Skip to Content

Accelerating data sovereignty in the new cloud landscape

Geert van der Linden
1 Feb 2023

If organizations want to seize the digital opportunity, there’s only one destination for ever-growing mountains of data – and that is the cloud.

Most know this, which is why worldwide spending on cloud services is expected to reach $1.3 trillion by 2025 – reflecting an annual growth rate of about 16.9%.[1] Such extraordinary investment into the data-driven, cloud-based economy is leading the change towards Intelligent Industry, but right now questions over privacy and regulation obstruct the accelerator.
While the issue of “sovereignty” is nothing new, it has gained prominence more recently in response to the pandemic and rising geopolitical tensions. Both revealed significant vulnerabilities in complex international supply chains and emphasized the role and storage of critical data. To prevent security incidents and gain control over physical and digital assets, governments and organizations are starting to re-evaluate their relationship with data.
So, why are concerns over data protection and trusted infrastructure making sovereignty central in today’s cloud market? And why is a sovereign cloud so important for progress?

Security as front of mind

Every organization wants control, choice, and autonomy over their data, systems and applications. But as businesses become increasingly dependent on public cloud vendors, leaders are becoming more concerned about their exposure in doing so. We surveyed executives from over 1,000 organizations across different sectors and found that almost three-quarters (73%) have security or resilience-related concerns with public cloud vendors. In parallel, organizations are becoming cautious about how to control the flow of data across boundaries and how to contain data in certain regions within the cloud environment, with 67% reporting concerns in this area.

This presents an issue. Why? Because building transparent, secure, and healthy data ecosystems is essential in the transition towards the Intelligent Industry. Hesitancy impacts progress, and so organizations and state-bodies alike must be assured that their data is going to be stored privately and safely wherever it is.

This is no more the case than in sectors where there is a significant duty to protect the privacy of clients or consumers. Take healthcare, for instance, where the cloud-based model holds potential to deliver better customer experience (CX), such as giving doctors and nurses easy access to prescribe and check on their patients anytime, anywhere. The major concern is that any leak or breach of confidential data can be severely damaging, and in some cases, potentially life threatening for the patient.

Data sovereignty means that cloud providers can safeguard user data like never before and ensure that it is used only in accordance with strictly defined rules. CEOs, such as those working in healthcare, can store confidential records and explore the opportunities of the cloud with greater confidence.

Although the benefits are clear, why the push now?

The public sector imperative

The primary reason for cloud sovereignty for 67% of organizations is handing over more control of their data  and having greater transparency; 71% of organizations believe that cloud sovereignty will be adopted to ensure compliance with regulations and the standards of the nation, state, and local government. In many ways, they are right because in the last few years, state bodies have started driving sovereignty forward with greater urgency.

The EU’s General Data Protection Regulation (GDPR) and Clarifying Lawful Overseas Use of Data (CLOUD) Act in the US were both passed in 2018, with the former cementing data rights for individuals and the latter asserting a government’s right to access. Together, they launched sovereignty into the centre of cloud strategy and since then, momentum is gaining with initiatives like the EU’s GAIA-X, which takes the principle further.

By uniting the private and public sectors to establish a unified ecosystem of cloud and data infrastructure services, GAIA-X brings access, ownership, and collaboration into the heart of the data ecosystem. Proposals like this are key for enhancing sector use cases; not only do they assuage security and trust concerns but also encourage data sharing.

Sovereignty, hyperscaled

This said, more than two thirds of businesses (69%) cite “potential exposure to extra-territorial laws” as a key concern in the current cloud environment. The jurisdiction issue is problematic as data is often stored outside of the place in which it is produced. Despite more than half of organizations (52%) planning to include sovereignty in their overall cloud strategy (in the next 12 months), 43% are limiting their cloud sovereignty strategy to data localization.

For these organizations, the possibilities for innovation and scale provided by hyperscalers exceeds the potential exposure to extra-territorial law. In turn, focus is shifting to service providers to also manage their sovereignty issues. This call is not being ignored and many cloud providers are already adapting their offerings to incorporate varying degrees of sovereignty while moving the cloud.

With complexity in the regulatory landscape pushing countries and providers to act on cloud sovereignty, firms should start looking at the benefits beyond the regulatory lens. The establishment of a secure foundation will open the opportunities of collaborative data ecosystems and unlock critical, data-driven applications across many industries. By starting to assess internal readiness to embed sovereign cloud, and then proactively incorporating components into their infrastructure, organizations will not only manage regulatory risk quicker but will also build trust and gain the competitive advantage in the digital age.

Contact us to understand how we are uniquely positioned to help you structure cybersecurity strength from the ground up. 

[1] IDC, “IDC forecasts worldwide “Whole Cloud” spending to reach $1.3 trillion by 2025,” September 2021.

Meet the author

Geert van der Linden

EVP and Head of Global Cybersecurity Services & CISO, Cloud Infrastructure Services (CIS GBL), Capgemini