Countries around the world are increasingly promoting local clouds and data protection. Here's what you need to know.
One of the Internet's great powers has been its ability to transcend national borders. The free flow of information between countries and increasingly faster networks allow consumers and businesses to access technologies and services that physically reside thousands of kilometers away.
The Balkanization of the Internet?
Of course, some countries have built digital “walls” to separate their citizens from the Internet to varying degrees. Countries like North Korea have widely restricted Internet access, while others have created elaborate firewalls and gateways. However, as the Internet matured, the trend seemed to be more interconnective, not less.
That trend seems to be changing . The most prominent service providers, such as Amazon, Google, and Microsoft, are US-based companies with a significant amount of their technology assets in the United States. This began to raise concerns in many countries, initially arising from concerns about the data of citizens residing in other countries.
For example, if someone lives in the UK but their data for a cloud-based application is stored in the US, which country's laws apply to that data? If the UK requires certain protections around personal information, will another country be required to follow these laws?
Concerns have also increased as big technology companies enter new markets. For example, with billions of potential consumers, China has an obvious interest in foreign companies. Still, these companies may be required to comply with laws that allow access to technology or limit certain content.
The recent conflict in Ukraine has further exacerbated these difficult issues . Russia was quickly isolated from Western digital networks and tools, raising concerns from other nations. If your critical data and applications reside in another country, can these services be “disconnected” in the event of a conflict or strained relationship?
The answer to these concerns came in the form of what we generally call data sovereignty laws, regulations that dictate how data should be stored and, in some cases, kept in-country and subject to that country's jurisdiction and oversight .
These laws are generally easy to comply with if you want to serve clients in large European or Asian countries. But what happens when you're looking to build a cloud-based application in the Middle East, Africa, or another region where there may be restrictions on the providers or platforms you can use?
The legal and geopolitical side of cloud architecture
When designing your cloud architecture for a new or updated application, it is now essential to consider the legal and geopolitical aspects of the project in addition to the technical aspects. This can be a challenging activity for technology leaders more accustomed to bandwidth concerns than border concerns especially as many of these regulations are evolving rapidly in response to privacy concerns and changes in diplomatic relations.
Hybrid clouds or other architectures that combine cloud services with on-premises infrastructure may become necessary as your company enters a new regional market or seeks to expand. Emerging and growing markets can be particularly challenging, as their laws are likely to evolve more quickly. There is also the conundrum that a local office or partner company might suggest that the law is just a “suggestion” and is not currently enforced. While this may or may not be the case, you need to carefully consider the risks of ignoring local laws that may not be enforced one day, but subject to fines or even criminal penalties the next day, based on changing political winds or the prerogative of a government official.
Even in familiar, “mature” geographies, regulations are complex and tend to move away from globalized data and computing and more toward local data storage and computing. What was acceptable six months ago may now violate local laws. If you haven't already spoken to your company's legal team or outside counsel about these issues, it's time to do so if you have any current or planned international expansion.
Design for flexibility
The most significant benefit of cloud computing is that it offers great technical flexibility. The advent of the cloud freed up the architecture of specific hardware and operating systems and enabled widespread applications that could rapidly increase or decrease their capacity as demand dictated.
Geographic flexibility is still a challenge even for large cloud providers, especially when it comes to emerging markets. When designing new applications, focus on building flexibility into where and how they are hosting and storing their data. If your application is designed from the ground up to support storing data in different geographic regions, or to be hosted on several different cloud providers as geographic demands dictate, you will be in much better shape than assuming your application will be around forever on AWS US. East.
Likewise, set aside time in your planning and design to address these legal issues. What may seem like bureaucracy can have significant legal force, including prison sentences in many countries. This is one of the rare cases in which a poor technical design can put life and physical integrity at risk and deserves appropriate attention and knowledge.
Furthermore, understanding and accommodating these issues can even give your company an edge in a competitive market. If you know how to do business in a specific region and deploy a scalable and compatible cloud application, you will be another step ahead of the competition.
