The COVID-19 pandemic has turbo-charged cloud adoption with cloud services proven to be crucial to remote-workforce collaboration and productivity, disaster recovery, cost control, agility, resilience, and business continuity. However, as cloud adoption has accelerated, data sovereignty concerns gained a new prominence in information management, particularly in the government sector.
Capgemini Research Institute explored the following elements of cloud sovereignty in its report ‘The Journey to Cloud Sovereignty: assessing cloud potential to drive transformation and build trust’:
- Data sovereignty including data localization, ownership, traceability and access controls
- Operational sovereignty including operational resilience, regulatory compliance, sovereignty of ecosystem of partners and security controls.
- Technical sovereignty including portability, reversibility, and interoperability.
High demand for cloud services in organisations is shifting in line with new expectations around sovereignty. Among the top 5 concerns with current cloud environment are the following:
- Security or resilience concerns related to the cloud vendor
- Potential exposure to extra-territorial laws and possibility of data access by foreign governments
- Not transparency or control over data in the cloud
- Non-interoperability of data/applications
- Operational dependency on vendors/providers based outside of country’s jurisdiction
As a result of emerging regulations, laws, and discussions around cloud sovereignty, many organisations are making it a key consideration when formulating a cloud-adoption strategy. Information managers can bring a lot of value by helping their organisations better understand their information landscape. We can define and apply data classification to categorise information by sensitivity and value to our organisation. Sensitivity or business critical information then can be treated in a different way to non-sensitive information of low business value.
To take it a step further, use DAAD methodology:
- Define your sovereignty objectives
- Assess cloud providers through a sovereignty lens
- Align for a flexible cloud architecture
- Develop the potential of sovereign cloud