Understanding the foundation of Sovereign Cloud as regulations grow.
Since the start of the pandemic, we’ve seen enterprises strive to transform at a faster rate than ever before — whether it be to address increased client demand for digital-first experiences or to enhance security strategies following major cyberattacks. Today, businesses across industries are grappling with a vast number of disruptive forces.
At the same time, we’re in an era where certain countries are taking an assertive approach to the governance of data and technical infrastructure to reduce risk. In fact, today, many countries have existing legislation or draft legislation to secure the protection of data and privacy. As nations enact laws designed to protect data, IBM is focused on helping clients as they prepare to address their local requirements while driving innovation at the same time.
What is the foundation of Sovereign Cloud?
As countries evaluate how to best mitigate risk, we’re increasingly seeing nations put regulations into place that are designed to help protect and control nationally generated data and assert countries’ rights to technological autonomy. We believe the primary objective of these policies is to protect data and the privacy of citizens, businesses and government organizations against misuse, exploitation, cyberthreats and terrorism.
As more regulations are enacted, we see a common foundation based on the idea of self-determination and freedom from outside interference, with the core principle being that data and data operations are subject to the legal protections and penalties of a single legislative jurisdiction. Across the globe, we’ve seen the legislative jurisdiction is typically only in the country or region in which the services and data reside.
As organizations move further into their hybrid cloud journeys, a defined approach to Sovereign Cloud can help deliver the levels of security and data access required to meet specific local jurisdiction laws on data privacy, access and control.
How IBM Cloud can help clients protect data and address local requirements
As countries embark on their data sovereignty journeys, IBM Cloud is committed to helping clients prepare while continuing to help them protect their data with high levels of security where their data resides. While Sovereign Cloud is an evolving cloud operating model for the industry, sovereignty encompasses data privacy, data residency and service locality. Locality entails moving all services to where the data is, potentially also running disconnected from cloud, while residency requires moving the data handling services to where the data is, keeping it at the client location or within the target regulatory jurisdiction.
These capabilities are each topics related to sovereignty, and together they build toward the full vision of Sovereign Cloud, helping clients meet the legal and regulatory requirements of a set of selected jurisdictions while running locally. IBM Cloud recommends a strong Sovereign Cloud approach — one that puts data privacy and locality at the very forefront. By helping address the individual issues composing sovereignty, this approach accommodates a variety of scenarios clients may face.
For example, a Sovereign Cloud approach with locality at its center can help governmental entities that are looking for full local operation. They want the benefits of full cloud support, including multitenancy, but with complete local resources and control. In contrast, enterprise organizations may have less stringent internal requirements in some areas, but still face a variable mix of requirements from multiple regions that can make them more complex to serve — in this case, it is key to ensure that data privacy, residency and location are well architected.
As we help clients as they address risk and compliance with the evolving landscape of data regulations, IBM Cloud’s focus is on building solutions that can help clients adhere to global sovereignty requirements, working with them both directly and through our ecosystem of partners around the world.
Regulations will likely continue to change, and IBM remains committed to helping protect data — where it resides — and will continue to work closely with clients as they address their unique country requirements.