This year, the European Commission proposes to set a goal to at least triple the EU’s data center capacity within the next five to seven years, to support the growth of the region’s self-sufficient digital economy.
Concurrently, Europe’s leaders are prioritizing sovereignty to bolster confidence in Europe’s IT infrastructure amidst widespread concern over the security, governance and control of data held here.
Managing Director UK at Leaseweb.
The stark reality is that knowing precisely where any organization's data is stored, and what country’s laws govern this, is now a matter that needs action at the most senior level in light of the uncertain economic and geopolitical global climate.
Ignoring this could have a painful impact on businesses which do not have a sound strategy in place, including fines for non-compliance, along with business disruption and damage to stakeholder trust.
A sovereign European cloud for the long term
More urgency to establish Europe’s own sovereign cloud services has been spurred on by recent trade policies, notably the announcements on US tariffs. Not only have these sent shockwaves to the world’s markets, but these also highlight that the European economy is vulnerable to decisions taken outside of its jurisdiction.
There are major concerns amongst business and IT leaders that there is heavy reliance on the large cloud providers headquartered in the United States, with specific fears that Europe’s data is not safeguarded enough against foreign intervention.
US laws like the CLOUD Act, which could oblige American providers to hand over data to authorities regardless of where it is physically stored, highlight the distinct legal ambiguities around cross border data governance and security.
Although the hyperscalers are on board with finding a practical solution, Microsoft was recently reported in France to admit that it could not offer any guarantee of immunity from the CLOUD Act for data stored within EU boundaries.
And recent research in the UK found that more than half of the country’s IT leaders plan to reduce reliance on US-based providers, with 45 percent actively looking to limit exposure to US jurisdiction.
In this environment, locally governed data storage providers are likely to become increasingly attractive. But with only 15 percent of the European cloud market made up of regional providers, there is a substantial shift needed before dependence on US cloud providers can be reduced significantly.
Programs such as the IPCEI-CIS (Important Projects of Common European Interest on Cloud Infrastructure and Services) are aiming to fill this gap, by developing a secure, sovereign cloud framework that complies with EU regulations like GDPR.
Ultimately, this will ensure that data physically stored in Europe’s boundaries is under local governance, and that cloud services are fully regulated to deliver this.
Getting board level action
Understandably, IT professionals are focusing on the clarity of their data governance policies along with putting robust data storage provision in place for their organizations. But this is not just the responsibility of IT management. To implement an effective data sovereignty needs board-level engagement.
Ultimately if senior leaders do not recognize the potentially serious legal, financial and operational risks, an organization could be subject to large fines, legal action and long-term damage to reputation.
Every size of organization can expect closer scrutiny from customers and other stakeholders about the location of their data and what jurisdiction applies. For larger businesses, this means involving legal and finance teams to design granular visibility and control over data handling and storage processes.
Even smaller organizations will need to be clear on the legal governance of the data they hold and manage – for many, this could be a real challenge given that smaller enterprises do not have access to the scale of technical and legal resources that large companies have at their fingertips.
A practical alternative is turning to third party cloud providers for guidance. These providers must rise to the challenge and be prepared to give precise detail about data residency. References to following best practice are not good enough.
Instead, a provider should be able to confirm that data is held in a specific country, for example, a data center in Belgium. If something is vague, or lacks enough clarity, then action must follow to correct this.
Is repatriation the answer?
Repatriation is a viable option for organizations wanting to secure specific data sets and workloads, using on-premise servers or private clouds instead of public cloud. It enables an organization to control access to data and ensure that it aligns with local legislation.
For example, when an organization chooses to repatriate sensitive or business-critical data, it can better protect that data from third-party risks and foreign government intervention.
As an indication of its popularity, IDC found that around 80 percent of IT professionals expected some level of repatriation in data and workloads. Another survey of CIOs substantiates this trend, finding that 83 percent of senior IT leaders planned workload shifts away from public cloud last year.
However, this data migration is not a full-scale abandonment of public cloud – for most, it is an informed and considered approach as part of a broad cloud strategy. It indicates a maturing approach to cloud services, where adopting hybrid infrastructures provides each organization with fine-tuned flexibility, scalability and security.
Building a strong digital economy
In short, a clear data sovereignty strategy is now a pressing business priority that every organization, large and small, needs to put in place. Although the approach will vary, the goal is the same – achieving precision and confidence in how data is stored, handled and governed.
Many will benefit from a partner to help design and implement the right infrastructure and policies best suited to individual business requirements.
The right partner, delivering proactive consultancy, that can guarantee the details of data residency, and reassurance on compliance will make a difference to being sovereign ready or not.
Getting clear answers now is a decisive step in which European companies can contribute towards a more independent digital economy, solidly founded on sovereignty, innovation and trust.
We list the best cloud storage providers - and not just the big 3.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.