I'm Head of IT at an investment company with offices globally where currently all data is stored in the cloud. We use a system called M-files for document management and archiving and the servers are located as IaaS in a data center in Europe. Our regional manager in Bangkok requested to have a local storage solution in their office due to bad performance and latency when accessing and uploading documents to this system. Should I allow the implementation of a local storage solution and if so, how do I best take care of concerns around security, potential data loss, etc? On top of this is of course the GDPR issues of storing potential data outside the EU. Any advice would be much appreciated.
Sort by:
For me avoid the local storage solution if you can by improving the latency. You'll get yourself tied up in knots supporting it from afar if you don't.
To address security and GDPR compliance, implement robust encryption measures, regular backups, and ensure adherence to GDPR guidelines for data transfer outside the EU. Engage with legal counsel to mitigate potential risks and establish clear protocols for data management and protection.
I've had to manage global systems, impacted by GDPR from Europe and as others have correctly pointed out, you don't want to be storing European PII outside the EU if at all possible. There are a lot of reasons the performance might be bad. It could be fixed by something as simple as improving the network speed in Thailand if you can or it may be a more serious architectural issues with the underlying product. My advice is to talk to M-Files to see if they can help out or consider alternative technologies. Google docs for example is performant globally and is capable of having data region policies applied - but I have no idea if that would be an option for your company.
I would second the ides of trying to reduce latency, as some people have already suggested, whether through your IAAS or other potential solutions that may be available.
Data compliance, especially in Europe, is a big deal and not to be taken lightly.
Implementing a local storage solution for M-files in the Bangkok office raises several security and data protection concerns that need to be carefully addressed before proceeding with the implementation.
first perform and assesment of performance and latency based on this principles
Thorough Investigation: Conduct a thorough investigation to identify the root cause of the performance and latency issues experienced by the Bangkok office
Optimization Efforts: Before considering local storage, explore optimization opportunities within the existing cloud-based M-files system. This could involve upgrading hardware, optimizing network connections, implementing caching mechanisms, or exploring alternative cloud providers with better performance in the Bangkok region.
Performance Benchmarks: Establish clear performance benchmarks for document access and upload speeds for both the cloud-based and local storage solutions.
Based on the provided information, it is advisable to thoroughly investigate the root cause of the performance and latency issues before implementing a local storage solution. If optimization efforts fail to address the performance issues, then a local storage solution can be considered, but only after implementing comprehensive security and data protection measures to mitigate the associated risks. Additionally, strictly adhere to GDPR compliance requirements when transferring personal data from the EU to Thailand.