Just over 20 years ago, in The Matrix: Reloaded, Keanu Reeves taught us an important lesson about technological sovereignty. Mid-way through the film, he arrives back in the last remaining human city, Zion, deep underground, and stands on a balcony with Anthony Zerbe, looking out over a field of servers.
Together, facing an impending machine invasion, they speculate on the nature of control. Reeves – with his usual gravelly brevity – neatly sums it up: if we wanted to, he says, we could shut the machines down.
Over the last few years, especially in the wake of Brexit, the issue of control and sovereignty has become increasingly pertinent. The networking and cloud market has seen a raft of challenges when it comes to control, freedom, and transparency, making life more complex and, at times, difficult for channel partners.
David Devine is partner program manager at OVHcloud. In this role, he is responsible for business development in the channel across system integrators, value added resellers, managed service providers, and consultancies. His key focus is to support partners create and implement a successful strategy to expand their OVHcloud portfolio.
From vendor lock-in to rising prices, threats of international surveillance, and scrutiny from Ofcom into bundling and competition, there is more and more to track today, with each consideration taking up valuable time for channel partners and increasing the overall length of the sales cycle.
And with respect to Mr Reeves – particularly as he does make an important point about the nature of control – the discussion is somewhat more nuanced than the ability to simply shut servers down.
What is data sovereignty?
Data sovereignty is about both control and freedom: it’s the ability to control all aspects of your data, and allowing customers the ability to do the same, practically, politically and economically.
If you don’t have the freedom to move your data, you aren’t in control. For this reason, sovereignty is often associated with residency (where your data is stored) which closely influences how it is handled.
Many people associate data sovereignty with General Data Protection Regulation (GDPR). UK GDPR applies to personal data, and states that data must be stored within the EU or in a country outside the EU that can offer an ‘adequate’ level of data protection, and that data is used ‘fairly, lawfully and transparently’.
However, local country laws also apply, adding a layer of complexity. In particular, the location of the head office of a data center owner intersects with these regulations, making it crucial that organizations understand the nuance and impact of where they choose to locate their data.
There is plenty of non-personal data that requires good governance, which is why we also need international standards for data and cloud security. As most channel partners know, we also have standards for this, including the likes of ISO 27001, and ISO 27018 for cloud environments specifically.
Learn how GPT delivered winning sustainability outcomes and better business resiliency.
DOWNLOAD FOR FREE
From a regulatory perspective, data from specific industries needs to be stored in an appropriate environment and handled according to best practice. For example, in the UK we have PCI-DSS, which governs how payment data is handled, and so on.
Channel partners that can find a cloud provider with infrastructure that is already compliant with these regulations can make life much easier.
Cyber security is also an important component of good sovereignty: knowing where customer data is and how it will be handled means it won’t be exposed to potentially adverse situations, like being processed for national intelligence purposes.
Moving beyond residency
Responsible data sovereignty is about more than just residency and handling. For example, it’s important to consider freedom of (or control over) choice in terms of hardware – and therefore where equipment was manufactured, for example.
Clearly, it’s also no good knowing where customer data is, and having it in a well-established location if you can’t move it when things change. Portability is a key part of sovereignty, but has a number of components, including both standards and commercial arrangements.
To start with, non-proprietary or open-source software, such as OpenStack or Docker, can help to create standardized environments which are easy for customers to move data in and out of.
Furthermore, it’s also important to consider other aspects of portability, such as choosing a provider that allows you as a channel organization to move data when needed – including fair ingress and egress fees. This gives both you and your customers greater freedom and sovereignty.
This may have been exactly what Keanu was talking about, making sure that the human resistance could turn its servers on and off when needed – or scale them up and down to meet the growing (or perilously shrinking) population of the underground city.
It’s also what Ofcom has been looking into, ensuring that competition in the cloud market is good for the UK market, and that ingress/egress fees are not unfair, for example.
With all this in mind, it should be easy to understand why a broad definition of sovereignty is important. Digital freedom is intrinsically valuable, and channel and end-user organizations alike should be able to control and manage their data how they wish and have a free choice of vendors.
However, it goes well beyond this: being able to store and handle data in the way that is right for your company and your customers allows you to move it when it’s beneficial for you to do so.
Risks and rewards
Like the seemingly doomed population of Zion in the Matrix, it’d be easy to sum up by looking at the negative side of the debate. For example, one risk of not considering data sovereignty includes data being subject to country-specific rules that are in conflict with best practice in your region.
This might mean data being processed for economic intelligence reasons, which in some cases could constitute a data breach – and no-one has to be reminded about the crushing fines and reputation damage that come with a personal data breach under GDPR.
It’s far better to look on the positive side. Channel companies that do consider data sovereignty from the outset will tend to have a more consultative relationship with customers.
Channel partners with a good grasp of data sovereignty will have an inherently orderly, flexible, secure, and compliant infrastructure where data is well-governed and appropriate rules are set for your customers’ business, sector, and region.
Or to take another Keanu-related piece of advice, as Ian McShane advises us in the John Wick series, without rules, we live with the animals.
20 years on, Keanu’s movies are still teaching us about best practice in data handling and sovereignty.
