Trusted Cloud: overcoming the tension between sovereignty and innovation

In a world where 80% of businesses depend on globalised supply chains and with an irreversible march towards the cloud, organisations and governments alike are faced with a dilemma. How can we protect our intellectual property at an international level? By Cédric Prévost, Orange Business Services.

  • 1 year ago Posted in
The cloud – which by nature is a cross-border and intangible space – has blurred the notion of territory and borders. With data rapidly becoming one of the world’s most valuable resources, the cloud increasingly represents both an economic and a diplomatic challenge.

The restrictions of sovereign cloud

It is now more important than ever that businesses and governments control and understand their data journey at every stage, from producing and sharing data to creating value from it. The move towards the cloud has been followed closely by a dramatic rise in cyber-risks both foreign and domestic. Meanwhile, the manufacturing of electric components, the writing of software’s code and the people with the implementation skills needed to address these issues are spread widely across the globe. Currently no solution on the market can claim to combine the broadest possible security guarantees for all these different components, tailored to each companies’ regulation framework, while maintaining both maximum scalability of their functionality and the most competitive prices.

As a result, companies are now choosing between different cloud solutions that – to a greater or lesser degree – they “trust”. They also roll out and use the highest-performing technologies and services, regardless of their country of origin as and when it is necessary. In the context of the cloud, this raises important questions around data sovereignty. And this is especially true with regards to where their data is stored and the different regulations around data protection. But can we really blame companies for acting this way, when access to the latest technologies is integral to remaining competitive in today’s market?

The challenge for governments is to find a way to foster access to modern and effective digital technologies, while protecting the regional interests of their companies and respecting borders. This means protecting the competitiveness of their domestic companies, their intellectual property and the rights of workers operating in their borders. Governments trying to address these issues often turn to sovereign cloud as the solution. The problem is that until recently conversations around sovereign cloud often narrowed down to concerns about data localisation. This definition is overly restrictive and can lead governments to act hastily without addressing the core issues, and in doing so to stifle innovation.

When countries examine the questions of sovereign cloud, it is understandably tempting to impose restrictions on foreign technologies or services while promoting domestic ones. This strategy however is flawed. Most countries lack the resources needed to create national digital champions that can compete with foreign players, many of whom are already well established. Additionally, this restrictive response will hinder domestic companies that have a global presence – or global ambitions.

Finding the right balance

The concerns raised by the cloud are numerous and legitimate, and there are as many solutions as there are industries, data types, or levels of information sensitivity. Yet they all have something in common; realising the full potential of these solutions requires trust. The concept of trusted cloud solutions encompasses that of sovereign cloud solutions and can help solve a challenge inherent to sovereignty, namely that each company has its own definition of it and this definition often differs from that of governments.

A trusted cloud framework needs to take multiple aspects into consideration. Who designs, builds and implements these services and platforms? Who operates them and who keeps them secure? How do we ensure that the resources and levels of expertise are available to sustain a European ecosystem of trusted providers and operators?

In Europe, a milestone was reached with the launch of Gaia-X, an initiative that will allow us to move beyond the debate on data localisation. The initiative aims to return to Europe its “digital and technological autonomy”. Behind this concept of autonomy is the ability for businesses in Europe to choose with better clarity which services and platforms to use, and for Europe to support its existing industries without turning its back on the rest of the world.

The Gaia-X project is to that extent a great opportunity to steer us in the right direction; we can think regionally to boost local competitiveness and innovation, but we must be careful not to turn inwards by blocking innovations created outside Europe, as we must allow companies to remain successful on the international stage.

By Adrian Bradley, Head of Cloud Transformation, KPMG
By Ashish Arora – Vice President (UK, Ireland & BeNeLux) at HCL Technologies
By Jason Gregson, Head of AWS Programs and Operations, DoiT International
By Andrew Weaver, Lead Specialist Solutions Architect, Databricks
Cloud computing gets headlines every day, with predictions about the percent of workloads moving to large public cloud providers. While there is some momentum in the IT industry to move to public cloud environments, this choice is not automatic. Several decisions must be looked at closely before moving critical workloads to a public cloud provider. Different computing environments serve different needs of IT organisations, and one environment is not ideal for every enterprise.
By Alex Roditis & James Arias, Co-founders of Weaver Labs