Navigating data sovereignty through complexity – Information Age

Laurent Michel, director of public affairs at Platform.sh, looks at how businesses can effectively navigate data sovereignty

Data legislation across the world can be difficult to navigate.

Where is your data? This was a simple question to answer not too long ago, when you could simply point to a server. Today, its far more difficult, and not simply because of the cloud.

Businesses do not build their online presence overnight. It grows as the company grows and new needs arise. More developers get involved, and data flows may not be as clear as they once were. Once a business becomes a multinational, the problem can quickly get out of control. Add all this in with political uncertainty and the software tools available today it makes it very difficult for companies to try to innovate while maintaining data governance across all websites and web applications.

Data sovereignty is the concept that data is subject to the laws of the country which it is processed in. In a world where there is a rapid adoption of SaaS, cloud and hosted services, it becomes obvious to see the issues that data sovereignty can have.

In simpler times, data wasnt something businesses needed to be concerned about and could be shared and transferred freely with no consequence. Businesses that also had a digital presence operated on a small scale and with low data demands hosted on on-premise infrastructure. This meant that data could be monitored and kept secure, much different from the more distributed and hybrid systems that many businesses use today.

With so much data sharing and lack of regulation, it all came crashing down with the Cambridge Analytica scandal in 2016, promoting strict laws on privacy.

Frederik Maris, vice-president, EMEA at Splunk, spoke to Information Age about the split European perceptions around data. Read here

The concept that data may be subject to the laws of more than one country presents mounting challenges for organisations. The General Data Protection Regulation (GDPR) is one such regulation that sent shockwaves throughout the world of IT. The regulation applies to the processing of EU residents personal data, regardless of where that processing takes place. If a company is not GDPR compliant, it risks regulatory fines of up to 20 million or 4% of global annual turnover (whichever is greater).

Fines are no empty threat either, over the course of 2020 more than 220 fines for GDPR were handed out. Though even with this threat, many companies still struggle to manage their own data strategy.

GDPR was the first major data compliance regulation but is not the only one. As businesses operate more internationally, they will need to be aware of the data policies from the region they are collecting from and where they are storing it.

When dealing with on-premise infrastructure, governance is clearer, as it must follow the rules of the country its in. However, when its in the cloud, a business can store its data in any number of locations regardless of where the business itself is. Its down to the business to make sure it is aware of where the data is being secured and that it is compliant wherever it is.

Many small businesses take advantage of the cost savings associated with large cloud hosting providers such as Google and Microsoft. When looking at this in the context of sovereignty, it begs the question over who is responsible for its governance. To make matters more complicated, cloud vendors dont always inform customers of the regulatory stakes of selecting one cloud region.

Azure for example operates on a shared responsibility model where depending on the service a customer is using they could be part responsible for a breach or misuse of data. As cloud usage increases, its important for teams to be fully aware of their responsibilities to avoid any issues.

Jack Watts, EMEA leader, AI at NetApp, discusses the need to double down on cloud deployments when it comes to the AI journey. Read here

Gartner predicts that cloud spending will reach $332 billion by the end of 2021, so with more complexity in the future and likely more regulation, businesses will need to get a tighter grasp on their data. Heres a few ways that they can do this:

As countries begin to adopt more complex data governance policies, the job will be on CTOs to navigate through this complexity and make sure that they have an accurate view of the whole business cloud environment, to ensure they are secure, compliant and responsible. Ultimately, selecting the right partner that offers solutions that combine performance, price predictability and total sovereignty over data to support growth is imperative.

The rest is here:
Navigating data sovereignty through complexity - Information Age

Related Posts

Comments are closed.