The restrictions of sovereign cloud
It is now more important than ever that businesses and governments control and understand their data journey at every stage, from producing and sharing data to creating value from it. The move towards the cloud has been followed closely by a dramatic rise in cyber-risks both foreign and domestic. Meanwhile, the manufacturing of electric components, the writing of software’s code and the people with the implementation skills needed to address these issues are spread widely across the globe. Currently no solution on the market can claim to combine the broadest possible security guarantees for all these different components, tailored to each companies’ regulation framework, while maintaining both maximum scalability of their functionality and the most competitive prices.
As a result, companies are now choosing between different cloud solutions that – to a greater or lesser degree – they “trust”. They also roll out and use the highest-performing technologies and services, regardless of their country of origin as and when it is necessary. In the context of the cloud, this raises important questions around data sovereignty. And this is especially true with regards to where their data is stored and the different regulations around data protection. But can we really blame companies for acting this way, when access to the latest technologies is integral to remaining competitive in today’s market?
The challenge for governments is to find a way to foster access to modern and effective digital technologies, while protecting the regional interests of their companies and respecting borders. This means protecting the competitiveness of their domestic companies, their intellectual property and the rights of workers operating in their borders. Governments trying to address these issues often turn to sovereign cloud as the solution. The problem is that until recently conversations around sovereign cloud often narrowed down to concerns about data localisation. This definition is overly restrictive and can lead governments to act hastily without addressing the core issues, and in doing so to stifle innovation.
When countries examine the questions of sovereign cloud, it is understandably tempting to impose restrictions on foreign technologies or services while promoting domestic ones. This strategy however is flawed. Most countries lack the resources needed to create national digital champions that can compete with foreign players, many of whom are already well established. Additionally, this restrictive response will hinder domestic companies that have a global presence – or global ambitions.
Finding the right balance
The concerns raised by the cloud are numerous and legitimate, and there are as many solutions as there are industries, data types, or levels of information sensitivity. Yet they all have something in common; realising the full potential of these solutions requires trust. The concept of trusted cloud solutions encompasses that of sovereign cloud solutions and can help solve a challenge inherent to sovereignty, namely that each company has its own definition of it and this definition often differs from that of governments.
A trusted cloud framework needs to take multiple aspects into consideration. Who designs, builds and implements these services and platforms? Who operates them and who keeps them secure? How do we ensure that the resources and levels of expertise are available to sustain a European ecosystem of trusted providers and operators?
In Europe, a milestone was reached with the launch of Gaia-X, an initiative that will allow us to move beyond the debate on data localisation. The initiative aims to return to Europe its “digital and technological autonomy”. Behind this concept of autonomy is the ability for businesses in Europe to choose with better clarity which services and platforms to use, and for Europe to support its existing industries without turning its back on the rest of the world.
The Gaia-X project is to that extent a great opportunity to steer us in the right direction; we can think regionally to boost local competitiveness and innovation, but we must be careful not to turn inwards by blocking innovations created outside Europe, as we must allow companies to remain successful on the international stage.