The number of newly founded NGOs announcing Sovereign Cloud development as their primary goal has vastly increased last year. The modern trend of sovereignty becomes the must-have of the season. What should you choose for your cloud data – to be trendy and protected or stay in the dark for your data safety? In fact, you have no choice and no right to risk.
What exactly is data sovereignty in the cloud environment? How can we meet these present-day requirements? Data sovereignty refers to the jurisdictional control or legal authority that can assert data because it is subjected to the country’s laws.
The main cloud sovereignty goals are protecting sensitive, private data and ensuring it remains under its owner’s control. Most countries have jurisdiction on the matter, and it is evolving continuously and rapidly. There are mainly two basic requirements to cloud sovereignty varying from country to country. The cloud or/and a party controlling the cloud may have to be located within the country.
In certain situations, the requirements for cloud sovereignty are stringent. In China, for example, in many instances, it is obligatory for the cloud provider to be a Chinese company.
Data residency, in its turn, is a privacy and business prerogative and refers to the physical data storage location. This term is essential for commercial and taxation purposes. In the majority of cases, data residency mirrors data sovereignty rules and laws within a country.
Control and Access
The one who owns information owns the world. We still might not fully realize how crucial the importance of data is. Defining the “new oil”, information from data gives enormous power to those who own it and opens vast opportunities for all the industries – from statistics to strategic business planning and decision making. Data influences a country’s politics, economics, defense and foreign affairs. Today the availability or lack of the data can prevent national conflicts or provoke a war. Nobody doubts that the data becomes a new weapon. That’s why it is so important to keep data controlled and sovereign to ensure it does not harm. Without laws that regulate adequate data sovereignty compliance, even your personal information – which is no less valuable than your money, could be easily abused.
But what kind of data falls under sovereignty jurisdiction and should be kept in the country? Independently of the industry, the first type of gathered data to be protected is personal data. It includes everything from a person’s basic identity information – name, address, ID numbers. This kind of data is followed by web data such as location, IP address, cookie data and RFID tags, health and genetic data, biometric data, racial or ethnic data, political opinions and sexual orientation.
In our everyday life, we leave behind a great lot of information that grows into the Big Data phenomenon you indeed heard of. What might seem insignificant at first sight turns out to be a powerful tool at a closer look. So, the next time you’re using a public cloud, ask yourself: “Are you certain that your customers that are ordering food on your platform are happy about their private data (what they had for dinner last night) to end up in the hands of a foreign government?” This bright example shows the importance of simple everyday information if we multiply it by the number of people in the country or the region. If you keep going through a person’s daily life, you very quickly realize that just about anything and everything can be considered critical enough to stay in the country.
Data Travel Restrictions
As many IT trends originate from the USA, data sovereignty is no exception. Many credits its high rising popularity to Snowden’s leak that exposed the US NSA PRISM spying program. The US government collected the data not only from US citizens but also from foreign nationals. Particularly, the US government has the authority to access the data stored within its territory regardless of data’s origins. Remember also Facebook’s Cambridge Analytica scandal, where users’ data was collected without their explicit consent. These situations emphasized the importance of data sovereignty. Governments worldwide have been focusing on this matter to protect the countries and their citizens against information leaks and possible consequences.
The US has no general consumer data privacy law at the federal level. It does, however, have many industry-specific federal protection laws – for example, the 1994 Driver’s Privacy Protection Act and the Video Privacy Protection Act. Laws also vary from state to state. California Consumer Privacy Act (CCPA) is one of the most prominent data privacy laws in the United States.
The European Union GDPR (General Data Protection Regulation) is a great example of data sovereignty law. Enacted in 2016, it governs the data protection and privacy of EU citizens and regulates the transfer of data outside the borders of the EU and the European Economic Area. However, countries like Germany and France have strict laws of their own to protect their citizens’ data.
Germany has implemented the new German Privacy Act (BDSG-new) that restricts data transfers to third countries. Companies that process the people’s personal information have to fulfill the German government’s data protection requirements, even if they are located outside the country’s borders.
Indonesia, Brunei, China, Vietnam, Russia
Laws related to data protection in these countries are probably amongst the strictest. They have stringent requirements that the data has to be stored on servers within the country.
Argentina, Brazil, Colombia, Peru and Uruguay
Data localization laws in Argentina, Brazil, Colombia, Peru and Uruguay are pretty mild. Some restrictions apply to international data transfers. However, these restrictions act only in certain conditions.
Instant Solution: Protected, Controlled and Sovereign Cloud
Within the last year or so various projects appeared to declare and serve the principles of Cloud Sovereignty, develop cloud data rules and restrictions on the country or region level. Some of them are supported by governments; others are initiatives of IT communities or business ideas that hope to become highly profitable in future. They promise data protection and cloud sovereignty. However, none of them can offer independent, controlled and secure cloud data management today, right now.
The immediate solution for any cloud sovereignty issues that can be met by the business already exists. The right answer is on the surface. Private clouds can easily satisfy all possible requirements to data protection, geographical localization, control, access and security. By its very nature, a private cloud would be located within the country. It means complete cloud sovereignty for enterprises. The private cloud workload and data are under the country’s jurisdiction. Such a private cloud run on hardware physically placed within the state complies with all the laws and regulations; the data never cross the borders to leave the country.
If you wonder how to achieve data sovereignty in a cloud environment right away, Sardina Systems is here to help you. Our brainchild FishOS is an efficient cloud management software for enterprises that can run and serve the data inside your country. Thanks to our numerous partners, the necessary hardware and data center facilities can be provided and hosted in a short time. The diverse customer experience worldwide gave us the essential practical knowledge in delivering a cloud that fully meets the country’s data sovereignty requirements.
What is your choice? To risk the business and wait when all the data protection rules are settled? Or run the business today, with the high level of data security and sovereignty in your private cloud environment?
The source: www.sardinasystems.com