Data is the lifeblood of most modern businesses. One of the key benefits we often mention about the Cloud is that the data is not tied to hardware that could fail – your data is simultaneously everywhere and nowhere. Things become a bit more complicated if you are in a regulated industry that dictates controls and conditions around where your sensitive data is allowed to live. Data Sovereignty refers to the concept that data is subject to rules and regulations of the country where the data resides; it is an important consideration in your Cloud planning.
Understanding the Requirements
The first step to building a plan for data sovereignty is to get the right people in a room to define your data management requirements and discuss the various options:
- Business Experts – People with a really deep understanding of all of the needs within the company.
- Legal/Compliance Experts – Experts in the applicable legal and compliance regulations.
- Cloud Solution Experts – A Cloud solutions partner, like Online, who understands how to effectively deploy and manage Cloud solutions.
- Business Decisions Makers – Often finance and executive branches do not need to be in every meeting, but they need to sign off on the final cost, and so it is best to keep them in the loop.
Once you have all of these great minds in a room, you will need a whiteboard and a lot of caffeine. You want to clearly document what data you have and what regulatory or privacy requirements exist that impact where your data can reside. In virtually every case, it is possible to move forward with some sort of a Cloud adoption strategy, however, you may need to take in special considerations depending on your data sovereignty requirements:
- The Cloud is still built on brick and mortar data centers
Cloud providers, like Microsoft, have hundreds of thousands of servers all over the world – possibly even millions. This means that your data can be traced to a specific location or locations. In most cases, Cloud providers have systems in place to help their customers specify where their data lives and, often just as importantly, where it cannot live.
- The Cloud has resiliency designed into it
In the US alone, there are currently eight data centers that support the Microsoft Cloud. Each of these massive structures is strategically located to ensure that no single external event could impact all data centers simultaneously. However, not all countries have such highly developed infrastructure. This could result in primary data centers being in one country while backup data centers are in another country altogether – creating a unique challenge when trying to meet regulatory needs.
- Where your data lives may depend on the services that you consume
Each data center is not a carbon copy of every other data center. Some data centers support some services, while other data centers support other services. In Canada, for example, Exchange, SharePoint, Skype, and Dynamics CRM are all supported by the data centres in Toronto and Quebec City, while Azure Active Directory, Sway, Yammer, Planner, and Dynamics Marketing are all supported by data centers in the US.
- Often the location of Cloud data can have serious legal implications
In a recent legal ruling a judge in the US determined that Microsoft was within its rights to withhold data from investigators when that data is outside of the US (Dublin in this situation). This case, which involves allegations of drug trafficking, is a perfect illustration of why data sovereignty matters so much. Had this data been located in the US, Microsoft would not likely have been able to fight the request from the government for the data. With cases like this, you can also understand why businesses that deal with the US government may be required to keep all their data within reach of the US legal system.
Paradoxically, Cloud solutions are moving in two different directions. On one hand, they are ever expanding with bigger, better, and faster hardware across the world so that data borders are becoming obsolete. Then, on the other hand, features and tools are being developed to allow the Cloud to honor the international, and often invisible, borders that divide countries. At Online we believe that every business can take advantage of the Cloud in one way or another. Our strategy is to collaborate with our customers to deploy secure and compliant Cloud solutions that take into considerations all of the factors around data sovereignty. If you are interested in learning more about migrating to the Cloud, check out our O365 Resource Center.