Data protection is fueling sovereign cloud
Over the past few years, the public cloud emerged as an indispensable business utility similar to electric, gas and water. Unlike other utilities, the cloud serves as a repository of digital data, including sensitive and valuable information. Countries across the globe recognize the value of digital data and seek to establish sovereignty over their citizens’ data and within their boundaries. Accelerating and unstoppable data growth is likely to fuel the trend for more sovereign clouds. The amount of digital data created over the next five years will be greater than twice the amount of data created since the advent of digital storage.1
Unlike old suggestions about the need for a sovereign cloud per country, the heavily intertwined global economy moves towards industry-specific cloud solutions that address data protection requirements.
Data residency and sovereignty
The primary value of a sovereign cloud is that it ensures appropriate data residency and sovereignty across geographic regions and clouds. Data residency is the geographic location where customer data is stored and processed. On the other hand, data sovereignty refers to the fact that information is subject to the nation’s privacy laws and governance structure where the data is collected. When meeting both residency ad sovereignty requirements, the clouds offer businesses valuable benefits:
- Data protection and compliance with privacy laws governing data storage and handling. For example, a bank can use a financial services cloud while knowing that relevant rules and regulations are observed
- Business growth with confidence within and across countries and clouds. As data moves across borders, sovereign clouds ensure that data movement is consistent with applicable rules and regulations.
- Faster time to market with ready-to-deploy cloud presence without worrying about their operations.
- Efficient and scalable solutions that are secure and ensure continuous compliance.
Making a cloud sovereign
The rise of public and multi-cloud and the popularity of the SaaS model make the cloud the focus of data protection efforts and regulations. Public cloud services are forecast to grow 23.1% to $332.3 billion in 2021. At the same time, SaaS remains the largest market segment with a projected 2021 size of $122.6 billion.2
Cloud service providers need to embed data sovereignty throughout their environments to meet customer expectations and regulatory requirements. Three areas of cloud come to mind:
- Data sovereignty allows customers to prevent third parties, including the service provider, from accessing their data.
- Operational sovereignty means that the cloud providers’ employees and operators cannot compromise your workloads.
- Workload sovereignty or no vendor lock-in. Customers gain assurance that they can run their software wherever they need without dependencies on the service provider’s cloud.
Who needs a sovereign cloud?
- Global enterprises. The regulatory landscape is changing, and data protection requirements are being enacted in more countries. Ensuring that your data is compliant as it traverses national boundaries is a must. Examples of data and consumer protection rules are The US CLOUD Act (2028), China’s Cyber Security Act (2017) and the famous UK and EU GDPR (2018).
- Regulated industries. Many industries, including healthcare, financial services, utilities, insurance and telcos are regulated. Having a cloud that provides compliance with the relevant regulatory requirements is very helpful for ensuring proper controls and continuous compliance. Examples of industry-specific requirements are HIPAA, PCI DSS, BaFin and EBA.
- Governments. Governments worldwide have confidential information that they keep away from public eyes for national security and other reasons. Government sovereign clouds provide compliance with the strict requirements for security and operations, including who can work at the sites. The US government uses several clouds that meet its needs, including FedRAMP.
When considering the merits of a sovereign cloud, start with examining the capabilities of your public cloud provider. If your requirements are not satisfied, review the available industry clouds to ensure that your current business requirements and growth needs are satisfied.