As digital transformation continues to take center stage, data sovereignty and its management is a more pressing matter than ever.
But what is data sovereignty? It simply means that your data is being used and stored where you want it to be. And because of European privacy data regulations – such as GDPR – it’s now a must.
Increasingly, Cloud Management Platforms (such as our CloudController product) play a major role in helping corporations and government organizations solve their data sovereignty issues.
Let’s consider how.
Physical Presence
Imagine you’re working on a project for a bank in Luxembourg: one with vast amounts of valuable data (as well as money!). For compliance reasons, you’d need to guarantee that the data resides solely within Luxembourg’s physical borders.
But how can you guarantee that if you’re developing solutions cloud-native and deploying to a public cloud – like Azure, GCP or AWS? You may not be able to, because these hyperscale cloud platforms likely do not have a physical presence in Luxembourg.
How do you know if the data is being held elsewhere?
To make this guarantee, you’d have to build a data center within Luxembourg itself – or be certain that your external provider stores your data within the country. There’s no way around it. Edge cloud, can, and will almost certainly also play a role in this.
Data sovereignty is absolute. But many multinational enterprises and service providers are operating their businesses across international borders, so how is it possible to assure?
Are You Ready For GAIA-X?
This is the thinking behind GAIA X – a new European initiative designed to guarantee data sovereignty.
With strong support from governments and businesses across Europe, the initiative’s aim is to create a common data infrastructure – which involves setting new standards for what cloud infrastructures and interfaces must look like.
As a result, cloud infrastructure providers will need to offer GAIA X-compatible APIs alongside their other services. This common standard will give European businesses, governments and institutions the assurance their cloud infrastructure, applications and the data residing on them are in compliance with EU regulations and national compliance mandates for procurement and operation of these services.
But what does data sovereignty look like from the perspective of a Cloud Management Platform (CMP) specifically? Let’s use Virtual Machines (VM) as an example. You could also use Container Pods to illustrate this. They’re both just ‘service objects’ from the CMP’s perspective.
Overcoming Obstacles
Say you’re a German multinational company with your own data center in Munich, and you use Azure cloud accounts hosted in the UK region. This is a traditional hybrid cloud. Using a CMP you could in fact create a Virtual Machine or deploy a Container Pod in one of your UK-based Azure accounts, or on data center resources in your Munich data center – from the CMP, no matter where the CMP host server is geographically hosted.
For data sovereignty reasons you may be required to assure German data resides on infrastructure physically located in Germany. You’d do this by creating a service template in the CMP and limiting its use to specific cloud tenants – essentially build a service template that only creates VMs or Container Pods on resources within a German data center environment. Furthermore, you can also limit the use of this template to your assigned teams on location in Germany. So when they log into the CMP they will only see, and have access to, service templates creating VMs and/or Container Pods using Germany-based infrastructure.
While thinking like this is still nascent, and GAIA-X is voluntary, it does however indicate that there’s a viable solution for increasingly common and complex IT issues. But with support from over 300 organizations across Europe (and counting), it’s clear that the issue is being taken seriously.
Our CloudController CMP already has some features that allow cloud owners to meet some data sovereignty requirements. As you might have guessed, InContinuum is involved with GAIA-X and will assure our CMP meets the coming GAIA-X infrastructure standards – always ready for what the future holds on data sovereignty.
Keen to find out more about GAIA-X and data sovereignty? Contact us today.