Data Sovereignty And Cloud SaaS Providers

MARC BROWN May. 6, 2020
Follow Digital14 thought leaders, news, and alerts.

Do You Know Where Your Data Is? You need to.

As organisations in the UAE begin to consider deploying or expanding their use of applications in cloud infrastructure, they need to be mindful of data sovereignty, and the potential legal implications it poses. This risk is considerably amplified when organisations consider storing sensitive data in public cloud outside of UAE jurisdiction, or with global cloud providers who typically store both their applications and data across many different data centres in several jurisdictions. In nearly all cases, outside of the UAE.

Why is Data Sovereignty So Important?

Data sovereignty, the concept that data is subject to a country's laws when it is stored within certain borders, is becoming more of a challenge for businesses as they move to the cloud. And the issues are not trivial, but both complex and evolving. 

Organisations can be fined up to 4% of annual global revenue if they break the data sovereignty General Data Protection Regulation (GDPR) regulations. The GDPR protects EU citizen's privacy and information and applies to all organisations across the globe who have or use data from people residing in the EU. 

What's worse, sensitive information, applications, and data that are critical to UAE commercial and government organisations stored in a public cloud could be subject to non-UAE laws. Moreover, it may not even be obvious to you, as your SaaS application you are using, such as web-based video conferencing, could be storing sensitive information – recordings, logs, certificates, and more – outside of the UAE. 

Even with dedicated storage in the UAE, global vendors who are based in other countries, such as the United States could be a threat to your organisation's data privacy and sovereignty. For example, in April 2014, a US judge ordered Microsoft to give the Court access to the contents of one of its customer's emails stored on a server located in Ireland. These risks have increased in complexity with several US congressional bills (such as the Cloud Act, Stored Communications Act (SCA), Foreign Intelligence Surveillance Act (FISA), and the Patriot Act); or the exposed activities by the national intelligence agencies. The reality is, many if not all countries are still evaluating and evolving their data sovereignty rights (i.e., protection, access, etc.) for data stored within their borders.

Data Sovereignty Options  

Fortunately, there are options for UAE organisations that will eliminate the challenges posed by data sovereignty. Organisations with their own private on-premises environments overcome these challenges. On-premise solutions lose some of the conveniences public cloud solutions offer, like ease of setup. They also incur the added expense, both OPEX and CAPEX, of managing their on-premise platforms. 

Hybrid cloud allows companies to choose what data they want to deploy to the off-premises cloud and what data they need to keep on-premises. Unfortunately, there is an intrinsic risk with this approach, as sensitive data could be classified incorrectly and stored in a public cloud. 

Solving Data Sovereignty via UAE Sovereign Cloud   

A UAE sovereign cloud approach eliminates all of these risks and challenges, enabling organisations to leverage the benefits of the cloud. With a Digital14 solution, organisations get the best of both worlds. Customers can have the speed and agility of the cloud, with the security of a UAE sovereign solution. Are you ready to tackle data sovereignty challenges facing your organisation? Visit now for more information regarding trust services, PKI, and secure cyber security products.