Data Sovereignty For Small Businesses

By Protonet Team. Published 16. January 2016.

Data sovereignty has always been a hotly debated topic in the IT sector, and discussions reached fever pitch with the Edward Snowden debacle. It certainly raised questions about the security vulnerabilities of data stored in the cloud. So let’s take a look at how data sovereignty affects data stored in the cloud.

The implications of data sovereignty in the cloud

Each country has its own data sovereignty laws, and with the advent of the cloud, many have amended their requirements.

Some countries have adopted legislation requiring customer data to be kept in locations where the company physically operates. Known as a national cloud, this concept is quickly gaining traction. The idea is to protect citizen data by requiring businesses to keep data within the country, run by local companies. This also helps businesses by ensuring the data is ONLY subject to the sovereignty laws of the country. Countries like Russia, Germany, and Canada have already drafted for stricter sovereignty and residency laws prohibiting companies for storing customer data overseas.

Without a national cloud, a UK-based business with cloud data stored in and operated by a US company, for instance, could have their data accessed by the US federal government without the business’s consent or knowledge. It’s completely legal under the US Patriot Act.

For public cloud users, it’s essential that their provider is trustworthy, able to verify where their servers are located, and that they wholly adhere to service level agreements.

Does the cloud help or hinder sovereignty laws?

Cloud storage is about distributing data and applications across a geopolitical spectrum. For small and medium-sized businesses with clients and partners across the globe (as well as cloud providers themselves), this can present conflict. How can you maintain the integrity of the cloud while abiding by government regulations?

Whatever the chosen solution, it has to be specific to the circumstance of the organization, though there are components that should be addressed, including:

• Data loss prevention (DLP) – DLP software dictates data flow and detects breaches. Some have features in place that automatically render data meaningless if breached.
• Data aware services – integrated software components require filtering capabilities and authorization as new services are developed.
• Data segmentation – certain regions require varying levels of data segmentation control and require the data to have a defined location. The solution here lies in a cloud with regional instances located within proximity to conform to data segmentation requirements.

Both private and hybrid cloud systems provide these components. Private cloud providers also differentiate their offerings to suit the specialized needs of vertical industries, such as small businesses within the finance and education sector, where compliance and certification are required.

With your own private cloud server on company premises, you maintain security and the perks of a public cloud – all while addressing the challenges of data sovereignty.