Data sovereignty is not longer just an IT issue. The increase in data protection legislation and concern over data privacy means that countries are beginning to worry about where their data is being held.
This is not just a response to stories from whistleblowers. National governments are aware that cloud has the ability to move data to countries outside their jurisdiction and where data protection laws are less stringent.
Such concerns have led to an explosion in data centre building and acquisitions of companies in Germany. Meanwhile in the UK parliamentarians have expressed concern over data offshoring. As a result this is not longer just an IT matter or even a compliance issue. It has become a governance issue and with the EU General Data Protection Regulation (GDPR) due to come into force soon, the costs of getting it wrong will rise, and are now an extinction issue for companies.
In a white paper (registration required) and YouTube video, Skyscape CEO Simon Hansford asks companies if they have assessed all the risks in order to make an informed choice of cloud provider. Of course, there is a clear promotional element here for Skyscape Cloud Service who are focused on selling to national and local government departments. Despite this, the five points that Hansford calls out are just as relevant for any commercial company looking at cloud as they are government departments.
What are the five points?
If you are looking at these and thinking you knew all those, the question is are you then applying them to your choice of cloud provider?
In the white paper, Skyscape gives much more detail on each point. Some things that you may not have known are:
At the Datacentre Dynamics (DCD) Converged conference held alongside CeBIT in Hannover this week, a panel discussion came to the conclusion that data sovereignty is likely to lead to the end of the mega data centre and the rise of lots of smaller but more expensive data centres. The result will be a gradual rise in the costs of cloud services.
The panel also said that one of the problems is that much of the data sovereignty discussion is led by rhetoric not by enacted laws and this was causing problems for many data centre owners.
At the end of the day it doesn't matter if you are a small business, multinational enterprise or a government body. Due diligence around cloud services is something that cannot be left to chance yet that is exactly what is happening.
Many IT departments are discovering that the purchase of cloud services by Business Units who are not doing any due diligence is coming back to haunt them when they take over the contracts. There is an ever-narrowing window before the GDPR comes into force for companies to sort this out or face the consequences.