Data management has emerged as a key area of focus as businesses navigate the complexities of ensuring collected data comply with an ever-growing number of laws and regulations. The concept of distributed or edge computing inherently solves data residency requirements, with businesses being able to collect, store, and process data locally by managing remote business areas on a single platform.
Registered users can unlock up to five pieces of premium content each month.
Log in or register to unlock this Insight.
Data Sovereignty versus Data Residency: Same Sides of the Coin?
|
NEWS
|
In an increasingly decentralized world, data management has emerged as a key area of focus, as businesses navigate the complexities of ensuring collected data comply with an ever-growing number of laws and regulations. Two areas often mentioned when it comes to data management are data residency and data sovereignty. Data residency refers to the geographical location of the data that are collected, while data sovereignty refers to the notion that the data collected are subject to the local laws and jurisdiction in which the data are physically stored.
Data sovereignty ensures that data are legally protected by local regulatory requirements. Some examples of data sovereignty laws include:
- The European Union’s General Data Protection Regulation (GDPR)
- Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA)
- Japan’s Act on the Protection of Personal Information (APPI)
Although data sovereignty laws can differ greatly from country to country, there are often some commonalities in functions, including ensuring the protection of privacy and security of personal data. Data sovereignty laws also establish the legal framework for how data are handled and are subject to the laws and regulations of the country where they are stored or processed. These data laws often restrict cross-border transfer of data, particularly Personally Identifiable Information (PII). Individuals are also granted greater control over their personal data, such as the right to access, correct, or delete their personal information. Businesses operating internationally or storing and processing data across borders must stay informed about these data laws and take steps to ensure absolute compliance. Failure to do so can result in legal and financial difficulties.
How Does Data Sovereignty Affect Distributed Data Management Practices?
|
IMPACT
|
The concept of distributed or edge computing inherently solves data residency requirements, with businesses able to collect, store, and process data locally by managing remote business areas on a single platform. The growing prominence of data sovereignty has accelerated the need for a distributed and edge computing platform. Traditional cloud computing practices, be they public or private cloud, have not been able to fully solve the challenges of data sovereignty.
For example, compare a traditional Artificial Intelligence (AI) platform with an edge AI platform. In a traditional AI platform, data that are collected from the source need to be transferred to a centralized cloud that could sit anywhere in the world. These data will then be processed and sent back to the source, creating a complex mix of network bandwidth and latency challenges and, most importantly, susceptible to data sovereignty implications due to having local data being sent halfway across the world. With edge AI, businesses can collect and process data at the source, without the data ever leaving the local jurisdiction, hence being fully compliant with data sovereignty laws. Businesses also avoid the high cost of network bandwidth and can process the data in a much lower latency environment.
Data sovereignty laws will positively impact the growth of distributed and edge computing ecosystem. Businesses will demand higher processing capabilities for devices on the edge, workloads such as AI/Machine Learning (ML) and data analytics will increasingly be processed at the edge, and Content Delivery Networks (CDNs) that deploy edge servers to deliver content to the nearest location of end users will continue to experience an uptick in growth and demand.
Instead of treating data sovereignty laws as a hindrance or a shackle to technology providers, this is now the opportunity for technology providers to look and invest in the growing distributed and edge computing ecosystem. While Amazon Web Services (AWS), Microsoft Azure, and Google Cloud have announced Amazon Outpost, Azure Stack, and Google Anthos solutions, respectively, which extend the cloud infrastructure to an on-premises environment, more can be done by the cloud hyperscalers in providing edge cloud services.
Leveraging Data Sovereignty as a Growth Mechanism
|
RECOMMENDATIONS
|
Data sovereignty can be a catalyst for technology vendors looking to play a role in the growing distributed and edge computing market. Businesses are looking for guidance in understanding the various data sovereignty frameworks, being compliant with the various data sovereignty frameworks, and implementing data management solutions that are robust enough to satisfy the requirements of the various data sovereignty frameworks. Technology providers will be able to demonstrate competency from both regulatory and legal angles, as well as from a technological innovation perspective.
To capture the distributed and edge computing market, technology providers will have to ensure the following areas are addressed when talking to potential customers:
- Understanding of Data Sovereignty Frameworks: Technology providers will have to ensure and convince customers of their thorough understanding of local data sovereignty regulations and, in some cases, bring in legal experts to demonstrate the completeness of the technology provider’s solutions.
- Access, Audit, and Compliance Tools: Technology providers must implement adequate Identity and Access Management (IAM) tools to restrict data access based on roles and permissions. Technology providers must also put proper audit and compliance processes in place to monitor and track data processing at the edge.
- Local Data Processing Capabilities: Depending on business needs, local data processing at the edge will be one of the most important elements for distributed and edge computing solutions to be compliant with data sovereignty laws. The collection, storage, and processing of personal and sensitive data must be done in local jurisdictions in order to adhere to most data sovereignty regulations.
From a cloud hyperscaler perspective, AWS introduced its digital sovereignty pledge, which starts with ensuring AWS solutions are sovereign by design. AWS also assures customers that they can have control over the location of their own data, verifiable data access control, the ability to encrypt everything everywhere, and ultimately be assured of top-tier cloud resilience for high availability and survivability.
Microsoft Azure introduced its Cloud for Sovereignty solution specifically for the public sector. This cloud platform provides sovereign controls such as encryption and Microsoft Landing Zones to orchestrate various security services and policies. Google Cloud’s approach is to provide customers with knowledge of cloud data sovereignty requirements. The Digital Sovereignty Explorer is an online tool that takes individuals through a guided series of questions about their organizations’ digital sovereignty requirements.
Although some may view data sovereignty as a compliance checkmark in data management, understanding data sovereignty frameworks can be a huge advantage for technology providers, especially in the distributed and edge computing market. As the world becomes more and more decentralized, distributed and edge computing solutions will be the key to answering data sovereignty compliance and legislation.
