The Doppler Quarterly Spring 2019 | Page 69

As regulations get more stringent, what should companies storing data in the public cloud do to ensure they are complying with data sovereignty laws? Companies that are adopting public cloud are rightfully excited about the world of ben- efits this can bring to their businesses. Operating in the cloud, they can, among other things, access, share and process data in real time, across departments, with partners, across borders, and generate insights with greater flexibility and scalability than is fea- sible when operating exclusively in on-premises environments. However, the excitement over these benefits is often tempered by the fear, uncertainty and doubt (FUD) created by the complex and changing nature of data sovereignty and national data protection requirements. This element of FUD is often seen, and used, as a roadblock to cloud adoption by those concerned that the risk outweighs the benefits. But the risk of not meeting data sovereignty and protection provisions, like any risk, can be effectively mitigated with some planning and forethought. While taking advantage of cloud’s “anytime, anywhere” access to data and applications, companies still need to adhere to real-world compliance rules that are changing year to year. Different countries have different laws and regulations relating to the way cus- tomer data is stored, managed and shared. Companies that break these rules – wittingly or unwittingly – face stiff fines. So… • How does this new world of data sovereignty work? • How do you comply with complicated and evolving sets of rules? • Who is responsible – you or the cloud provider? These are important questions for companies to consider as they look to leverage public cloud. Understanding Data Sovereignty Data sovereignty focuses on the idea that data has a national “home.” In recent years the common understanding of data sovereignty has evolved to mean the laws and gover- nance structures that apply to data collected within, or owned by citizens of, a particular nation. Countries have always had rules governing the storage and transfer of sensitive data, such as military information. That is still the case. What has changed is the appli- SPRING 2019 | THE DOPPLER | 67