the complex problem of running infrastructure versions the SaaS vendor cannot necessarily control.

Gravitational recognized this problem and decided to create a service that helps SaaS providers deploy and manage their applications across multiple environments, including on-prem, private cloud and public cloud. It also realized the solution needs to provide multiregional deployments and management for complex, multi-tier applications across distributed infrastructure, as well as a means to monitor system and application performance.

Through its Telekube product, Gravitational solves the SaaS portability and security problem by onboarding SaaS providers to Kubernetes and helping them to deliver Kubernetes to various remote environments. Since these SaaS providers rely on Telekube with their money-making solutions, keeping the entire environment performing correctly, including Kubernetes, microservices, databases and applications, is critical. Doing so requires collecting metrics and events for all these components at all levels and for several redundant monitoring systems as well.

Let’s take a peek at what they are doing. The first thing Gravitational deployed for monitoring is Kubernetes itself, which can provide interesting information about the cluster state. It also offers filesystem monitoring inside Kubernetes that checks whether the node is ready or not. And on top of that, Gravitational provides a separate distributed checker called Satellite, which is deployed in the cluster. Satellite is designed to combine the metrics from Kubernetes, the OS and the various other components to send an alert if something goes wrong with the low-level components. That way, if the main monitoring solution or Kubernetes goes down, Satellite will still be able to propagate key metrics

What is impressive is Gravitational has built similar redundancies in its monitoring systems for the networking components, the databases, storage, CPU, etc. It is with this effort and the combination of Kubernetes used in its product that gives Gravitational the ability to deliver availability, portability and security to its SaaS customers, and thereby helping them to adhere to regulatory requirements.

Building an on-prem version of a SaaS platform is just one of many things SaaS vendors could implement to become GDPR compliant—and making it easy to manage with a solution like the one Gravitational built could be the answer. In any event, there will surely be many other interesting solutions to help any organization adhere to the regulation and successfully keep user data private and secure.