The complexity of data sovereignty in a multi-polar world

Issue 6 2023 Infrastructure


Andrew Cruise.

“The importance of data sovereignty and security creates complexity in a world where sharing such information across borders generates huge social and economic benefits,” says Andrew Cruise, Managing Director of Routed. It is clear that in the digital age, data sovereignty is becoming more important, as data is increasingly generated and collected through a variety of channels, including e-commerce, social media platforms and mobile devices.

Essentially, data sovereignty is a phrase that describes the principle that a country has the authority and right to govern and control the data generated within its borders. Thus, the concept of data sovereignty gives governments the power to regulate the collection, storage, processing, and distribution of any data that originates within their borders.

Obviously, this will have an impact on cross-border data flows and international data-sharing agreements. Remember that different countries adopt different data sovereignty policies, but broadly, they are about demanding that data generated within the country be kept within the borders for security or regulatory purposes.

Complicating the situation is the recognition that data access and the sharing of such information across borders generates social and economic benefits of somewhere between 2,5% and 4% of GDP. In addition, data transfers of this nature also enable a wide variety of other critical activities, such as the sharing of essential information related to crime prevention, scientific research and innovation, anti-fraud and money-laundering activities, disaster management and even climate change.

It is worth paying close attention to data sovereignty, not only from the point of view of safeguarding private data, but also to avoid liability issues related to legal violations associated with a failure to protect personal information.

A major reason for the complexity around data sovereignty is that the laws governing it vary greatly from country to country, as do cloud service providers’ agreements concerning privacy policies and user rights. Therefore, organisations operating across multiple countries or regions must understand each country’s regulations to comply with all applicable laws.

In fact, ultimately, there are multiple differing definitions of exactly what constitutes ‘data sovereignty’, and it is vital that we obtain some form of industry-wide collaboration in defining and upholding the principles of data sovereignty.

Recognising the complexities of data sovereignty, VMware notes that the answer lies in sovereign cloud deployment, as this is an option that is inherently more secure and offers better data integrity and data assurance.

To this end, VMware is making efforts to promote Sovereign Cloud Partnerships and the criteria they use to select providers, but at the same time, it seeks to limit the number of providers in each region - thus ensuring the rarity of the ‘cloud sovereignty’ badge.

Among VMware’s requirements are for such service providers to have locally sited data centres and, in terms of data security, for them to be ISO and payment card industry data security standard (PCI-DSS) compliant - both areas where Routed has met requirements.

It already segregates management networks from production networks, storage traffic from a host strategy, and even separates host traffic from public-facing web traffic. In addition, we have multi-factor authentication (MFA) in place and have been leveraging the principle of least access from the very beginning. Routed has been highly conscious of implementing security best practices on its infrastructure from the outset.

Moreover, while the company may have secured our back end, poor security measures further down the value chain, like leaving ports open on firewalls, are difficult to mitigate against. However, when it comes to issues of data resilience and data integrity, this requires that backup and replication products be available to assist in a disaster recovery scenario.

Ultimately, there is no one true definition of what data sovereignty is, but it will always entail data locality within sovereign borders, data security and data integrity.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Enhanced cellular connectivity is critical for farm safety
Infrastructure Agriculture (Industry)
In South Africa, the safety of our rural communities, particularly on farms, is a pressing concern. Nearly 32% of South Africa’s 60 million people live in these areas, where security challenges are constantly in the spotlight.

Read more...
All aspects of data protection
Technews Publishing Editor's Choice Information Security Infrastructure AI & Data Analytics
SMART Security Solutions spoke to Kate Mollett, Senior Director, Commvault Africa, about the company and its evolution from a backup specialist to a full data protection specialist, as well as the latest announcements from the company.

Read more...
Revolutionising networking technology for the future
Infrastructure IoT & Automation
[Sponsored] In the fast-evolving landscape of networking technology, RUCKUS Networks stands out as a trailblazer, offering innovative solutions that redefine connectivity experiences across various industries.

Read more...
Edge could help transform South Africa’s healthcare
Axis Communications SA Infrastructure
Edge computing has emerged as a game-changing technology for many industries, and the healthcare sector is no exception. In particular, South Africa’s healthcare industry could significantly benefit from the potential of this technology.

Read more...
Cloud platform for cyber resilience in the hybrid enterprise
Infrastructure
The Commvault Cloud brings together data protection, security, intelligence, and recovery on one platform, offering AI capabilities to defeat cyber threats, and includes integration with Microsoft Azure OpenAI Service.

Read more...
Rapid rise in DNS attacks drives demand for new approach
Infrastructure Risk Management & Resilience
As ransomware grows more sophisticated and DNS attacks become more frequent, businesses are increasingly trying to protect themselves by adopting innovative approaches and technologies to bolster the integrity and security of their backup systems.

Read more...
Majority of South African companies concerned about cloud security
Information Security Infrastructure
Global and local businesses share a common concern when it comes to cloud security. 95% of global businesses and 89% of local businesses are concerned about the security of public clouds.

Read more...
Consolidated cybersecurity management
Technews Publishing Editor's Choice Information Security Infrastructure
SMART Security Solutions spoke to Gareth Redelinghuys, Country Managing Director, African Cluster at Trend Micro, to find out what makes Trend stand out from the crowd and also its latest market offerings.

Read more...
Access to data centre secured
Suprema Access Control & Identity Management Infrastructure
GBM required a modern access control system to increase the security of its facilities in a productive environment without affecting the operation of the offices and the data centre, which are carried out 24/7/365.

Read more...
Africa’s growth lies on shoulders of renewable energy
News & Events Infrastructure
The Africa Tech Festival from 13 to 16 November in Cape Town will unpack the challenges and discuss the pivotal role of sustainability & renewable energy in advancing technological development in Africa.

Read more...