Apps & Cloud3 min read

Can There Be Data Sovereignty Without Cloud Sovereignty?

Laurent Allard

Data fuels the digital economy and is the ‘cornerstone of our industrial competitiveness,’ according to the European Commission. But its value is determined by how it can be protected and used by those who own it.

The challenges of managing and storing sensitive data are growing. Sixty four percent of EMEA organisations have increased their volume of sensitive data, and 63% have already stored confidential and secret data in the public cloud, according to IDC.

Managing this exposure of highly sensitive data, which could be financial, personal, national or critical information, is driving the need for data sovereignty – where this intelligence is bound by the privacy laws and governance structures within a nation, industry sector or organisation.

This exposure of such data in the public cloud should be influencing every organisation’s future cloud strategy and the imperative of sovereign clouds. If your management has its head in the clouds when it comes to data sovereignty, here are five considerations to help you demonstrate the value of a secure data strategy, and explain why there is no data sovereignty without cloud sovereignty.

1. Choose your cloud environment based on data classification

While it is now common for organisations to use several clouds to secure and manage their data and applications, with the drive for sovereignty, we’re seeing a review of usage to allow a mix of clouds with different levels of control and certification. This boils down to the type of data, for example its volume, sensitivity, criticality and exploitability; the data owner’s priorities in regard to it, such as its privacy or economic advantage; and regulations.

Data sovereignty therefore needs to start with the classification of data, to ensure specific assurances and capabilities on data residency, data protection, interoperability and portability. Organisations can then choose the best clouds for the job, from sovereign private clouds to sovereign public clouds to trusted public clouds - ensuring they comply with sovereignty and jurisdictional rules.

2. Secure your data

Data is undoubtably the driver of success. One example is McDonald’s, where the company successfully used visitor data to assess the effectiveness of its iconic Piccadilly Circus billboards, and redirected marketing spend towards smaller, personalised adverts instead. This increased footfall to desired locations, and ultimately, drove up sales.

At the same time, companies are aware that their data strategies must be handled with care to ensure customer privacy. Concerns amongst consumers are increasing and getting louder in this growing discussion. There are new rules on the way, like DORA, which will help harmonise hard-to-reconcile regulations and reporting standards in banking across EMEA. Even with simplification like this on the horizon, meeting these regulations can be a complex journey for companies that operate across international borders.

3. Keep abreast of local data laws

Data sovereignty laws differ from one country to the next, with over 100 countries having their own standards on how data should be treated and stored within their sovereign borders. They also rarely stand still and change constantly. Organisations that fall foul of these can end up paying fines of hundreds of millions of dollars and be seen as unreliable and untrustworthy in the eyes of the consumer. So, how can organisations perform this delicate dance in a way that allows them to mine customer data without betraying their customers’ trust? The answer lies in the ability to share, monetise and protect data that resides across multiple clouds.

4. Forge relationships with an established network

Those looking to explore this further should form relationships with one of the newly formed global networks of sovereign cloud providers who have joined forces to ensure that data is protected, compliant and resident within a national territory. Working with an entity that has both national and local partners guarantees an organisation will be meeting niche requirements across the board. It also gives decision makers the ability to choose the right cloud for a specific data classification, with better governance around data mobility. These specialised clouds are operated by a sovereign entity, so they’re exempt from foreign jurisdictional control.

Sovereign clouds are becoming integral to “cloud-smart” strategies, enabling organisations to run their business operations across multiple clouds to better serve their end customers and to gain strategic advantage.

5. Data sovereignty drives innovation

Ultimately, the reason why sovereignty is so important is that it enables organisations to innovate with their data and deliver new digital services. Historically, there has been mistrust in the cloud, leading to a lack of innovation. Some of the biggest generators of data, such as finance and healthcare, continue to avoid use of public cloud because of privacy fears. This significantly handicaps their ability to innovate, and means they are losing out on other benefits of cloud technology, such as cost-reduction, agility and scalability. It is paramount that moving forward we avoid the mistakes of the past and ensure sovereign data from the start. Today, sovereign cloud is increasingly perceived as being a key enabler for ‘data-driven’ innovation.


To support education around data sovereignty in your organisation, ensure these five key considerations are understood by all. In a world where trust is everything, both between B2C and B2B, don’t let your data strategy get tripped up by misplaced assumptions about data sovereignty.


Learn more about VMware’s Sovereign Cloud products and solutions here!