Navigating Technological Sovereignty in the Digital Age
Depending on who you talk to, technology sovereignty is either a hot topic or an issue that other organizations need to deal with. So, does this matter to you and your organization? Let’s first consider the factors driving this trend, specifically the crystals in the solute of the U.S. Cloud Act, which ostensibly allows the U.S. government to access any data managed by a U.S. provider. This frightened EU authorities and countries, as well as others who thought the move went too far.
While activity accelerates in Europe, Africa and other continents, moves are already underway to maintain a degree of sovereignty along three axes: data movement, local control and, increasingly seen as important – states A desire to develop and retain skills and innovation rather than become a passive participant in cloud-based brain drain.
This affects not only government departments and their contractors, but also suppliers to domestic companies. A few years ago, I spoke with a manufacturing materials organization in France that supplies goods to Nigerian companies. “What’s your biggest headache?” I asked the chief information officer as a conversation starter. “Sovereignty,” he said. “If I can’t show my customers how to keep their data in-country, I can’t supply my goods.”
Legislative topics such as the US CLOUD Act make cross-border data management tricky. Because different countries enforce different laws, determining where and how your data is stored can become a significant challenge. If this matters to you, it really does. In principle, technological sovereignty could solve this problem, but there is no single, clear definition. This concept is easy to understand at a high level, but difficult to pin down.
Technological sovereignty is about ensuring that you have control over your digital assets—your data, infrastructure, and systems that run your business. But it’s not just about knowing where your data is stored. This is to ensure that data is processed in a manner that complies with country regulations and your business strategies and values.
For organizations in Europe, the rules and regulations are very specific. The upcoming EU Data Bill focuses on data sharing and access across different sectors, while the Artificial Intelligence Bill introduces rules around artificial intelligence systems. Together, these evolving regulations are driving organizations to rethink their technology architecture and data management strategies.
As always, this means replacing the wheels on a moving train. Hybrid/multi-cloud environments and complex data architectures add complexity, while artificial intelligence is changing the way we interact with and manage data. Artificial intelligence can be a blessing and a curse for sovereignty – it can both enable data to be processed more efficiently, but as AI models become more complex, organizations need to be more cautious about handling data from a compliance perspective.
So what does this mean for organizations that want the flexibility of cloud services but need to maintain control of their materials? Organizations have several options:
- Sovereign hyperscalers: Next year, cloud giants such as AWS and Azure will launch sovereign cloud offerings to meet the needs of organizations that require tighter data control.
- Localization Provider: Working with a local hosting provider (MSP) can give organizations more control in their own country or region, helping them keep their data local.
- Local solution: This is the preferred option if you want complete control. However, on-premise solutions can be costly and come with their own complexities. It’s about balancing control with practicality.
A combination of all three may be needed, at least in the short to medium term. Inertia will have its effect: Given that moving existing workloads from low-hanging fruit to the cloud is already a challenge, Sovereignty creates a host of reasons to keep them where they are, for better or worse.
There is a way forward for sovereignty as both a goal and a burden, centered on the word “governance”. Good governance is about having clear policies for how data and systems are managed, who has access, and how to comply with organizational and customer regulations. This is an enterprise-wide responsibility: All levels of the organization should agree on what sovereignty means to the company and how it will be executed.
This may sound impossible, but that’s the nature of governance, compliance and risk (GRC) – the trick is to assess, prioritize and plan to incorporate sovereign criteria into the way the business is designed. Want to do business in certain jurisdictions? If so, you need to incorporate their requirements into your business strategy and then promote them into your applications, data, and operational strategies.
On the other hand, things are always more difficult than necessary. However, when done well, technological sovereignty can also provide a competitive advantage. Organizations that take control of their data and systems can provide customers with greater security and transparency, thereby building trust. By embedding sovereignty into your digital strategy, you not only protect your organization, you position yourself as a responsible business leader and build a stronger foundation for growth and innovation.
Technology sovereignty should be a strategic priority for any organization that wants to stay ahead in today’s complex digital environment. It’s not just about choosing the right cloud provider or investing in the latest security tools, it’s about establishing a long-term, business-driven strategy that ensures you always have control over your data, no matter where it resides in the world.
The future of sovereignty is about balance. Balance cloud and on-premises solutions, innovation and control, and security and flexibility. If you can get the balance right, you’ll be in a good position no matter what the digital world throws at you next.
2024-11-22 17:15:57