The Family Holiday – The Assessment Criteria
Alex Tanner, Senior Staff Cloud Solutions Architect, VMware Partner Connect Cloud Provider partners, UK&I
In my first blog, I talked about how selecting a sovereign cloud is not just aligned to a technology stack or a solution offering but is more about proposing a framework of assessment that people responsible for safeguarding corporate or public data, (data guardians), can use to evaluate whether a specific sovereign cloud offering is right for them.
Assessment Criteria: People
The first of these assessment criteria applied to the accommodation choices is ‘people’. In the context of the analogy this is looking at the types of people that have access to the children and what that means for the children’s experiences, enjoyment, and safety while on holiday. Child NS (not sensitive) is quite capable of being put in a group with other children and left to enjoy most activities with minimal supervision by individuals with minimal training and specialist experience.
In terms of the sovereign cloud framework this equates to a relative lack of concern from data guardians about who has access to the non-sensitive data represented by Child NS. There is little in the way of regulation governing that access and little could result from diverse types of people interacting with Child NS. Child S (sensitive), on the other hand, needs specialist handling by trained individuals and there could be quite negative consequences if Child S is exposed to people lacking the relevant training and awareness of Child S’s specific needs. In terms of the sovereign cloud framework, we are highlighting that data guardians should be aware that certain tiers of data should ideally only be managed by certain types of individuals.
The types of individuals one might consider for managing different data classifications is captured in the diagram below. Partners currently serving the local public sector, defence, intelligence, or specific verticals such as health and finance will have this knowledge and experience and will employ the correctly qualified and vetted people to manage the different tiers of customer data securely and in line with prevailing regulations. Part of the journey to assessing the type of sovereign cloud a business needs is understanding the type of individuals that should have access to the different classifications of data for which the data guardians are responsible.
Assessment Criteria: Access
The second assessment criteria applied to the choice of accommodation is ‘access’ and who mandates and regulates that access. In the context of the analogy, this is around accountability and routes to legal recourse.
In the event there is an issue with Child NS, given the likely lack of seriousness of the infraction and its impact on the child, an escalation to the individuals coordinating the specific activity or possibly the leisure center management to lodge a generic complaint, which might be dealt with eventually from a central service located within the wider international group, should suffice. With Child S, however, any issue that arises needs to face immediate arbitrage and there needs to be clear lines of local accountability, given the potentially serious impact of any issues on the child and the regulations governing that child, any legal recourse would need to be adjudicated locally. Adult A likes the idea that the local boutique hotel has clear lines of accountability within its organization and is also wholly subject to local jurisdiction for all contested issues.
For both the other accommodation choices, the lines of accountability and escalation are far less clear, given the nature of their local organization’s relationship with their international parent and partner entities. Concerns immediately arise around the location of the court that might adjudicate any issues as well as which country’s legal and regulatory framework might be relevant in determining the particulars of the dispute. As can be observed from the diagram below, and in terms of the sovereign cloud framework, understanding the impact of local, regional, and international jurisdictions on where adjudication could take place and under which jurisdiction an issue or appeal would fall relating to different types of data is critical.
This is critical in understanding the choice of sovereign cloud and how, not only the customer data, but all associated account and service meta data relating to that customers data are handled according to which regulatory frameworks, auditing standards and which jurisdictions the sovereign cloud provider are ultimately subject to, from the perspective of governance, oversight and compliance.
Assessment Criteria: Process
The third assessment criteria applied to the choice of accommodation is ‘process’. In the context of the analogy, process is all about the systems used to aid the people in carrying out their duties. In the case of the holiday and the staff looking after the family, this is the booking systems, the billing systems and the customer-facing systems that provides information around activities booked etc. These systems hold a lot of data such as credit card information, potentially health, and other personally identifiable and sensitive information about the family.
These systems serve an important purpose in enabling both the family and staff to coordinate activities and schedules as well as tracking and accounting for the consumption of sport and leisure activities and the use of the various facilities. The local boutique hotel has worked hard to use local providers of these systems, to maintain clear lines of accountability for the data and privacy and to have available trained staff who can explain with full transparency and auditing what data is captured and how it is used. The franchised hotel has something similar using local systems and processing data locally and in line with local regulations around data governance offering a degree of transparency around what data is captured. However, as part of a larger organization, where data is often synthesized and transformed, local staff are less able to guarantee how data is captured or how it will be used and for what purposes within the wider group.
The international hotel group has clear privacy guidelines adapted for the local market and compliant with broader regulations but is less clear on how data created relating to the family’s accounts with the hotel will be used. Also, if there is a need for more information that is not immediately available locally but will need to be discussed through a centralized corporate function. With the sensitivities related to the mental and physical wellbeing of Child S and their special status governed under law, both Adult A and Adult C are concerned as to how data created about the children could be exposed outside of the local jurisdiction and what use could be made of the data insights the international parent company generates, operating as they do under a foreign regulatory regime.
In terms of the sovereign cloud framework, this criterion then is all about the accountability of the sovereign cloud when it comes to how the customer’s data as well as all the associated account and service metadata generated by the provider are managed and potentially leveraged, and by who and where. The popular use of third-party ITSM systems hosted on a SaaS basis or having end-user access authentication to the cloud providers portal hosted in a foreign jurisdiction all introduce data integrity and control concerns that need to be considered by the data guardian when they assess how truly sovereign all aspects of their data will remain when hosted on the different sovereign cloud services.
In my final post, I will cover the final two layers of the assessment framework – activities and technology – and conclude on what hotel wins.
For more about the VMware approach to sovereign clouds please contact us here and working with our Partners to have your own sovereign cloud assessment please reach out here.