Our announcement earlier this month of our EU launch is an exciting moment for Airbyte. It’s the product of several months of effort to ensure the company and Airbyte Cloud complies with GDPR, adheres to the ISO 27001 standards, and that in-region processing is available for customers who want their European data to stay in Europe. With all that work under our belt, we could be forgiven for patting ourselves on the back and resting a while. But we won’t! Because what makes the EU Launch such a milestone is that it’s an architectural leap for our product with enormous potential for our data protection capabilities – and we’re too excited to slow down now.
The Architecture of Multi-Region Cloud We’ve known for a while that we’d launch an EU version of Airbyte Cloud this year. We have many European users and we’ve fielded a great deal of interest in a GDPR-compliant version of our software. We were more than happy to oblige. It’s a great growth opportunity to support our customers, and it’s a great opportunity for our product development as well.
Releasing a multi-region Cloud solution gave us a way to validate the functionality of what we call a “dual plane” architecture. Our “control plane” and our “data plane” are conceptual, so without going into detail (you can read more here if you’re curious), what we mean is that we’ve separated the oversight of the data pipelines from the pipelines themselves. This architecture lets us conduct administrative management of accounts and connectors on a GCP instance in one location, while the operation of connectors and the processing of data through them can happen anywhere. Starting first with an AWS option in Paris.
So What’s Next? Airbyte’s Hybrid Model Now that we know this works, an obvious next step for us is compliance support for other regions with data residency requirements. We could also expand into more complex regulatory frameworks to support regulated industries like healthcare or financial services. If that’s what you’re thinking, then you’re right; planning for these is already underway. But this planning is happening in tandem with Airbyte’s larger product goals, the next step of which is a hybrid version of our Open Source and Cloud software.
This hybrid model will leverage our new dual plane architecture to support a managed service in which our customers’ data can be processed on a Cloud provider of their choice, in a location of their choice, or even within their own network so that it never has to leave their data environments. This is as exciting for the data protection team as the EU launch because it gives customers even more flexibility in the application of their policy, regulatory, and compliance requirements.
Hybrid Model = Better Data Protection As a data infrastructure software, we’re acutely aware of the responsibility Airbyte has to ensure we offer the best mechanisms to safeguard our clients’ data. We’ve previously publicized our early and continued investment in data protection, demonstrating that commitment with our SOC2 Type II report earlier this year and our ISO 27001 certification in November. Our data protection roadmap over the next year is packed with security and privacy features and compliance goals that we know are important to our customers and their trust in us – role-based access controls, auditable logs, and multi-factor authentication among them. And yet our data protection goals are more comprehensive than particular features. The hybrid model to come helps us achieve our primary data protection goal: to offer our customers the greatest control over who processes their data asset and when, where, and how that processing occurs.
So here’s to Airbyte’s EU launch – to the many more customers we can support and the many more choices we can give them in the future.
