In IT, two goals that, at first glance, contradict each other are data protection and the ecological protection of our planet.

A lot is being done to keep the ecological footprint of data centers as small as possible; economical and energy-efficient. Server and storage solutions, and the relocation of entire data centers to climatically more suitable zones, is also on the agenda. But with the growing threats from cyber criminals and higher data protection requirements, efforts to ensure a ‘greener’ IT environment can be thwarted.

– Thinkstock / nongpimmy

Data protection is a must

But what exactly is the problem? The General Data Protection Regulation (GDPR) came into effect in May 2018, making it compulsory for all organizations collecting data relating to European citizens to put measures in place to make IT systems, and the data residing upon them, more reliable and secure. Its requirements for personal data protection are perhaps the most significant challenge.

This is because the regulation stipulates that data must be in encrypted form at all times. Encryption can be done either by processing systems or - better - by appropriate coprocessors. However, the additional computing power needed to achieve this also means more power is consumed, more heat is generated and more cooling is needed.

This has a knock-on effect in the data center, leading to increased energy consumption as a result of an increased need for more air conditioning.

However, this issue is by no means limited to the European Union. Other economic regions have used GDPR as a model, with the United States, Japan, South Africa and Israel - to name a few – developing similar plans with similar potential consequences.

Rising energy demand

The additional energy requirement for calculation and cooling is not the only challenge facing data center operators.

For a long time, many have put their faith in a storage environment that relies exclusively, or to a large extent on, solid-state drive (SSD) storage. Although these storage media are faster than hard disk drives (HDD), they have a significant disadvantage. They require much more storage space to store encrypted content. These All-Flash Arrays (AFAs) work with an inherent compression, deduplication and pattern removal engine to be able to map as much data as possible to their storage.

However, if the data is encrypted, as required by law, these patterns no longer occur. It becomes almost impossible to further compress encrypted content. As a result, the capacity of an SSD can actually be less than the official nominal capacity. This means that more SSDs will need to be used for encrypted data than for the same amount of information in an unencrypted format. The consequence of all this? More SSD storage inevitably results in higher energy costs for its operation (and associated cooling) as well as the initial acquisition costs of course.

Better use of technology

What could the potential solution to these challenges look like? It’s clear that the exclusive use of SSDs is not valid from an environmental point of view. Instead a better approach for many organizations is a lower dependency on flash, such as flash-optimized arrays which through machine learning minimize the amount of flash required, and leverage hard disk drives within a single storage pool.

In this scenario, flash can perform caching using its advantage in speed whilst the personal data stored, that must be encrypted, will not inflate the cost or the environmental impact of the storage medium used.

New rules impact company structure

For some industries, the new rules on the protection of personal data pose a significant challenge. In the medical sector, such as hospitals, where a huge volume of personal data exists, adhering to GDPR is much harder because they typically only have a very limited opportunity to expand or improve their IT infrastructure. They need to focus not only on the acquisition costs and the structural accommodation of the IT systems required to achieve GDPR compliance, but also on energy costs and the ease of administration to fit leaner IT teams. They must also ensure that their own IT can be implemented structurally in terms of energy supply and removal.

New awareness needed

While there is a very real need to balance the green agenda alongside being compliant with GDPR, what’s really needed is a new way of thinking.

The time has come to move away from the perception that IT exists in isolation to one where information technology and expenditure on energy are viewed as a single package. In many companies, these are often separate budget items with different responsibilities leading IT leaders to prefer short-term capex savings over long term energy (opex) savings.

However, if we take a holistic view, in which technology and resources are not seen separately, we should be in a stronger position to take the first step towards a ‘greener’ design of IT across the board - even with higher data protection requirements. Ensuring that a solid and coherent plan for a future-proofed storage environment has been put in place will be paramount going forward.