Data sovereignty. A simple notion, right? Not so fast.
What may appear to be a relatively straightforward concept has instead become an extremely complicated situation due to the numerous regulations defined, countless re-purposed terms used, and variety of technology capabilities offered. This reality has an impact downstream in the form of significant considerations and ramifications for public and private organizations alike. To begin to simplify this complexity, let’s start with the definition of the parts that make up the whole of digital sovereignty.
Defining Digital Sovereignty
First, let’s discuss data sovereignty and data residency. These two terms are often combined and intermingled into a single statement that can introduce confusion right off the bat.
If no jurisdiction is involved, then data residency is the proper term as it is simply ensuring that the data — and the processing of that data — sits within an explicit geographical location. However, if the data is subject to exclusive legal protections within a particular jurisdiction of a nation, this is a matter of data sovereignty.
Data sovereignty is the ability to maintain legal control and authority of data within a defined nation’s jurisdictional boundaries. This includes data flows and subsequent processing of that data located within the jurisdictional boundary in question. This also includes any additional data and metadata created by the processing of the original data that falls under this same jurisdictional requirement.
While it may come naturally to focus on the data — and the technology that creates it —the topic of data sovereignty extends well beyond data and technology to encompass data privacy, human rights, national identity, national security, a nation’s digital capability, the value of data, the data economy and — ultimately — economic growth.
The jurisdictional boundary can be extended across national borders to encompass the full scope of a legal entity. A prime example is the grouping of political territories such as the European Union (EU) and legal bodies within the EU such as the European Commission (EC) and the Court of Justice of the EU (CJEU). Member states, such as Germany or France and their respective governments and judiciaries, would have their own jurisdictions in addition to that of the EU bodies.
Data sovereignty is not the same as digital sovereignty. Rather, data sovereignty is merely a subset of the desire to achieve digital sovereignty. Beyond the data, digital sovereignty is about achieving digital autonomy across the entire end-to-end ecosystem and infrastructure, including hardware, software, identities, access, data processing capabilities, data security and infrastructure cyber resilience.
With this in mind, a sovereign cloud is one that supports the destination of digital sovereignty, but does not, itself, provide data sovereignty nor on its own deliver digital sovereignty.
Rather, a sovereign cloud allows an organization to ensure it can offer data sovereignty on the platform without sacrificing any of the commercial benefits of cloud-at-scale, such as the flexibility, agility and visibility organizations have come to expect from a modern cloud environment.
Complexity of the Digital and Data Sovereignty Landscape
The current global arena surrounding data privacy — and broader digital and data sovereignty considerations — is developing rapidly, with much interpretation and evolution yet to occur. Globally, between nations and regions, as well as within countries and regions, there have been and continue to be significant data privacy developments. In particular, there has been recognition of the importance of increased sovereign safeguards when it comes to better protecting mission-critical and sensitive private and public organization data, as well as the data of the citizens and customers that those organizations hold.
Similarly, there is global recognition of significant challenges when it comes to the ongoing discussions and deliberations in this space, but there is also the realization of the success to be enjoyed in overcoming these challenges. This success will result not only in greater surety when it comes to individual, citizen, public and corporate data privacy, but also in significant social and economic benefits. These benefits will flow from securing these critical sovereign data assets, as well as from ensuring that the core data is accessible to sovereign research and analysis and the subsequent tremendous value of the evolving data sets.
At first glance, considerations of digital sovereignty appear to be a straightforward discussion. Hopefully, however, we have demonstrated that it is a topic with deep impact across a very broad ecosystem of highly interrelated and, at times, contentious and competing matters. It certainly is a topic worthy of attention and discourse.
Taking Control of Your Digital Destiny with a Sovereign Cloud
The idea of a sovereign cloud is not a new concept, and, hopefully, there isn’t much confusion surrounding its vital role in an organization’s journey to achieve digital sovereignty. Even with countless ambiguities present in legal and compliance arenas — and ongoing uncertainty in the global, national and regional data privacy landscape — the relevance of a sovereign cloud as part of the journey toward digital sovereignty is more significant now than ever before.
A sovereign cloud should focus on one key element: to provide better infrastructure control so both public and private organizations can ensure they are following and applying the necessary data privacy, security, and compliance measures to protect sensitive and regulated data and application workloads. As noted earlier, this infrastructure control extends beyond the data, applications and systems; it also covers controls for data in transit, data workflows, data processing capabilities — such as artificial intelligence and machine learning algorithms — and access to the data.
For more details on how to take control of your digital destiny, please read the latest Sovereign Cloud Market Leadership whitepaper.
Gary Marshall is VMware Multi-Cloud Strategist.
This guest blog is part of a Channel Futures sponsorship.