Sizing Up the Data Residency Challenge
One issue that keeps coming up in global enterprise circles is the concept of data residency or data sovereignty. As more governments become wiser to the implications of the digital economy on consumer protection, privacy and even national security, the more they wish to keep certain information from leaving their borders.
This puts many international businesses, such as banks, retail services, telecommunications providers, and even many government agencies, in a tough spot. The entire reason for building a global digital ecosystem is to move information from place to place quickly, easily and at low cost. Interfere with that, and you are placing an artificial drag on the world economy.
Solutions to this issue run the gamut from legal to political to technological, but everyone agrees that it will not be an easy fix. Organizations like the Object Management Group (OMG) are starting to take on some of the more difficult challenges, riding a wave of growing concern that if some kind of order is not imposed by someone, we could find ourselves with governments willingly shutting their citizens off from an increasingly digitized civilization. According to a recent survey of OMG members, 84 percent report that they are already encountering data residency issues, but less than half have appointed someone to address them. The group recently formed a Data Residency Working Group that will meet for the first time next week to begin drafting proposals within the year.
The most direct response to data residency challenges is to establish infrastructure within the jurisdiction that is demanding residency. This is where traditional platform-developers-turned-cloud-providers say they have an edge by virtue of their often extensive data presences within most of the world’s leading markets. IBM, for example, recently added new facilities in Sydney, Australia, and Montreal, Canada, to its SoftLayer platform, supplementing sites in Germany, Mexico and Japan that came online in the past few months. Each center is the second in their respective countries, which gives SoftLayer customers not only data residency but residency-compliant redundancy as well.
This is certainly a welcome development for many governments, which gain not only a level of control but heady influxes of both capital and labor to their local economies, but it still does not satisfy all the residency concerns. For one thing, there is no way to independently verify that inappropriate data transfers have or have not occurred, and when data breaches are revealed, only a cloud provider or an enterprise with the most thorough data forensics capabilities can determine where, when and how it happened. In a legal sense, then, violations of residency requirements or responsibility for data breaches can only be ascertained by the owner of the infrastructure.
The digital economy is starting to break down basic principles surrounding the means, methods and even location of economic activity, and this is poised to wreak havoc on many of the key legal underpinnings of world commerce. Technology can ultimately work through some of these issues, but ultimately the world’s governments will have to come to a meeting of the minds and decide where responsibilities lie in a world without boundaries.