With the introduction of more applications, devices and locations, the flow of data through the network in organizations has significantly increased in complexity. At the same time, cloud has the ability to simplify things if companies are up for fully embracing the technology.
But how can you make sure that whatever cloud environment you implement remains secure and controllable for the protection of data but easily accessible for employees? In this – the fifth episode of our new content series ‘Convergence’ – we discussed data sovereignty and the importance of knowing exactly where your organization’s data is and who has access to it.
Joining me for that discussion were two of our usual panellists Nick Cross, vice president of networking and security sales, VMware EMEA, Ralf Gegg, vice president of end user computing sales, VMware EMEA as well as special guest Scott McKinnon, field chief information security officer and strategist, VMware EMEA.
How to address sovereignty?
Did you know that 92% of the western world’s data is currently stored in the U.S.? It’s perhaps because of this imbalance that 63% of people believe it is very or extremely important to have a cloud solution that provides complete jurisdictional control and authority over data. And why interest in the topic of data sovereignty has become increasingly widespread amongst businesses. But how are businesses taking this surge in interest and actually addressing it?
As Nick rightly pointed out, there are different approaches depending on the country or the jurisdiction in which companies reside. Certain countries are very strict about how and where data is stored and there are also different regional approaches. The EU has its own legislative framework for example.
What every country, region and sector have in common however is that “data sovereignty is hugely important as cyber security and data integrity become paramount in the day-to-day evolution of technology. Expect to see more organisations discussing their data sovereignty strategies and talking about how they plan to go to market with a data sovereignty solution”. For many, that will mean moving to the cloud and in some instances a sovereign cloud platform.
Breaking the tension between what’s possible and what’s desirable
Let’s not forget the greatest benefit that cloud provides is the ability to leave the location of data and how that data is moved about and managed to a cloud provider. Throw sovereignty into the mix and that benefit suddenly becomes a possible tension point. So, how do we break the tension between what’s possible with the cloud and what’s desirable from a legislative and geographical perspective?
For Ralf, it’s a matter of how customers treat different types of data. Customers are very concerned about their data, specifically personal or classified data and anything related to IP. “The more sensitive the data, the more adverse to using cloud solutions customers are”. That said, his guess is that 90% of use cases would or do qualify for cloud-based solutions and that’s because the data which needs protecting doesn’t have to reside in the cloud. Modern cloud infrastructures provide customers with the options to decide which data might be stored in the cloud or in a highly protected environment.
What about the argument that the cloud is less secure for storing data?
Implementing a set of controls is no more difficult to do inside the jurisdiction of a sovereign cloud than any other cloud. Where Scott believes there is a challenge is on the operational side. “Because now the staff who are administering and looking after the cloud service need to be under the operational, jurisdictional control of that cloud”, meaning they may need to be in country and even operating under particular clearance regimes to operate the cloud. It’s this challenge that could make customers wish to trust their data in a particular sovereign cloud.
Protecting an organisations greatest asset
With geopolitical uncertainty, the war in Ukraine, recovering from a pandemic and increasing economic data, it’s no wonder businesses’ desire to better protect their data is growing.
As Nick reminded us, “the most critical part of any business is their data and that has always been the case”. Ultimately, data is an asset that provides companies with a competitive advantage. “Processes and new products will be built on the availability of relevant data”, said Ralf, so the big challenge facing companies is to treat the data in the right manner and not expose data that shouldn’t be exposed. And – said Scott – “evolving to the point that there are clear compliance standards that everybody can align to will go a huge way to removing the friction from the adoption of cloud services”.
To listen to the conversation in full and future episodes of the ‘Convergence’ content series visit your chosen podcast player. Next up in the series, we will be discussing the importance of apps as part of a broader business strategy, how to keep them secure and why we need a new access model to exploit new apps and data.