Insight and analysis on the data center space from industry thought leaders.

How Data Sovereignty Will Affect IT in 2018

Data sovereignty is all about ensuring that there is clarity around where the data is located and what laws it is subject to, which is a big challenge for the cloud adoption trend facing organizations.

Industry Perspectives

January 10, 2018

5 Min Read
Data Center Knowledge logo


Ryan Mallory is Global Vice President, Technology, for Equinix.

In 2017, many enterprises came to the realization that the center of data gravity is shifting. Whether it is structured or unstructured, at rest or in transit, enterprise data has moved beyond centralized corporate data centers to the distributed digital edge. The edge is where all the elements giving rise to real-time data generation exist, so it is becoming obvious to organizations to build that into their data strategies.

For enterprises to extract the most value from their data, they must re-think their IT architectures. Pushing workloads closer to the data at the edge helps overcome latency issues that dramatically slow application and analytics performance, creating an unpleasant experience for users. However, architecting for the digital edge comes with important considerations around balancing protection of data with accessibility, and rules governing data movement and placement. One of these critical considerations is the merits and challenges posed by localization of data, which may include the need for compliance with complex personal data protection requirements. The much talked about term this year - data sovereignty -  is all about ensuring that there is clarity around where the data is located and what laws it is subject to, which is a big challenge for the cloud adoption trend facing organizations.

There are various reasons such as data privacy, cyber security, protectionism and economic growth that policymakers cite when pushing for regulation in this area, whether more general or industry specific regulation. Consolidated Audit Trail (CAT) reporting in the U.S. requires companies to log every securities transaction and ensure the accuracy of timing services at the nanosecond level. The Markets in Financial Instruments Directive (MiFID ii) in the European Union imposes new reporting requirements and tests on investment firms.

As you can note, the risk is amplified in certain verticals and industries. For example, in heavily regulated industries such as financial services, the benefits of cloud adoption need to be carefully weighed against addressing security, data privacy, and compliance requirements. In the case of healthcare, these regulations could adversely affect the expected outcome, as powerful data analytics applied to bigger global datasets can help speed the development of cures.  

Changing laws and regulations such as Europe’s General Data Protection Regulation (GDPR) are also adding a sense of urgency to the whole debate. For example – the EU data privacy laws already today restrict organizations from transferring personal data that originated in Europe to any country with data protection laws deemed inadequate – which can include the U.S. – without safeguards in place. When the GDPR will come into effect in 2018, those safeguards to allow international data transfers will require enterprises to be more transparent around the IT security parameters that are in place by which personal data is handled, and a whole lot more. 

And these enhanced data privacy measures are a mandatory step for organizations, who would otherwise risk the consequences of non-compliance, that may include possible fines imposed by the European Commission of up to 20 million euros or 4 percent of annual global revenues, whichever is higher. A recent report from Ovum on the effects of these evolving regulations on businesses finds that two-thirds of businesses expect to have to change in their global business strategies to accommodate new data privacy regulations, and over half of businesses think they will be not be ready to comply with the pending GDPR by May 2018.

The introduction of GDPR and the impact of laws across the world that have even stricter requirements around data sovereignty will drive organizations to consider to have data centers in multiple regions in order to store data locally, and minimize the impact of these new regulations. CAT and MiFID II laws also require organizations to log financial transactions at a granular level. This, in turn, makes it necessary for organizations to have a finely synchronized internal clock system across multiple data centers.  

How do enterprises get ahead of these upcoming challenges? On-premises private cloud could seem like an option but it prevents the organizations from reaping the full benefits of cloud economics and flexibility. Public cloud, on the other hand, requires putting data into the hands of external providers, which can make it difficult to track where the data is stored and replicated. One possible solution to these issues is for customers to opt for interconnection, allowing network providers, cloud providers, and enterprises to share data through direct, private connections. This option can provide the benefits of cloud economics and flexibility combined with control over data location and privacy.

Since the private connection to the cloud bypasses the internet, data is not directly vulnerable to the cybercriminals, malware and other constantly evolving threats that permeate the internet today. These private connections also avoid the congestion on the internet, helping to provide predictable, low-latency performance. Recently published market study, The Global Interconnection Index, highlights data protection as one of the top trends driving the need for Interconnection, the bandwidth for which is expected growing at nearly twice the rate comprising nearly six times the volume of global IP traffic by 2020.

With huge volumes of information needing to be readily accessible to employees, customers, partners and auditors around the world, it is paramount that all organizations reconsider how they approach data security, and protection of personal data. As simple as it may sound, it is a much-complicated issue in a digital world where virtual data boundaries do not necessarily follow the same path of the physical global ones.

Opinions expressed in the article above do not necessarily reflect the opinions of Data Center Knowledge and Informa.

Industry Perspectives is a content channel at Data Center Knowledge highlighting thought leadership in the data center arena. See our guidelines and submission process for information on participating. View previously published Industry Perspectives in our Knowledge Library.


Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like