In the last few years, the volume and value of digital data has skyrocketed. Amidst ongoing digital transformation (opens in new tab), modern organizations and nation states are increasingly reliant upon digital platforms as part of their operations, with intellectual property predominantly existing in a digital form. Whilst digitalization has brought considerable opportunity, there’s no reward without risk: the theft of data (opens in new tab) is a very real one that organizations are facing on a daily basis.
Rob Elliss, VP of Sales, EMEA at Thales (opens in new tab).
Cyber-attacks are on the rise, with our recent research showing that one in five businesses have paid or would pay a ransom for their data. It’s clear that the data, hardware, and software (opens in new tab) that we rely upon and create are becoming increasingly high-risk, and therefore increasingly protected, commodities.
With The World Economic Forum estimating that over 92% of all data in the western word is stored on servers (opens in new tab) owned by US-based companies, there’s been an escalating anxiety over the location and ownership of such data. Indeed, the fear of foreign entities compromising sensitive data has meant that ensuring it doesn’t fall into the wrong hands without permission has become a heightened priority for many.
What’s more, until recently the misaligned jurisdictions of the EU’s GDPR law and the US’ FISA act invalidated the US-EU Privacy Shield, the legal protection umbrella that formerly enabled global enterprises to safely work and transfer data between the European Union and the United States. Although The European Commission and the United States recently announced a new Trans-Atlantic Data Privacy Framework to sufficiently manage such data exchanges, compliance within this ever-changing situation remains an overwhelming challenge. Indeed, with 1,800+ global compliance laws in force, the protection, privacy, and exchange of data sits within an incredibly murky landscape at present.
This general nervousness and surge in regulation in recent years has ultimately prompted a shift towards localization and the home ground containment of data. Tech giants are already building localized data centers to circumnavigate geographical barriers to business, whilst also benefitting from having the ability to store and access their data within their own country – providing complete oversight. With this data management trajectory set to continue, the issue of data sovereignty and digital destiny remains a multifaceted one.
Indeed, organizations must navigate the rollout of cloud technologies and the UK’s divergence from GDPR as both challenges to and enablers of localization. Amidst this backdrop, there’ll not only be a move towards data sovereignty, but also an expectation of operational and individual sovereignty as a pre-requisite of data exchange, with consumers and organizations alike becoming progressively data-literate.
Cloud deployment strategies
It’s no news that the last few years have seen a substantial increase in cloud investment across organizations and nation states, with it almost unanimously considered a future-proof technology. In fact, 32% of IT leaders recently stated that around half of their workloads and data resides in external clouds. But to support the shift towards the localization of data, there will be an even greater push for investment in the cloud infrastructure of nation states, driving forward their ongoing digital transformation journey.
Hosting data within native cloud networks and data centers, rather than outsourcing from outside of the UK, will give both governments and businesses alike that much-desired autonomous, centralized control over their own databases. This will empower them to avoid the complexities of cross-border data exchange to their greatest ability.
Divergence from GDPR
The issue of data sovereignty has become a hot topic of considerable debate as of late. As a result of Brexit, the UK has become increasingly interested in the effort to take independent control of how data is used and stored. However, any new regulation would need to allow for free, easy, and secure transfer of information across international borders. With the UK still set to pave its own way, this could mean a huge overhaul of current business processes, and companies with data in both the EU and the UK will need to rethink how they tackle compliance.
With the globalization of organizations on the rise, and the number of distributed workforces higher than ever (partly as a result of the pandemic), CIOs are grappling with how to secure their business’ data across borders. The challenge is therefore not only where the sensitive data resides geographically, but also who has access to it.
This complex landscape throws into question the access allowances for international and remote employees (opens in new tab) residing across borders, the deployment of select data in certain regions, and the ability to physically move data, contracts, and hardware across boundaries.
With businesses unsure whether third party cloud service provider can sufficiently ensure compliance with data residency requirements, many will turn to in-house containment and will begin to migrate their workloads to reside within their own organization.
For those who don’t have the capacity to make this move, the pressure will be on for cloud providers and tech vendors to enable their clients to have adequate operational and software sovereignty of their data. Organizations will demand complete visibility and control over their data, as well as oversight of where it’s located. From a software sovereignty perspective, organizations will strive to store and run their workloads without dependence on a provider’s software to maximize performance, flexibility, and overall resilience.
With consumers becoming increasingly data-savvy and more aware of the challenges at stake, individual data sovereignty is on the horizon. Individuals will become increasingly empowered to take control of where their data is and how it is used, strengthening the correlation between identity and data protection.
Some steps in have already been taken in this direction, GDPR already provides individuals with a certain amount of power over their personal data, as well as holding organizations to account for what they do with an individual’s data. However, this is likely only the beginning. In a predominantly digital world, individuals are increasingly aware of the immense value that their data holds, and the importance of protecting it.