DataCenterNews Asia logo
Specialist data center news for Asia
Story image

Three things companies must know about data sovereignty when moving to cloud

Wed 19 Apr 2017
FYI, this story is more than a year old

I hear it nearly every day – the lament of teams trying to transform their enterprise from '80s-era software to the cloud: “Our state (or country, or regional authority) says that data can never leave our jurisdiction, which means we can’t store it in the cloud.”

It’s true that data sovereignty presents technical and legal challenges when moving on-premises systems and information stores to the cloud.

There is no United Nations resolution, European Union mandate, or international trade agreement that provides one blanket set of data sovereignty requirements that all countries follow.

Privacy and data-hosting laws vary by country and state, and some are more strict than others.

The thought of trying to navigate this international legal maze sounds complicated and time-consuming. It doesn’t have to be.

The solution is not to delay or cancel cloud migration efforts, but rather to examine three key considerations at the outset: where your data will reside, what’s in the fine print, and whether your cloud services providers are transparent.

This all sings the same tune as recent guidelines issued by the Monetary Authority of Singapore that urge financial services to take a risk-based approach when managing cloud outsourcing risks.

We’ve seen enterprises try to govern with an iron fist and block the use of cloud services – reminiscent of the enterprises a decade earlier that tried to block the use of the Internet.

Enterprises are increasingly adopting cloud-based services in order to take advantage of the many business benefits of not having to purchase, manage, upgrade, and replace systems and applications.

Of course, all that data still has to “live” somewhere. But because a primary goal of using cloud computing is to create anytime-anywhere access to information and systems, most customers don’t give much thought to where their data is stored.

hat needs to change.

Location, location, location

The strictest data sovereignty laws, like those in Germany, France, and Russia, mandate its citizens’ data is stored on physical servers within the country’s physical borders.

There are even some specific industries – governments come to mind – that demand the same. For example, certain United States federal agencies require their data be stored exclusively within the United States.

The good news for enterprise IT and legal departments is that they can leave the responsibility of complying with these laws to their cloud services providers.

That’s why the opening of new cloud data centers globally is occurring at a pace once reserved for new Wal-Mart store locations.

The chances are very good that, if you do your research, you can identify a cloud services provider whose data center locations ensure you comply with all applicable data sovereignty laws.

Just as in real estate, location is the first factor to consider regarding data sovereignty when migrating to the cloud.

A good place to start will be to check if your potential service provider is certified against local standards.

In Singapore, this is the Multi-Tier Cloud Security (MTCS) Singapore Standard (SS) 584, which is the world’s first cloud security standard that covers multiple tiers of cloud security.

Having a level-3 certification for example, would mean that they are certified to handle highly sensitive data such as patient records.

Perform your due diligence

The second is what’s in the fine print. Carefully review your local laws and the SLA of your cloud contract. Then have conversations with all applicable internal departments to gain an understanding of the root causes of all data sovereignty concerns.

When I work with a company on its cloud migration strategy, and I am told that there is a government policy to keep data out of the cloud, I ask for the specific wording. Often, if they can’t provide that information to me, they haven’t done the research.

So we have to dig deeper.

Banning the use of cloud invariably leads to a world of shadow IT that seeps into the organization

I’ll ask: “Can you exchange email with entities outside of your company or region? Do you store any data outside your company or country with partners or suppliers? Do you use any other cloud services like SalesForce.com, Box, NetSuite, Amazon Web Services, Microsoft Azure, etc.?”

In many cases, the answers to all three of these are “yes.”

Demand vendor transparency

This brings us to the third key consideration regarding data sovereignty and the cloud: security and control. Often it’s not complying with the laws that cause an enterprise to shy away from the cloud.

Rather, it’s the fear of no longer having complete control over who manages company confidential data or personally identifiable information (PII) data. That’s not to say there are no valid considerations with respect to data privacy.

For example, countries within the European Union (EU) have restrictions on the transfer of PII data to countries outside of EU. In other cases, however, the objective may simply be normative.

The legal or HR team may be uncomfortable with specific company information being kept outside of their entity.

Therefore, choose a vendor who is transparent and you trust to both ensure you are in compliance and will protect your data from prying eyes. Look for these security and control capabilities when evaluating vendors:

  • End-to-end encryption: Ensure the encryption of all data in-transit across the Internet and stored at-rest in the cloud.
  • You hold the keys: Encrypt data on-premises before it ever traverses the Internet to your cloud provider’s data center.
  • Sophisticated access controls: Role-based authentication and other granular user controls that control what exact data each user can and cannot see.

Given the financial benefits, innovation, and momentum behind cloud computing, packing up the cloud and going home seems an unlikely outcome.

We’ve seen enterprises try to govern with an iron fist and block the use of cloud services – reminiscent of the enterprises a decade earlier that tried to block the use of the Internet.

Banning the use of cloud invariably leads to a world of shadow IT that seeps into the organization and results in a lack of resource control as well as data security and compliance issues.

Data sovereignty laws should not limit the adoption of cloud-based services. In fact, it can have the opposite effect by compelling cloud vendors to be transparent.

Follow these recommendations to work through data sovereignty concerns and make full use of modern cloud computing services.

Move out of that 1980s technology stack and into the world of the cloud – you can get there with knowledge and a trusted vendor.

Article by Jimmy Fitzgerald, vice president and general manager, Asia-Pacific & Japan, ServiceNow

Related stories
Top stories
Story image
Employment
Tech job moves - Forcepoint, Malwarebytes, SolarWinds & VMware
We round up all job appointments from May 13-20, 2022, in one place to keep you updated with the latest from across the tech industries.
Story image
Sustainability
Intel unveils new investments for data center sustainability
Intel has announced two new investments, continuing its efforts to create more sustainable data center technology.
Story image
Digital Transformation
The Huawei APAC conference kicks off with digital transformation
More than 1500 people from across APAC have gathered for the Huawei APAC Digital Innovation Congress to explore the future of digital innovation.
Story image
Sustainability
Legrand unveils Nexpand, a data center cabinet platform
Legrand has unveiled a new data center cabinet platform, Nexpand, to offer the necessary scalability and future-proof architecture for digital transformation.
Story image
Sustainability
ABB unlocks sustainable energy upgrades for data centers
ABB says its new microgrid solutions will get data centers ready for the green revolution and use their own energy sources with a reduced carbon footprint.
Story image
Infrastructure
Report - Data investment the key to better business growth
New research from Digital Realty has revealed that almost half (47%) of IT leaders globally believe their business investment in data systems and infrastructure is a key obstacle or concern.
Story image
Sustainability
NTT launches IoT Services for Sustainability offering
"We know what actions are needed to build a more sustainable future and have a robust suite of technologies available to help deliver this impact."
Story image
Microsoft
Microsoft unveils adaptive accessories for disability access
Microsoft is introducing an expansive Inclusive Tech Lab to give people with disabilities greater access to technology through new software features and adaptive accessories.
Story image
SaaS
Cisco reveals new tech, intends to prevent network issues
Cisco has revealed new technology intended to mitigate costly disruptions by aiding IT teams in learning, predicting and planning.
Story image
Surveillance
Genetec launches new enclosure management system for data centers
Genetec has released a new enclosure management solution that will give data centers the ability to secure, monitor and manage access to racks and cabinets remotely.
Story image
BitTitan
Why tenant consolidation is critical to cloud success
Consolidating tenants can improve cost management, security and engagement after a flurry of reactive activity following the widespread shift to remote operations.
Story image
Telstra
Telstra expands business offerings in the Philippines
The expansion aims to offer more choice for customers and enhance connectivity into the Philippines, and within the country.
Story image
Hyperscale
SpaceDC partners with Aofei for data center sales in Asia
SpaceDC has partnered with Aofei Data International to sell Aofei's data centers, CDN and SDN in China.
Story image
Talend
Talend introduces new data health solutions for businesses
Talend has announced its latest version of Talend Data Fabric, with the release of Talend Trust Score enabling data teams to establish a foundation for data health.
Softiron
For every 10PB of storage run on HyperDrive vs. comparable alternatives, an estimated 6,656 tonnes of CO₂ are saved by reduced energy consumption alone over its lifespan. That’s the equivalent of taking nearly 1,500 cars off the road for a year.
Link image
Story image
Sustainability
RDA and MVGX partner for sustainable data center development
Red Dot Analytics (RDA) and MetaVerse Green Exchange (MVGX) have entered a strategic partnership to make Singapore's data center development and operations more sustainable.
Story image
Sustainability
AirTrunk boosts Japan presence with West Tokyo data center
AirTrunk is planning to build TOK2, a new hyperscale data center in Japan which will strengthen the company’s presence in the country.
Story image
Data Center
CBRE finds record levels of investment in APAC data centers
CBRE's new report finds direct investment in the sector more than doubled in 2021, surpassing investment volumes for the past four years combined
Story image
Akamai
Akamai announces new products across security, computing
Akamai has announced a series of new products and updates to existing products across its security and compute product lines, including its entry into the infrastructure as a service (IaaS) market.
Story image
Power / Energy
DigitalBridge makes $30 million equity investment in LEDC
Leading Edge Data Centres (LEDC) has announced it has secured an AUD$30 million equity investment in its regional edge network from an affiliate of DigitalBridge Group, DigitalBridge.
Story image
Sustainability
Video: 10 Minute IT Jams - SoftIron CMO on Data Center Sustainability
In a special Power/Energy feature week presentation, we are joined by SoftIron CMO Andrew Moloney.
Story image
Data Center
Equinix enters Africa, closing US$320 million acquisition of MainOne
The completion of the acquisition augments Equinix's long-term strategy to become a leading African carrier-neutral digital infrastructure company.
Story image
Databricks
Databricks grows in APAC market, expands into Korea
Databricks officially launches a local office in Seoul, Korea, building on existing partnerships with Cloocus, Megazone and the Weverse Company
Story image
Research
New strategies for cloud-native attacks - Aqua Security
New research from Aqua Security reveals attackers are using more sophisticated techniques to target cloud-native environments.
Exabeam
Find out how a behavioural analytics-driven approach can transform security operations with the new Exabeam commissioned Forrester study.
Link image
Story image
Microsoft
SAS Viya on Microsoft Azure to deliver 204% return - study
The Forrester Total Economic Impact study finds SAS Viya on Microsoft Azure brings a 204% return on investment over three years.
Story image
Data Center
Tier III Ready Datacenter solutions shortlisted for major awards
"These designs will accelerate data center clients' own Tier III certification, reduce the cost, and fast-track their time to market."
Story image
Cybersecurity
A10 Networks finds over 15 million DDoS weapons in 2021
A10 Networks notes that in the 2H 2021 reporting period, its security research team tracked more than 15.4 million Distributed Denial-of-Service (DDoS) weapons.
Story image
Sustainability
Siemens showcases new automated solutions for data centers
Siemens has implemented new automated solutions and AI in the Baltic region's largest data center, providing insight into the future of data center management.
Story image
Sustainability
Power at the edge: the role of data centers in sustainability
The Singaporean moratorium on new data center projects was recently lifted, with one of the conditions being an increased focus on power efficiency and sustainability.
Story image
Sustainability
Daikin and SP Group to build new energy efficient district cooling system
The project, set to be complete by 2025, will create a system with a cooling capacity of up to 36,000 refrigerant tonnes (RT). 
Story image
Sustainability
AyalaLand and FLOW partner for data center development
AyalaLand Logistics Holdings Corp (ALLHC) and FLOW Digital Infrastructure have entered into a framework agreement to bolster the development of carrier-neutral data centers in the Philippines.
Story image
Data Center
Preventing downtime costs and damage with Distributed Infrastructure Management
Distributed Infrastructure Management (DIM) can often be a lifeline for many enterprises that work with highly critical ICT infrastructure and power sources.
Story image
Cloud
Colt connectivity with AWS increases services in Asia
Colt Technology Services expands cloud connectivity to AWS Direct Connect Hosted services, with speeds of up to 10 Gbps in Asia.
Story image
Digital Transformation
Multiplex, NEXTDC making strong progress on S3 data centre
Multiplex has made a significant achievement on Stage 1 of NEXTDC’s S3 data centre, ‘topping out’ the structure in the Artarmon on Sydney’s lower North Shore.
Story image
Sisense
Data and analytics could be key to higher selling prices in APAC
Sisense's latest report has found that almost half of data professionals in APAC think customised data and analytics can create better selling prices for their products.
Story image
Digital Transformation
EdgeConneX enters Indonesia, plans for data center campus
EdgeConnex has announced it is expanding its presence in Asia with the acquisition of GTN Data Center in Indonesia.
Story image
Cybersecurity
The 'A-B-C' of effective application security
Software applications have been a key tool for businesses for decades, but the way they are designed and operated has changed during the past few years.
Story image
SD-WAN
Orange moves Siemens AG’s entire operations to a SD-WAN
Orange Business Services has migrated Siemens AG's entire global operations, 1168 sites across 94 countries, to a SD-WAN
Story image
Power / Energy
Keysight Technologies introduces new next-gen DPT solution
Keysight Technologies has announced its new next-generation Double-Pulse Tester (DPT) with the PD1550A Advanced Dynamic Power Device Analyser.
Story image
Sustainability
Grasping the opportunity to rethink the metrics of a sustainable data centre
A data centre traditionally has two distinct operations teams: the Facility Operations team, and the IT Operations team. Collaboration between them is the key to defining, measuring, and delivering long-term efficiency and sustainability improvements.
Story image
Data Center
Digital Edge to build South Korea's largest commercial data center
The project will be the largest commercial data center project in South Korea with total IT power of 120MW and a capital investment of more than KWR$1 trillion.
Story image
Sustainability
YTL unveils development of solar-powered data center campus
YTL Power (YTL) has announced the development of a 500MW data center campus in Johor, the first data center park in Malaysia to be powered by solar energy.
Story image
Disaster Recovery
Kacific launches emergency connectivity offering, CommsBox
Kacific has announced the release of a new emergency connectivity offering designed to rapidly provide broadband service in emergency or disaster zones.