Cloudflare aims to be data localization compliant by end of 2022

American cloud-services provider, Cloudflare, runs one of the world’s largest content delivery networks (CDNs), which is used by companies like India’s largest brokerage firm Zerodha, payment services provider BharatPe and more. The name doesn’t always ring a bell for everyone, but Cloudflare servers see interactions from almost every internet user at some point. In an interview, Jonathon Dixon, managing director for Asia-Pacific, Japan and China, and Samuel Sathyajith, country head of India and SAARC at the firm, discussed its plans for India. Edited excerpts:

For a CDN operator that distributes content across the world, how do you deal with the idea of the ‘splinternet’ and restricted flows of data between countries?

Dixon: Cloud operators will need to increasingly make sure that compliance with local laws — such as Europe’s General Data Protection Regulation (GDPR) — are upheld, while enabling enterprises to operate globally. To do this, storage of personally identifiable information (PII) must always be done within the country of origin. In an ideal world, we all want a free and open internet — but the division of borders in data transfer is inevitable, and compliance for any operator would be mandatory.

So, if India adopts a law mandating data localization tomorrow, would a service like Cloudflare be compliant with the same?

Dixon: We have already invested in taking steps towards achieving this goal, and a lot of data processing and distribution on our network is already done locally for our clients in India. In terms of achieving complete data localization, we will be fully compliant for data localization in the country by the end of this year.

Would this also lead you to increase your data centre capacity in India?

Sathyajith: We already have plenty of capacity for our India data centres. We have 23 data centres in India, and each facility already offers edge facilities. The end objective is to reach a stage where we are closer to the place where the data is being processed. As a massive number of businesses come online in India — including both existing businesses migrating to cloud, and new, cloud-native businesses — it will be crucial for service providers to be closer to the source of the demand for all this data.

Since you mention small businesses, do you see these smaller enterprises pay more attention to cyber security now — than about a year or two earlier?

Dixon: Absolutely. There has been a growing amount of interest and activity among chief information security officers (CISOs) of companies across all sizes and industries — in terms of the sophistication and dexterity of cyber attacks around the world. Among companies in India, more CISOs have been stating that the issue of cyber security has grown to become a boardroom issue, where top-level company management are now involved in discussing problems and solutions around cyber security.