I'm Head of IT at an investment company with offices globally where currently all data is stored in the cloud. We use a system called M-files for document management and archiving and the servers are located as IaaS in a data center in Europe. Our regional manager in Bangkok requested to have a local storage solution in their office due to bad performance and latency when accessing and uploading documents to this system.  Should I allow the implementation of a local storage solution and if so, how do I best take care of concerns around security, potential data loss, etc? On top of this is of course the GDPR issues of storing potential data outside the EU. Any advice would be much appreciated.

3.9k viewscircle icon8 Comments
Sort by:
Director of IT in Manufacturing2 years ago

Implementing a local storage solution for M-files in the Bangkok office raises several security and data protection concerns that need to be carefully addressed before proceeding with the implementation.
first perform and assesment of performance and latency based on this principles
Thorough Investigation: Conduct a thorough investigation to identify the root cause of the performance and latency issues experienced by the Bangkok office

Optimization Efforts: Before considering local storage, explore optimization opportunities within the existing cloud-based M-files system. This could involve upgrading hardware, optimizing network connections, implementing caching mechanisms, or exploring alternative cloud providers with better performance in the Bangkok region.

Performance Benchmarks: Establish clear performance benchmarks for document access and upload speeds for both the cloud-based and local storage solutions. 

Based on the provided information, it is advisable to thoroughly investigate the root cause of the performance and latency issues before implementing a local storage solution. If optimization efforts fail to address the performance issues, then a local storage solution can be considered, but only after implementing comprehensive security and data protection measures to mitigate the associated risks. Additionally, strictly adhere to GDPR compliance requirements when transferring personal data from the EU to Thailand.

VP of IT & Cyber Security in Construction2 years ago

For me avoid the local storage solution if you can by improving the latency.  You'll get yourself tied up in knots supporting it from afar if you don't.

Chief Technology Officer in Media2 years ago

To address security and GDPR compliance, implement robust encryption measures, regular backups, and ensure adherence to GDPR guidelines for data transfer outside the EU. Engage with legal counsel to mitigate potential risks and establish clear protocols for data management and protection.

Chief Technology Officer in Software2 years ago

I've had to manage global systems, impacted by GDPR from Europe and as others have correctly pointed out, you don't want to be storing European PII outside the EU if at all possible.  There are a lot of reasons the performance might be bad. It could be fixed by something as simple as improving the network speed in Thailand if you can or it may be a more serious architectural issues with the underlying product.  My advice is to talk to M-Files to see if they can help out or consider alternative technologies.  Google docs for example is performant globally and is capable of having data region policies applied - but I have no idea if that would be an option for your company.

CIO in Education2 years ago

I would second the ides of trying to reduce latency, as some people have already suggested, whether through your IAAS or other potential solutions that may be available.
Data compliance, especially in Europe, is a big deal and not to be taken lightly.

Content you might like

Strongly agree13%

Agree70%

Neither agree nor disagree12%

Disagree3%

Strongly disagree

View Results

Yes68%

No but planning to28%

No and not planning to3%

View Results