It was not that long ago that the concept of data and system ownership was a nonissue. Most organizations ran everything on their own internal systems. Today things are different. Propelled by the COVID pandemic, the proliferation of cloud infrastructure with on-demand services, software, storage, and computing, has raised a new issue — cloud sovereignty.
Current geopolitical tensions, new data privacy laws, and the dominance of the hyperscale cloud players (e.g. Amazon, Microsoft and Google) have the potential to change the IT landscape. This is now forcing organizations to consider how to limit their exposure to emerging threats and retain control over their technology assets.
What should a manufacturer whose ERP and other systems run in the cloud be planning, preparing and structuring themselves to handle challenges around sovereignty that may occur?
Sovereignty considerations
There are key issues around sovereignty:
Data sovereignty — where data is stored, in which jurisdiction is it hosted, who can access it and under what circumstances, and who owns the data?
Operational sovereignty — where in the cloud are operations carried out, is continuity of service guaranteed, does the company’s cloud service comply with region or industry-specific regulations, and can a company easily change a cloud provider?
Sovereignty and business
A report on cloud sovereignty (The journey to cloud sovereignty: Capgemini, 2022) quotes several statistics around cloud sovereignty:
52% will include cloud sovereignty in their strategic plans
69% of organizations are concerned about how other countries’ data protection may affect them
60% rank the availability of regional or local data centers as a key factor in cloud vendor selection
43% will limit their data location to a preferred national jurisdiction
Companies need to know if their cloud deployment extends into countries with different sovereignty laws because certain sovereignty regulations dictate where data can be processed. They also need to have assurance of data security and access management, as well as transparency over control of the data.
Cloud Sovereignty and ERP
Companies who are moving their ERP system to the cloud will have to factor in the issue of sovereignty when planning their cloud adoption strategy.
Questions need to be asked of the cloud provider:
Where is our data stored?
Is the data safe and secure?
Is the data encrypted when stored?
When data is being transferred between systems is it encrypted?
What standards are used to ensure data security and integrity, and is it audited by a third party?
There are also questions that companies will need to ask of themselves.
For data relating to suppliers, can it be shared without violating any jurisdictional issues?
How should the data of international customers and their transactions be managed depending on the data sovereignty and protection regulations of their countries?
This will probably require companies to start classifying data that is hosted in the cloud so that the impact of data sovereignty regulations can be mitigated. Classification will not just be for live data, but also for backups, especially if backups are stored in other data centers. Data that is archived — deleted or removed from use but still available — will also need to be considered.
The issues are not all negative. According to Capgemini, nearly half of their survey respondents believe that a trusted cloud service will enable them to take advantage of new technologies, like the Industrial Internet of Things and artificial intelligence. A cloud platform can also provide a secure ecosystem for collaboration and data sharing with trusted partners.
Cloud sovereignty and strategy
Cloud sovereignty is not a short-term issue. Organizations will have to grapple with it and be prepared to adapt their strategies as sovereignty and data protection initiatives grow in different countries. For a cloud ERP system, companies will need to manage who can access data, whom has jurisdictional control over the data, and where data is geographically stored so that it is secured.
Data and system ownership used to be a non-issue, but times have changed. With the proliferation of cloud infrastructure, on-demand services, and computing, the issue of cloud sovereignty has emerged as a new challenge, especially with the COVID pandemic’s impact. Today, geopolitical tensions, new data privacy laws, and the dominance of hyperscale cloud players like Amazon, Microsoft, and Google are changing the IT landscape, forcing organizations to limit their exposure to emerging threats and retain control over their technology assets.
Cloud sovereignty raises critical issues around data and operational sovereignty that organizations must consider. Data sovereignty refers to where data is stored, who can access it, and who owns the data. Operational sovereignty concerns where operations are carried out, whether continuity of service is guaranteed, and whether cloud services comply with region or industry-specific regulations.
The issue of sovereignty affects all businesses, including manufacturers whose ERP and other systems run in the cloud. To handle challenges around sovereignty that may occur, companies must plan, prepare, and structure themselves. They need to know if their cloud deployment extends into countries with different sovereignty laws, as certain sovereignty regulations dictate where data can be processed. They also need assurance of data security and access management and transparency over control of the data.
Moving an ERP system to the cloud requires careful planning to factor in the issue of sovereignty. Companies must ask cloud providers about data storage, safety and security, encryption, data transfer, data security standards, and third-party auditing. They also need to ask themselves questions like how to manage data for international customers and their transactions depending on data sovereignty and protection regulations in their countries.
Companies will probably need to classify data hosted in the cloud so that the impact of data sovereignty regulations can be mitigated. Classification will apply to live data, backups, and archived data. Despite the challenges, nearly half of survey respondents believe that a trusted cloud service will enable them to take advantage of new technologies like the Industrial Internet of Things and artificial intelligence. A cloud platform can also provide a secure ecosystem for collaboration and data sharing with trusted partners.
Cloud sovereignty is a long-term issue, and organizations must grapple with it and be prepared to adapt their strategies as sovereignty and data protection initiatives grow in different countries. For a cloud ERP system, companies must manage data access, jurisdictional control over the data, and geographic data storage to secure it. With careful planning, companies can mitigate the risks and take advantage of the benefits of the cloud to drive innovation and growth.
View SYSPRO Cloud ERP for more info >>
