Data sovereignty is the idea that data collected or processed in a country or region must be subject to the laws of that country or region. This concept is related to that data residency, which defines where data is stored. Irrespective of this difference, data residency often aligns directly with the data sovereignty laws that exist in a country or region.
The growth of cloud computing has increased and complicated the data sovereignty implications of conducting international business, as has the growth and expansion of edge networks, services, and business models. For example, what are the data privacy, security, and sovereignty implications of a US company operating a data center in Europe or the Middle East while delivering services to users in the Asia-Pacific region? Data may be collected, processed, stored in, or transmitted to or from users, devices, and IT infrastructure in some or all of these jurisdictions. As pointed out throughout this series, ensuring compliance with the many data privacy laws and regulations of multiple entities and regions can be difficult. However, Tom Keane’s experiences – particularly his work as the leader of Azure, Microsoft’s cloud computing platform, and its expansion into dozens of countries and industry verticals – have shown how the benefits of compliance and the competitive advantage gained by being compliant while remaining lean and proactive when it comes to adapting to challenges and continuing to operate in different markets often outweigh the risks and costs.
Tom Keane on Data Privacy and Sovereignty at the Edge
All is well and good when your IT infrastructure does what it is supposed to do, but consider the fact that even when an attractive and clearly beneficial IT solution or strategy presents itself, it will inevitably come with important implementation challenges and risks. Suppose it is abundantly clear to a company that satisfying the data residency and localization requirements of a given region is of substantial long-term ROI, and the company opts to do whatever it takes – build a local data center, hire local experts, reposition IT resources, etc. – to make it happen. How can data sovereignty and privacy be guaranteed in such a scenario, especially when on-the-ground edge devices, sensors, and systems are involved?
Here are a few of Tom Keane’s recommendations.
Conduct comprehensive data audits: Compliance with data rules and regulations is only possible if you know what kinds of data you have, where it is stored and processed, where it is transmitted, and who has access to it. A comprehensive data audit would help clarify the kinds of data – and any related processes, access requirements, and risks – that are involved.
Uniformity is key: Keeping up with the data sovereignty laws of multiple regions will be an ongoing challenge, but complexity can be reduced by making the strongest of all applicable laws the operating standard for the company. As long as there are no direct conflicts between this standard and rules in other areas, adopting the strongest rule as standard would be ideal.
Apply data governance in the cloud: Tom Keane says that businesses and tech leaders should have continuous and automated risk assessment and mitigation at all times – all operated from the cloud. This would free resources for other high-value tasks and would ensure business continuity even when risks or operational challenges arise.
Consider international data sharing agreements: Even in the absence of specific laws in a business’s areas of operation, by looking at international data sharing agreements, businesses can gain a sense of the operations and capabilities they may need to develop and the kinds of risks and regulatory requirements that they may need to future-proof themselves against that they do not face today.
Adopt basic data protection measures: Tom Keane says that encryption, access controls, constant monitoring, physical failsafes, firewalls, and other data security and protection processes and provisions should all be used as standard.
Use trusted cloud providers with attractive data residency offerings: According to Tom Keane, one way to simplify data sovereignty challenges and address important data privacy concerns is to work with a trusted vendor that provides the data residency, control, and localization options you need. Working with a well-aligned cloud provider can also help businesses move to deployment more quickly than may otherwise be possible.
Stay ahead of the curve: Regulations and requirements change frequently, and the costs of compliance can quickly spiral out of hand if flexible and upgradable systems that are built and designed with changing future needs in mind are not used as part of your IT and cloud infrastructure.
Differentiate between control, management, and access panes: According to Tom Keane, while many data security and sovereignty rules and definitions are clear, there is still a substantial amount of creativity that businesses can use when it comes to being compliant with those rules while still resolving challenges and working around obstacles. For example, it may be possible to have local data that is only stored, processed, and transmitted to local devices or systems (for example, to comply with data localization and residency requirements), but it is possible for this data to be remotely moved or provisioned (not read or accessed) by a management panel that is not local. This will allow businesses to remain compliant while not being restricted in terms of management or decision-making.
There are many other innovative ways that data, data access, data management, and data localization can be split between users and entities, and systems can be built around different requirements and use cases accordingly so that local rules and regulations are satisfied while remote management is still permitted.
The Bottom Line: Embracing the Future of Data Sovereignty
Opportunities abound for growth, development, and value generation in the edge and cloud spaces, and the challenges that come with them are good problems to have. Forward-thinking business leaders will look to these challenges as promising opportunities for breaking existing molds, creating new business models, building new competitive competencies, and staying ahead of the pack.
From deploying edge systems and devices and creatively using them to address real-life challenges to leveraging the unique competencies of specialist providers and vendors and using the right tools and solutions in the right places, edge and cloud systems can provide business leaders with an unending supply of options. These options can be used for cutting costs, reaching customers, enhancing engagement, building trust, ensuring business continuity, and safeguarding business and user interests. Even in a world of rapidly changing rules and regulations that may seem restrictive, decision-makers always have numerous tools and business models at their disposal to overcome new challenges.
As outlined by Tom Keane, by understanding current and future needs, reviewing the available options, and choosing the right partners, platforms, and delivery channels, businesses can continue to grow and create value while remaining compliant. They can also guarantee the data security, privacy, and sovereignty that are prerequisites for successful operation in today’s global markets while proactively and effectively responding to new challenges as they arise. With the right systems and approaches in place, these businesses will also be able to effectively manage costs and expectations while enhancing their offerings and capabilities – whether those offerings and capabilities are defined as shorter response times, lower costs, deeper insights, or otherwise. In the final analysis, if there are any capabilities that edge, cloud, and IoT innovations are to deliver, those are surely it.
