@Mitsos did you read liitleskunk’s response to me?
I did. I read that since there are other regions outside of the US that don’t need SOC2 and since there are customers within those regions that don’t even need ISO, but only need geofencing to comply with GDPR, there isn’t any point in talking about SOC2 and EU.
What did you read?
Edit:
Just so we don’t have any misunderstandings, there are people that are literally paid thousands of $ per hour to understand the difference between:
- and
- or
- and/or
4 Likes
What did I read?
- That SOC2 is not needed.“nobody outside the US cares”
- AFAIR the commercial program only accepts operators with at least a petabyte of storage, so yes. But they’d need to be SOC2-certified.
- There is also should be a demand of the EU analogue of SOC2 (ISO 27001)
Guess where most large enterprises are based? That is where most of the available data sits today.
And how does any of your points show that:
?
And how does any of your points show that:
“We talked about the fact that most companies in europe” implies that only European guidelines matters. Seems like tunnel vision to me.
I think he was coming at it from a different angle. Like I worked for a Canadian company and we were allowed to store corporate data in Europe because the standard data privacy protections were pretty comprehensive. We absolutely could not store data in the US without making sure the US provider had specific certifications and contract provisions.
It’s not that SOC2 doesn’t matter: it’s very important for US entities because the default data privacy regulations in the US are so craptacular. The default protections in Europe are stronger… so certification-shopping is not as important.
6 Likes
I am extremely familiar with privacy regulations around the world.
One should not compare SOC2 to any security certification or compliance requirements.
SOC2 is an attestation of audit, it was designed so that companies do not need to visit businesses that provide compute services. It is focused on processes around governance.
ISO27001:2013 is simply an international standard recognized around the world for protecting computer networks. The US analogue (used primarily for US companies that want to satisfy US Federal security requirements) is NIST CSF 2.0. Both frameworks are similar and attempt to accomplish much the same purpose.
However GDPR is how the EU protects privacy, and it requires security protection, which ISO27001 can provide. I worked in a US based global company and we were GDPR certified because we had the appropriate controls in place to protect EU (citizens) data privacy. There are other privacy controls required in some US states (CCPA) and other nations (PIPL in China for example) as well as other data requirements such as Russian and Chinese data localization laws.
4 Likes
littleskunk said that “since most companies do not need SOC2 in EU, there isn’t any reason to talk about SOC2 in EU, exactly because it is not relevant to most companies in EU”. You simply misunderstood what he said. That in no way, shape or form “implies that only European guidelines matter”.
2 Likes
The list of other regions is in the first post. South America, APAC and India.
1 Like
Could someone explain the implications of the recent changes? I understand that a fairly large portion of stored data by SNOs will be synthetic with TTL. This data will be periodically deleted and new data will need to downloaded. Is there an estimate how much such data will be circulated? I mean will there be a correlation to the capacity and/or stored customer data by the storagenode?
The updated requirements for running a storagenode revised the monthly volume of transferred data in a very significant way. Now it is required to be able to transmit 1.5TB of data / 1TB of capacity. There are a couple of questions that need clarification. What is meant by capacity? Is it the total reported capacity of the storagenode, e.g. a 20 TB HDD or the amount of already stored data? In general, what should a home SNO expect? How much data will be transmitted / storagenode, TB of capacity, TB of stored data (not sure which metric is the most relevant)?
1 Like
There’s a table in the first post showing capacity targets per region. Like if the Global target is 20PB… then I’d expect uploads at a rate that can refresh 20PB every month. (and I hope they’ll consider a more reasonable TTL: like 3 months)
How much each SNO gets will depend on their region, and speed: as performance is now part of node selection. That’s going to vary so much I doubt they can provide estimates. Have a faster setup: expect to win more uploads: which would earn you higher payouts.
This is mean that you preferable should not have a cap on your bandwidth, or at least have 1.5TB available bandwidth per node/per disk on the same internet connection.
To tell the truth, I don’t see much sense in the comments that indicated that traffic would increase, but based on the expiration of parts every 30 days (for example).
With this procedure what would be achieved is to saturate the connections of many people and those who have more than one node in the same place will be in trouble because it will never be filled.
It was said that people who can have more than 1Pb can opt for the commercial network, potentially I could be interested but I have seen the requirements and I think they are too high for the housing I can access, not because of the storage, but because of the specifications of the infrastructure.
You should see this from the customer perspective. They have some files that they want to store for a short time and a TTL is perfect for that. Just pay for the time it should be stored in the network and easy cleanup with no extra costs. Other providers don’t like that and charge the customer a minimum time even if they delete a file after a short time. They still get charged for a full month or so. That can get real expensive without a TTL.
2 Likes
Yes, of course, in the end the customer chooses his storage strategy. The problem in the end is that all internet connections will be saturated.
And right now I have a doubt, if a client uploads, for example 1tb, as soon as he finishes uploading it, he deletes it and before the 7 days that it is stored in the trash he can recover it?
If he performs this same procedure continuously, he would not pay for the storage used because I want to believe that the trash is not paid, is this possible?
No this is not possible. The customer can’t restore a file from trash.
5 Likes
And I understand why… 
1 Like
1 Like
It has a different TTL, 14 days, 1 day (someone reported), 30 days and 99 years (or more).
You may check your databases to be aware of the exact numbers.
I just searched what is other reported.