Data sovereignty and compliance need help
It’s a critical issue which our poll suggests influences the choice of on and off prem hosting platforms
Reader Survey Results Back in September, we asked readers of The Register about data sovereignty. It's a concept about which we see more and more conversation among businesses, and increased awareness is also bringing corresponding concerns about the perils and pitfalls of not taking it seriously.
One of those concerns is anxiety around cloud providers not hosting sensitive information in accordance with national or regional data privacy legislation, and their exposure to laws such as the US Department of Justice's Cloud Act. So to get a better idea of how this impacts different companies, we first asked: Where does your organisation store and process sensitive information governed by data protection legislation?
As the first question was a "tick all that apply", we had 184 responses from a total of 131 readers. The figure that we initially thought surprising was that 48.1 percent of respondents still have their systems and data in private, on-prem data centres. Once we'd thought about it a bit, though, it makes sense.
Because what one tends to find, even among companies chanting mantras like "Cloud First" and throwing apps and data into the public cloud (and 34.4 percent said they are using public cloud services) is that there's usually a subset of systems that can't be – or simply aren't – moved from on-prem into the Azures and AWSs of the world for various reasons.
Private cloud had a reasonable level of usage – with 22.1 percent using on-prem private cloud and 17.6 percent off-prem private cloud – and 18.3 percent saying they have a hybrid world. The underlying answer seems, then, to be: none, or at least very few, people out there are using just one type of hosting platform, with systems and data split between stuff we manage ourselves and systems whose lights are kept on by someone else.
We went on to ask: How important is it for your organisation to store some or all of the information it processes in accordance with national/regional data sovereignty rules/guidelines? Unlike the first question, you only got to pick one answer here, which 129 people did.
The least surprising answer of the survey was those who ticked Irrelevant. That's 1.6 percent of people, or just two. This figure somewhat restored our faith in humanity – except of course for those two who ticked that option. Next up the criticality list was Not very important, whose 11 selectors made up 8.5 percent of responses.
After that came Important, with 39 responses (almost a third, or 30.2 percent) and finally we had the top answer, Critical, with 77 people and a tad under 60 percent of the total responses.
This was, then, a survey of two halves. The variety of hosting approaches being used varied widely, and we had a total of 184 responses from our 131 readers implying that the thick end of 50 or so people are using more than one hosting method.
On the overall importance of data sovereignty, though, the readership were clear: Critical scored way more than all the others put together.
And that's reassuring. Because despite it being actually quite tricky to nail down a precise, agreed definition of what data sovereignty actually is, it's nonetheless a concept that people are certainly concerned with, that they're thinking about, and that they're doing something to address.
Sponsored by Intel.