Data sovereignty, an idea that certain data is subject to a country’s laws and where it is stored within certain borders, is becoming more of a challenge for businesses as they move to the cloud. According to Deloitte Tech Trends in 2018, in the next 12-24 months, companies will begin to modernize the way they approach data management, with data sovereignty being a major growing trend. Certain geographies, such as Europe with GDRP regulations, have very strict data sovereignty regulations in place — including where the data is located and what rules it is subject to. These regulations can present a major problem for organizations due to the fact most companies are executing a cloud-first approach. Fortunately, a hybrid cloud approach can solve many of the challenges posed by data sovereignty. Businesses can maintain status quo with their own customers while following regulation laws within their country. By choosing a hybrid cloud solution, organizations can tackle the problem of data sovereignty with their own private, on-premises environment without losing the benefits and speed of the cloud. Companies can choose which applications and data they want to deploy to the off-premises cloud and what data they need to keep on-premises. More and more organizations are adopting a hybrid cloud that is compatible with their public cloud provider, providing the best of both worlds: the security of a private, on-premises cloud combined with the benefits of a public cloud. This takes care of the data sovereignty dilemma. By taking this a step further, a customer can deploy a hybrid cloud that is API compatible with their public cloud of choice, which makes things even easier. With Microsoft Azure Stack, customers can take advantage of writing applications once and then deploying to either their on-premises environment or the Azure public cloud. ViBiCloud’s Vice President of Commercial, Frank Hodyson explained, “Some customers were looking for a solution that could handle high-performance analytics resources that ViBiCloud couldn’t provide on the public cloud.” With Azure Stack, ViBiCloud’s customers were able to access the power of a hybrid production environment where they can run intensive Azure consistent workloads more quickly on a private cloud. They can also sync to mirrored Azure services on the public cloud while staying within data sovereignty laws.
Data Sovereignty is the concept that when the data is stored in any outside country it is subjected to the laws of the country where it is stored. Countries such as Canada, Germany, and Russia are drafting to the strict data residency and Sovereignty laws to remain the data in their own country in order to protect their citizen’s personal information.
In the world, the countries have different jurisdictions with different rules and claims on data. These rules might depend on where the data is stored, and who own the servers that host it, or what type of data that’s being stored.
Cloud storage services have been increased in popularity in recent years. These services mostly store their data in another country or the jurisdiction due to the technical reasons. Then that other countries might not have stringent data privacy rules than the original country’s jurisdiction. For global companies to the data storage issues data sovereignty adds another layer of complexity. These countries should persistently monitor the regulations for each involved country and work with the cloud providers to implement appropriate data security and governance infrastructure policies.
Now, the country Russia a recent law mandates the personal data of Russian Citizens must be stored in the databases which are located within the country itself. Currently 20+ countries also considering similar privacy laws. And , the EU data privacy laws also already restrict organization’s from transferring personal data that belongs to Europe in any other country with inadequate data protection laws. The introduction of General Data Protection Regulation (GDPR) and the impact of laws across the world that have stringent requirements around data sovereignty will drive the organizations to have data centers in multiple regions to store the data locally and minimize the impact of these kind of new regulations. And these enhanced data privacy requirements are very necessary for organizations who would otherwise risk the consequences of non compliance they may include possible fines of 20 million Euros or 4 percent of annual revenues, whichever is higher.
There are many reasons such as data privacy, cyber security, protectionism, and economic growth that policy makers cite when storing the data for regulation it may be general or industry specific regulation. Consolidated Audit Trial (CAT) in the United States on America requires the companies to log every security transaction and also ensure the accuracy of timing services at the nanosecond level. The Markets in Financial Instruments Directive in the European Union impose new reporting requirements and they test on investment firms. Hence, the risk is amplifying in certain industries. In heavily regulated industries such as financial services there is a need to consider the benefits of adopting cloud to be carefully weighed against the risks such as security, data privacy, and compliance requirements. So, the landscape will grow increasingly complex for cloud providers and more costly for customers.
With the high volumes of information need to be readily accessible to the employees, customers, partners and auditors around the world, it is important for the organizations to reconsider how they protect their personal data securely.