Sovereignty risks forcing a rethink on data location: Survey

Partners have a role to play in sovereignty strategy and services

Data sovereignty is evolving from a technical challenge to a business issue, and partners are key in delivering this issue to end users.

According to a survey of industry leaders conducted by the University of Technology Sydney for Pure Storage, 92 percent agreed inadequate sovereignty planning could lead to reputational damage and 85 percent identified loss of customer trust as the ultimate consequence of inaction.

“It’s important that we work closely with our partners to help joint customers recognise that data sovereignty is becoming strategically critical,” said Matt Oostveen, VP and CTO, Asia Pacific and Japan, Pure Storage.

Partners can help customers develop a data sovereignty strategy that will meet their objectives, helping identify gaps, protecting data and offering service delivery, while remaining regulatory compliant and agile.

Data sovereignty means organisations having control of customer data, but poor sovereign approaches can expose organisations to security vulnerabilities, service disruption, loss of trust and financial damage.

All respondents (100 percent) agreed that sovereignty risks have led them to reconsider where data is located. For organisations, the first step is starting the conversation and seeking support to conduct a risk assessment.

The survey found 78 percent of respondents are already adopting different data strategies in response to sovereignty concerns.

These include implementing multi-service provider strategies, adopting sovereign data centres and embedding enhanced governance requirements in commercial agreements.

Partners may find consulting and managed services opportunities to help assess workloads, architect the right mix of storage solutions and run operations that comply with sovereignty requirements.

“This is an emerging challenge for everyone, and we expect different partners to take different and tailored approaches to helping their customers, particularly given that risk assessments may uncover a range of individual customer challenges,” Oostveen told CRN Australia.

Data sovereignty considerations will differ depending on the sector, with public sector organisations already required to store and manage data in Australia. Banking, finance and resources typically operate internationally and have more risk to assess from a data sovereignty perspective.

“What they will have in common, however, and this is an opportunity for many of our partners, is to help customers define a data strategy that addresses the urgent demands of the situation,” Oostveen said.

This means determining what data should go where and how it should be managed based on a number of different metrics, such as the sensitivity of the data, nature of personal information, downstream impact, and potential for identification, for example, through metadata.

Oostveen acknowledged that it’s still early days, with many organisations starting to grapple with the question of data sovereignty. Larger companies may have the resources and IT teams to manage compliance in their infrastructure but smaller companies may need more help.

“Companies are still figuring out how to deal with data sovereignty, but we anticipate there will be demand depending on the size of the organisation,” he said.