Data sovereignty is once again rising up the list of boardroom priorities. The three main drivers behind this – more stringent regulations, growing balkanisation of technology and new complexity in cloud storage locations – are coming together like never before. British Airways’ £183 million fine over a 2018 security lapse, Facebook’s almost £4 billion penalty for data violation, and tech giant Huawei getting caught up in the US/China trade war are all larger than life examples of the reality of these trends. And this is just as much an issue for small enterprises as it is for global corporates. No business is immune and everyone need to be clear sighted about data sovereignty.
The changing geo-political climate has led to cases of balkanisation (the process by which technology becomes separated by national or regional boundaries). The motivation for this are various and include a desire to protect citizens in the case of the EU’s regulatory scrutiny of Big Tech and Australia’s bid to store certain citizen data locally. On the other end of the scale are the efforts of Russia to build an isolated ‘sovereign internet’ in order to better control its population and to protect against malicious foreign state action. This fracturing means it is important that businesses are 100 per cent clear on which country their data is stored in and under what legal jurisdiction it falls under. With this in mind, I will explore the concept of ‘data sovereignty’ and the importance of choosing a reliable cloud vendor in these changing times.
Technology has evolved rapidly in the last few decades and has changed the way businesses innovate — be it via 5G, Artificial intelligence, the Internet of Things or Cloud transformation. With so much data at the heart of digital transformation, it is important that businesses store this data on a reliable platform. To handle new technology effectively many are now opting for hybrid or multi-cloud strategies. This adds an extra level of complexity into the mix. We all know that the loss or misuse of data, accidental or otherwise, is an existential risk for all business organisations. It can destroy reputations, result in significant regulatory fines, and cause serious organisational disruption. The threat is even more for SMEs who have limited resources but greater interests at stake. It is therefore important that UK businesses choose their cloud provider with the utmost care and intelligence.
More and more businesses are opting for a multi-cloud approach, and not just a single hyperscaler, to store enterprise data. That is because they realise that in case of a security breach, the ultimate responsibility of their data — wherever it be stored — is always with the end user. Another reason why business owners are increasingly opting for small cloud providers is because not only do they offer secure and reliable cloud services but also tailor them to suit the client. This personalised model is definitely not expected from the Big Five (Amazon Web Services, Microsoft, Alibaba, Google and IBM). Another big reason is how these niche vendors pledge to keep the data in certain jurisdictions and provide evidence to their customers that they are meeting those commitments. This has become massively important in the light of data sovereignty issues.
Data sovereignty is important and should not just be an afterthought when appointing a cloud provider. Cloud suppliers should also be able to easily adapt to changing sovereignty issues and adjust the storage of data easily. The only way businesses can avoid the pitfalls of data-related penalties in this heating geo-political climate is by having a clear sense of where their data is, and the rules to abide by for the success of their venture.
Written by Chris Burden, Chief Commercial Officer at Memset
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/