Today, many companies, not wanting to incur the costs of purchasing and maintaining physical servers, choose virtual platforms. By using the services of a hosting provider, you can create a high-quality Internet portal. And at the same time, technical support will be provided by the provider’s team. Modern Russian data centers use reliable data storage systems, high levels of uninterrupted operation are achieved through duplication of engineering infrastructure components, guaranteed backup. However, in some cases, clients resort to the services of foreign data centers. Why?
Foreign data center: pros and cons
As a rule, the IT infrastructure of foreign data centers is advanced equipment latest generation, quality standards according to the requirements of ISO 9001 and ISO 27001, high level security and data storage control, SLA (Service Level Agreement) - standard (availability 99.5%) and individual (up to 99.995%). To ensure data security, they use the latest IT solutions, firewalls, and communication channel encryption technologies. The power supply of the data center is also implemented with a high level of reliability - up to TIER IV (everything is duplicated).How else might a foreign data center be of interest to Russian customers? Companies providing hosting abroad usually have very flexible tariff plans. They strive to provide the client with a complete package of services for almost the same money as the basic option. What makes clients consider such a service as foreign hosting is the high quality of service, greater experience of employees, and high speed of response to problems. Any malfunction will be resolved as quickly as possible.
European data centers employ people who have been providing hosting services for many years, so they know how to prevent certain problems from occurring and how to fix problems as soon as possible.
For many domestic companies, an additional platform abroad also means business protection. Seizure of data center equipment, illegal blocking, long-term shutdowns - in Russia, all this has to be taken into account as risk factors when placing or leasing physical or virtual servers.
In addition, there is a growing need for companies to make online transactions more secure from government surveillance and cybercriminals. Therefore, those who need a server with data protection from unauthorized access and a guarantee of reliable operation often consider the option of renting a server abroad. Finally, financial stability European operators The data center is another risk mitigation factor.
Experts give some useful tips on how to run an Internet business in the Russian Federation and avoid problems:
- Register domains abroad - outside the.ru zone and with well-known registrars.
- Register a company abroad. Create a parent and subsidiary company. The first will own the technology, and the second will license it. This will protect the main intellectual asset.
- Use the services of several data centers. Even abroad, there is a possibility of blocking a server or data center by a court decision. Important data needs to be duplicated on equipment located not only in another data center, but also under a different jurisdiction.
- Host databases abroad. Keep your accounting on foreign servers and work via VPN. You can instantly restore office functionality.
- Document everything related to the installed software. Take care of the required level of protection for your servers and local network.
Foreign data centers also mean stability. It implies both a favorable political and economic situation abroad and uninterrupted operation of the data center. Clients of such hosting services can rest assured about the future of their web projects.
Meanwhile, thanks to encryption, data center employees may not have access to your data at all. Data abroad will be fully protected. The problem is the requirements of Russian legislation, according to which it is necessary to use encryption tools certified by the FSB and FSTEC. It is unlikely that it will be possible to convince a foreign data center provider to use Russian encryption tools, and certification of foreign encryption tools in Russia is too expensive: hosting will be unprofitable. And that's another problem. In addition to the restrictions imposed by Russian legislation, a user of foreign hosting may also encounter specific requirements of local regulators.
Finally, another drawback is certain inconvenience when paying for the services of foreign providers who use systems adopted in a particular country or international services, while Russian companies introduce payment methods that are as comfortable as possible for clients.
A reasonable compromise between domestic and foreign sites is the choice of a domestic hosting provider that has sites both in Russia and abroad. In Russia, a mixed model has already gained popularity, when part of corporate data is located in the Russian Federation, and part is transferred abroad. Russian hosting providers take into account the wishes of clients and offer customers this mixed type of data placement. Clients pursue different goals.
Reserve site
Often, a company’s IT strategy requires the presence of at least two data centers – a main one and a backup one. And this is no coincidence. After all, the loss of information or control over it, at best, guarantees large losses; at worst, it is a complete loss of business. Therefore, the deployment of a main and backup data center for a serious company today is strategically necessary and justified. It is clear that this is not cheap, but there is another solution - hosting.
A backup data center eliminates downtime and provides the ability to immediately restore server systems in the event of a failure or serious accident.
Using a hosting service provider's foreign site as a backup data center means minimizing both risks and costs. With this operating scheme, maximum safety and reliability is achieved. From the point of view of competently building uninterrupted operation of sites, this is the right decision.
According to statistics, Russian companies consider most projects using foreign data centers from the point of view of creating two separate sites and systems that minimize risks. Thus, the use of the services of the main and/or backup data center in Europe is not only protection from raiding and administrative pressure, but also diversification of risks and the creation of a highly reliable distributed IT infrastructure.
Closer to the client
If target audience site are Russian-speaking users, then placing the resource on geographically distant servers can increase the site’s response time (although not always), and vice versa. In some cases, foreign data centers will good option for companies whose business is focused on the foreign market, in particular those operating in the European market.A foreign platform can be used to host data in order to connect European customers to it. The cost of traffic will be significantly lower. In addition, servers based in foreign data centers show better response times for European users. Such data centers have direct access to European traffic exchange points. For example, for traders when working on the foreign exchange market, the delay in receiving and sending data is critical, and when hosting on a foreign site, it will be much less than when working from Moscow or Samara. Latencies have to be taken into account when hosting game servers (which leads to lower lags in computer games), creating content delivery networks (CDN). Companies with large international coverage are often forced to locate data centers close to customers.
Moreover, due to the poor development of Russian networks and the peculiarities of their organization, traffic from the Moscow provider to the regions often goes through Europe. Connectivity with a European data center is often better than with a Moscow one. And in general, communication may turn out to be more reliable and of better quality.
Russian hosting companies are increasingly offering hosting abroad and at the same time can compete adequately with foreign hosters. In particular, the RuVDS company, a dynamically developing hosting provider specializing in the provision of enterprise-class IaaS services, whose partners include the largest financial institutions, a number of commercial banks and social projects, plans to expand the list of services by providing clients with foreign hosting, for which it has entered into an agreement with a European data center (Switzerland), where customer resources will be located.
Conclusion of service agreements, financial, legal issues, technical support will be carried out by RuVDS: the client will not have to interact with the foreign provider himself or adapt to its regulatory environment and terminology. And at the same time, the cost of services will be quite competitive.
Like in a safe
Switzerland is now positioning itself as a global data repository. Now this is one of the safest jurisdictions for locating data centers. The key advantage for the development of this business in the country was the strict laws of Switzerland, as a tribute to banking traditions.
One of the advantages of hosting in Switzerland is that the state protects physical access to the client company’s data.
Today, Swiss data centers offer their services to any company looking for a stable storage location in Europe. In particular, since former US National Security Agency contractor Edward Snowden went public with documentation of widespread government surveillance, data center owners in Switzerland have seen an increase in demand for services safe storage data from the USA.
Switzerland is classified as a country with a minimum level of risk when hosting data.
Switzerland has established itself as an island of stability, able to withstand financial and geopolitical shocks. This fundamental stability is a guarantee of the security of your web resource. The political and financial stability of this country in itself is a weighty, but not the only argument.
Switzerland is located in the center of Western Europe, in close proximity to leading European countries with strong economies and business activity, millions of potential clients of companies doing business in Europe. Thanks to a direct connection to leading providers, such a data center can significantly reduce response time to requests from Europe, Asia and America. This means fast response time for the end user, regardless of their geographic location.
The technological development of Switzerland, combined with the data center infrastructure, allows us to provide hosting services highest quality, provide a high level of customer service. The equipment used meets the most stringent performance and safety standards. Innovative security measures and effective management will help avoid possible risks. Modern equipment protects client resources from powerful TCP/UDP DDoS attacks - up to 10 Gbit/s or 4 million packets per second.
Switzerland can be considered an ideal location for a data center.
Conclusion
Large and medium-sized businesses - legal, pharmaceutical, financial and investment companies, and retailers - are now actively interested in foreign data centers. Interest from media resources may also grow. An important advantage of Russian hosting providers offering their services on the basis of a foreign site is the availability of Russian-language technical support service, which is not always offered by foreign providers. The language barrier can be a significant obstacle. For Russian hosting providers, this problem is removed automatically. In addition, various communication channels are now being used for the convenience of customers.
Russian hosting providers well understand the problems and requirements of Russian clients, and this often helps to resolve issues that arise as soon as possible, using the most suitable tools for this.
Many of the situations typical for Russia are often difficult for foreigners not only to resolve, but also to understand their essence. It is easier for a Russian provider to find a way to help a client.
RuVDS services are focused primarily on the corporate segment: government agencies, banks, stock exchange players. RuVDS servers are located in our own state-of-the-art data center in Korolev, Moscow Region, and high speed and flexible tariff plans make web hosting very attractive to customers.
The Russian hosting provider RUVDS, with the support of Huawei, commissioned a containment zone of TIER IV reliability class in the Deltalis data center in Attinghausen, Switzerland. It is designed to provide clients with rental services for VPS/VDS virtual servers. Huawei acted as a supplier of the latest generation telecommunications equipment, as well as engineering solutions for organizing a virtual environment.
The implementation of the project in Switzerland allows us to ensure a high level of data security - technological and legal - as well as optimization of access speed for European clients due to the convenient geographical location of the hermetic zone (a modular unit of a data center of the highest reliability class currently). VPS services will be offered to both Russian and foreign clients of RUVDS. According to RUVDS Managing Director Artem Fedoseev, prices for the company’s VDS/VPS services in Switzerland will not differ from the current ones in the RUCLOUD data center in Moscow, which will allow clients to choose the most convenient location for them virtual server at one of the lowest prices on the market.
The company's long-term plans include creating a universal product, equally suitable for any purpose and at the same time affordable for all users. The site in Switzerland will allow us to offer a wider range of services to clients from a variety of industries.
Tags: Add tags
- Tutorial
Oh, how much has already been said about personal data! Internet entrepreneurs were especially excited about the localization story. And it is still not entirely clear how and to whom this 242 Federal Law applies. Therefore, my colleagues from B152 and I decided to look at everything using examples and offer data storage options suitable for completely different companies.
Let us recall that it came into force on September 1, 2015, although it was adopted in the summer of 2014. There is a lot of talk about it, but there is no judicial practice yet. Therefore, we will turn to the experience of foreign colleagues.
The essence of the law is that from now on legal entities that work with personal data of citizens of the Russian Federation are prohibited from collecting and storing this data abroad - they are obliged to localize databases on Russian territory. This law makes important changes to Federal Law No. 152 “On Personal Data,” which came into force back in 2007.
In terms of strict requirements for the localization of personal data, we are far from alone. In other countries, similar laws have been in effect for many years.
Vietnam
In 2013, Vietnam required owners of several specific types of resources (news, social networks and online games) to localize copies of data. Why this was done is not difficult to guess. Of course, to provide them to the competent authorities and facilitate the consideration of user complaints. The Vietnamese authorities have not introduced a ban on parallel processing of personal data abroad.
China
The Chinese took a more severe approach to the issue of cross-border data transfer, however, in relation to only one type personal information. Two years ahead of the Vietnamese, the People's Bank of China published a Notice to Banking Institutions on the Protection of Personal Financial Information. This document prohibited credit institutions from storing, processing or analyzing personal financial information received domestically abroad.
India
Also in 2011, the Ministry of Communications and information technologies of India has approved the Rules on Procedures and Practices. Such a vague title of the document implies very specific goals, namely, ensuring the security of special categories of personal data. The Rules define these very special categories; the list includes passwords, financial information (including bank account information or credit card), health information, sexual orientation and biometric data.
For these categories of personal data, a requirement has been established that their transfer to any other company or to an individual, located in India or in another state, is possible only if the latter provides the appropriate level of protection. And all this is possible only within the framework of the fulfillment of an agreement concluded with the data subject, or in case of obtaining consent to the transfer from him.
Malaysia
The final depth of our immersion in history today will be 2010, when the Malaysian Personal Data Protection Law introduced a ban on the transfer of personal data outside the country. Cross-border transfer of personal data is possible only if certain conditions are met and in a number of exceptional cases. For example: consent of the PD subject, the need to execute an agreement between the subject and the operator, the need to execute a contract between the operator and a third party that was concluded at the request or in the interests of the PD subject.
However, such innovations concern not only Asian countries. A ban on the transfer of personal data abroad was introduced in Australia, although only in relation to health data.
But against the backdrop of Federal Law-242, all the above-mentioned laws and instructions are children's fairy tales. Our law is more severe and specific.
Most of the controversy arises around the fact that this law prohibits the storage of personal data of Russian citizens abroad, but parallel storage, at first glance, is impossible to track. Moreover, the law does not contain legal instruments that solve this problem.
The Ministry of Telecom and Mass Communications clarified the issue of cross-border transmission. According to their explanations, personal data of citizens originally entered into databases on the territory of Russia can be transferred abroad in accordance with the provision on cross-border data transfer. The department also confirmed the possibility of providing remote access to Russian databases from the territory of other states.
Let's move on to practice.
There are no court decisions yet, too little time has passed. For now, we can only say that the changes affected all companies operating in the Russian Federation. What should they do and what should they do? How to organize your work now?First of all, there is no need to panic. Our colleagues from B-152 advise what to do next.
So, what to do if:
1. You are a foreign company that operates in the Russian Federation, including through a separate legal entity or branch.Option 1. Transfer data abroad in anonymized form.
This means that personal data will be located on servers in Russia, but each individual will be assigned an ID, which is transferred abroad. In this way, personal data is separated from the subject and cannot be correlated with a specific person. Microsoft offers this approach for working with its services and Microsoft Azure.
Option 2. Cross-border data transfer with storage of the primary current database on the territory of Russia.
As we have already said, the law does not prohibit the processing of data abroad, but only if the database in the Russian Federation is the most complete and up-to-date. That is, if the collection and storage initially takes place in a database on the territory of Russia, then personal data can be transferred abroad and used there. On this moment This is one of the most popular ways to localize personal data.
And the simplest option for its implementation is to use a buffer server in Russia. In this case, the data first goes to this server, and only then goes abroad. The position of the regulators allows this to be done, because the main requirement is met - the primary database is located in Russia.
Let us remind you that, from the point of view of the Ministry of Telecom and Mass Communications and Roskomnadzor, a database includes paper databases. For example, this could be a closet with personal matters employees in the form of a card index or a table in Excel.
2. You are a Russian company
The most obvious way is to transfer personal data databases, their processing, collection and storage to the territory of the Russian Federation, using Russian data centers.
However, options with cross-border transfer and anonymization are also suitable for you.
There is no separate liability for violation of localization standards. This means that Art. 13.11 of the Code of Administrative Offenses of the Russian Federation, which establishes sanctions for violation of the established procedure for the collection, storage, use or distribution of personal data. The fine for this is very small; for legal entities it is no more than 10 thousand rubles.
But this is not the only measure of influence. An alternative is the possibility of entering domain names and network addresses into the register of violators of the rights of personal data subjects. Which is perhaps more significant than a fine.
So, what needs to be done with the urgency of “yesterday” in order to understand which of the described actions to take:
Sources:
1. Savelyev A.I. Legislation on data localization and its impact on the e-commerce market in Russia. // Law, 2014, No. 9.
2. Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011. Indian Ministry of Communication and Information Technology.
3. Personal Data Protection Act, Law No. 709 of 2010, Official Gazzette of Malaysia, June 10, 2010, P.U. (B)464.
The Duma hastily adopted a bill on the storage of personal data. She accepted it on July 4, before the mass vacation. Moreover, it was approved immediately in the second and third readings. According to this law, personal data of Russians processed via the Internet must now be stored on the territory of the Russian Federation. Data centers and Rostec will receive new clients - this law is good for them. The project became known at the end of June. It was introduced to the State Duma by three deputies - Yushchenko, Dengin and Lugovoy.
The new law concerns all Russian citizens who provide their data when registering online, send mail or buy something. The law will not come into force immediately, but from September 1, 2016. This was done so that companies have enough time to prepare to work in accordance with the new law.
New law The Federation Council must still be approved and signed by the President. Perhaps it will be sent for revision. But a start has been made, and now many Russian companies are wondering what to do next?
What awaits the violators? They may be blacklisted by Roskomnadzor. This organization already has several such lists. These include pirated sites, sites promoting violence, suicide, child porn, and sites calling for extremism. Everything is clear with these lists - no one is against this negativity not being spread online. And if the company cannot due to objective reasons prepare for the new law? What then?
What motivated the deputies to introduce such a norm? The fact is that foreign services are required to provide data to American intelligence agencies. Consequently, the NSA owns data on all users on the network from Russia. Of course, there is nothing good about this. Well, otherwise companies will have expenses for moving servers, deputies don’t care: “These are business losses, nothing more, and there’s nothing terrible about that,” they say.
But it’s not just foreign businesses that will suffer from the server transfer. Russian services today use cloud technologies and data exchange - what to do with this? After all, this law will affect not only data storage services, social media and messengers, but also payment systems, online hotel booking, cellular companies and many other services. If the law is adopted in the form in which it is now, this will lead to the termination of many contracts with foreign companies. The same Aeroflot will not be able to sell tickets Moscow-New York-Chicago. This is not beneficial to anyone. Only server manufacturers will benefit.
Banks will also suffer from this law. Today, a lot of purchases are made via the Internet, and the client often pays for them with a bank card. Consequently, his personal data will definitely pass through companies that do not have servers in Russia. The conclusion is that everyone will break the new law. AND ABOUT. President of Citibank laments: “ New world was formed without this law, and it will be quite difficult to comply with the new norm, almost impossible.” Today, new innovative technologies appear every day. Introduction discussed for all adult Russians - it will be very convenient to submit applications online and receive various types of documents. What if someone intercepts this data along the way? There are plenty of questions about data protection, and not only personal ones.
As is known, the Russian payment system Not yet. It has been prepared since 2011, but there is still no system. The Central Bank is still selecting suppliers, and it is not yet known when this system will become fully operational. And without it, implementing the new law will be difficult, almost impossible.
The complexity of server migration is difficult to estimate - everything will depend on the architecture information system. Director of the legal department of the insurance company Pavel Chuikov believes that the ban on storing data abroad is a too excessive measure. It could have been limited to increasing control over the data processing process abroad. Then the regulatory authorities would have more opportunities to monitor these processes. Not all large companies use foreign services. For example, representatives of MTS and VimpelCom stated that their companies store information on the territory Russian Federation, and when exchanging data with foreign partners they use anonymized information.
In general, for some reason, some laws have been lying around for years, and they have not been adopted or discussed, and some, before they even appear, quickly mature and are eaten up like hot cakes. First reading, second, third - and the product is ready1 And then they start adopting amendments - our deputies will definitely not be left without work!
Question about information security appeared online last year. It was then that former American intelligence officer Edward Snowden spoke about the surveillance of Internet users by the NSA. Anti-terrorism amendments were adopted that limited Internet payments. Network services are required to store user data for six months and so on. However, not everything is so bad. Some companies will have time to prepare for the new law. For example, all airlines are waiting Russian system reservations - in two years it will definitely be ready.
Only data centers will benefit from the new law. There is free capacity even in Moscow. In the Moscow region, Technoserv is building a data center that will be the largest in the country. So in this regard, there should be no problems when transferring servers. The center is being built with the help of investments from large companies. They understand the value of data and that is why they are investing in this project.
In general, creating a new data center involves many difficulties. It requires huge financial costs and preparation time. It is unrealistic to build a new data center in two years, said a Yandex representative. The Russian search engine has always used services in Russia, and it is ready for the new law. Rostelecom also has its own network of data centers and its own cloud platform. He is ready to accept new clients.
As we see, the new law has both opponents and those who are not afraid of the law. One thing is clear - the law needs to be finalized in accordance with the amendments and comments that have already been made and will come, otherwise it simply will not work in full force. Just like the new 44-FZ. Amendments to it are still being accepted, a special working group for this. Everything is done in order to have become increasingly transparent and efficient. So there is still work to be done on the law banning the storage of personal data abroad. You can't drive a business into a corner. He's already peeking around the corner. Small and medium-sized businesses are especially affected. How long has it been individual entrepreneurs closed last year. Either tax rates will be increased, or some other ban will be introduced. You won't be satisfied with bans alone. We need to offer innovative solutions. Today, data is successfully protected using data encryption. What happens if some service is hacked and all the data leaks to an unknown direction? This is definitely worth thinking about. Deputies have work to do...