The topic of data jurisdiction has traditionally fallen under the domain of IT stakeholders in regulated industries such as healthcare, government, financial services and insurance. For all others, the physical location in which messages and other electronic assets are stored had little impact on business decisions or the cloud solutions used.
Fast-forward to today and much has changed. The impact of data jurisdiction is now an important concern for all organisations that are considering a private or public cloud solution. The same is true for solution vendors, which represents a significant opportunity.
Enhanced privacy legislation introduced in Australia, Singapore, Germany, and Malaysia, to name a few, as well as the impending EU Data Protection Directive, are the beginning of a global shift toward greater data transparency. Today's business owners now prefer – and often must ensure – that their data is being stored domestically before any commitment to vendors can be made.
The current Goliath-turned-David position of Microsoft against the US Department of Justice, over transatlantic Office 365 data will likely have a profound impact on how businesses choose to consume cloud. As legislation that was originally created around physical objects is now being applied to digital assets, the legal boundaries around data jurisdiction have blurred and are subject to interpretation.
As the data jurisdiction blueprint evolves, opportunities continue to grow for vendors looking to establish themselves at the forefront. Successful vendors will be the ones aggressively demonstrating thought-leadership around privacy and security as it relates to not only their own business, but also the reseller channel and ultimately end users.
How is it impacting businesses today?
The problem for most businesses is the lack of standardisation on data jurisdiction. What is clear, however, is that the trend is moving toward enhanced domestic data sovereignty requirements for all businesses – whether as a means to follow global best practices – or to comply with new legislation. Today in Australia, for example, in order to comply with the new Australian Privacy Principals, any business with revenue in excess of $3 million AUD (£1.55 million) must prove complete transparency as to where data is stored. Microsoft now hosts Azure and Office365 in local Australian facilities to help customers meet these requirements. Similarly, Salesforce.com recently opened a UK data centre in reaction to data sovereignty concerns, the first of three planned facilities in Europe.
How do cloud service providers respond?
While the absence of clarity and global standards may cause anxiety and frustration for many organisations, for others, it presents an opportunity to forge new trails ahead. The following are some of the ways in which service providers can best position themselves for success:
Engage in meaningful conversations. Organisations who engage partners and customers in relevant discussions about security, compliance, privacy and data sovereignty will have an advantage over those who are staying quiet on the subject. By driving new dialog, providers will build trust and have a greater understand of customer pain points. This knowledge can be translated into an action plan for improved data management.
Build more flexible hosting strategies. Service providers who respond quickly and effectively put themselves in a more competitive position. This means having the agility to set up deployments around the world as well as offering a level of transparent and open architecture that seamlessly integrates with a customer's existing environment. Azure and Amazon Web Services are good examples of such platforms, both have achieved a high level of agility along with offering deployment-friendly tools, such as automation control panels. Their investments and expertise are also helping pave the way toward more accessible and cost-effective global hosting capabilities for other service providers.
Whatever the outcome, complex data sovereignty and privacy requirements are a sure sign of a maturing market and of the rapid adoption of cloud services, which is all good news for service providers. Organisations should not view data sovereignty as an obstruction, but instead see it as an opportunity to increase their market share. The best cloud strategies will undoubtedly be the boldest ones by the companies that treat data sovereignty as a strategic driver, turning it into a revenue generator and differentiator and not a barrier to success.
Contributed by Cameron Burke, senior vice president of business development of Cirius Messaging Inc.