Cloud sovereignty is fast becoming an integral part of governments' national policies around the world. It is as much about safeguarding data as it is about helping meet the complex governance issues facing companies across sectors. Adopting this more structured approach to data could positively impact everything from promoting social values, improving environmental conditions, and creating new digital borders.
At its core, a sovereign cloud can help organisations improve data control, benefit from enhanced cloud security, gain fresh business insights, strengthen compliance, and enable growth. All this is done through attaining a level of data portability that was difficult to achieve previously.
For their part, sovereign cloud providers are focused on enabling enterprise customers to benefit from the cloud while helping ensure data privacy and compliance. They are responsible for understanding regulations and laws built around this evolving landscape. A critical element of this is having structures in place to manage where data resides geographically and affect the necessary cross-border data flow when required. And while this might seem like a box-ticking exercise to ensure data sovereignty, data residency, data access, jurisdiction, control, and more are met, there are also business enablers to consider.
As a reminder, the concept of a sovereign cloud is based on data residency (the physical geographic location where customer data is stored and processed) and data sovereignty (the information subject to the privacy laws and governance structures within the country where the data is collected).
Those service providers that can deliver a sovereign cloud that delivers on both these pillars can help businesses accelerate their growth. At the same time, the cloud service providers can also contribute to strengthening the national capability for digital infrastructure with a level of resilience that was difficult to achieve before. Countries, both at public and private sector levels, therefore require digital capabilities that prevent them from becoming reliant on foreign cloud providers and other operators when it comes to data processing.
But cloud sovereignty is not just about the technology being used. Driving this is a framework of guiding principles, best practices, and technical architecture requirements. These are essential for delivering cloud services that remain compliant with the data sovereignty needs of the country in which that cloud operates. For instance, South Africa's regulatory environment is significantly different to that of the United Kingdom and the United States. What works in those jurisdictions might not apply to local service providers.
For the cloud provider to achieve this level of sovereignty, there are two phases to consider. Firstly, putting in place a sovereign cloud framework becomes the building block in defining the key characteristics to which a cloud can be assessed as sovereign.
These include data sovereignty and jurisdictional control, data access and integrity, data security and compliance, data independence and mobility, and data innovation and analytics. Think of this framework as providing the technical guidance, best practices, and principles for design and other operational considerations.
The second aspect is being part of a sovereign cloud initiative. For example, local cloud service providers that want to be part of the VMware Sovereign Cloud initiative must complete an assessment of the design, build, and operations of their cloud environments and their capability to offer a sovereign digital infrastructure. It is initiatives such as these where customers can connect to the trusted local sovereign cloud service providers capable of achieving the scalability and security essential to manage data within the national borders.
Not one, but many
As more governments and companies adopt stricter data policies, business and technology leaders need to identify the best possible multi-cloud approach encompassing local and multinational service providers. This requires organisations to identify the sensitive data sets with sovereignty requirements which must be placed on those specialised environments. More generalised cloud environments can be used for the less critical data needs.
Regardless of which cloud service provider is chosen, organisations must understand that the ability to protect data breaks down as it is moved, managed, stored, analysed, and used across an interconnected landscape of service providers. Therefore, the security of data and its jurisdictional control must always be kept front and centre of business priorities. Cloud sovereignty can help alleviate these concerns as those providers that deliver on its tenants will be the ones that provide the peace of mind essential for effective business growth in a cloud-driven world.
Written by - Sumeeth Singh, Cloud Provider Business Head: Sub-Saharan Africa at VMware
Support me if you like reading this blog post by buying me a cup of tea (so far Infinity) - https://www.buymeacoffee.com/TheLifesWay Contact me at firstname.lastname@example.org to collaborate and promote your services and products. Subscribe to my YOUTUBE Channel for giveaways, product reviews and mystery unboxings. #TheLifesWay #10YearsofTheLifesWay. Namaste!