Data sovereignty challenges in the cloud landscape

Data sovereignty challenges in the cloud landscape
(Image credit: Shutterstock / carlos castilla)

There are continuous developments in the tech space, which can make choosing cloud computing and cloud storage solutions and vendors an overwhelming experience. (Need I mention Scott Brinker’s famous martech map, which saw a growth of 13.6% in martech solutions alone in 2020).

About the author

James Hirst is COO and co-founder at Tyk.

So it’s no wonder that some decision-makers feel like flipping the research aside and crowning one solitary cloud provider to reign over their global domain.

Rather than by choice, some decision-makers have felt they’ve had to do this due to a lack of clear options. Consolidation is trending, particularly among large cloud providers, who are either buying up or wiping out smaller local offerings. A monopoly in this space would certainly see customers locked into dependencies, and cause a wave of anti-competitiveness across the market.

However, for me, one of the greatest threats of this consolidation is data sovereignty, which is a throbbing, unrelenting headache for businesses looking to operate and comply with legislation across borders.

Increased legislation

Increased data usage comes with increased legislation – and what this entails differs between regions. Data is subject to the legislation of whatever country it resides in, and this can bring a lot of complex considerations into the mix. It may mean the laws you need to adhere to are different to those that apply to the country you’re based in, and are therefore less familiar.

It’s also problematic when we consider that data within the cloud isn’t static – it’s continuously moving between users spread across the world, often through the use of Application Programming Interfaces (APIs). This means data will have to adhere to multiple regional legislations at the same time.

The real spanner in the works is that these national and international data laws aren’t always compatible with one another, in some cases they’re even contradictory. As a result, it’s very easy to get tangled in a web of data protection infringements. In some countries, like the US, this could well end in a million-dollar lawsuit.

It’s the penalties of not knowing the nuances of data regions that’s beginning to push businesses away from consolidated providers and towards smaller localized providers. By accumulating a number of localized providers, a business can ensure their approach to data management is refined enough to comply with the different data legislations around the world.

Increased data awareness

The greater emphasis on data within businesses has also heightened the attention data privacy is receiving from the public. Big milestones in the legal world, such as Europe’s GDPR, have no doubt cemented this. But of course, this has created more customer expectations and greater accountability around how businesses manage their data.

This is an additional pressure on top of the immense difficulties in getting data management to align with regional legislation. However, despite the challenge, it’s always best to operate in the light.

Be transparent with your customers on where their data is and who can access it. It’s inevitable that customers will expect to know more about where their data is, and this is likely to mark an increased demand for domestic data storage as opposed to overseas.

Customer awareness isn’t something you can prevent, if anything, it should be embraced. Prepare your systems with formal processes that can handle Freedom of Information Act requests. And regularly assess the risks to your data and ensure you have experienced lawyers that can draft your privacy policies.

Larger data vaults

There may have been a time when your business didn’t have that much data, so it didn’t take long to manage. But data is reproducing at lightning speed. Big data vaults means there’s more to organize, which of course makes more room for mistakes. As data grows it’s only going to demand more of your time.

Consider everything your business comes into contact with that requires data. It’s time to up your management efforts if you’re going to stay hot on the legislation. In a lot of cases, as we’ve mentioned, this will mean partnering with localized providers that can navigate nuanced legislation depending on the whereabouts of your data.

A republic of cloud providers

There are so many challenges in the data and cloud industry that can’t be solved through one fell swoop. Asking one cloud-provider to solve all of these issues is a bit like asking a GP to carry out an X-ray or heart surgery. They have the medical knowledge, but they don’t have the same level of experience or specialty. Instead, you’d use multiple doctors, with each one’s expertise aligned to the job at hand.

It’s this same concept that’s driving the need for a cloud-native approach. Rather than having a single sovereign, have an entire republic of cloud providers – each one specialized in their field.

Having this set-up means a business can access data centers that aren’t covered by their primary cloud provider. It also provides a cost- and resource-saving through reduced prices and specialized offerings which just aren’t available with larger vendors.

A multi-vendor approach also mitigates risk by spreading it out – something especially useful as the market remains in such a turbulent position. The EU seems to share this sentiment, urging businesses to partner with local cloud infrastructure to gain better protection for both themselves and their consumers.

Of course, taking a multi-vendor approach will come with its own set of challenges. For example, one key area will be careful consideration of your API management to ensure data remains connected.

However, as I see it, data sovereignty has the potential to jeopardize not only the safety of a business, but the safety of its customers. Protecting customers and future proofing the business is the priority, and this means dethroning one primary vendor, and creating a republic that can ensure every aspect of a business is covered.

James Hirst

James Hirst is COO and co-founder at Tyk, the cloud-native API Management platform.