The pandemic has highlighted how integral technology is to help us work, shop and interact with each other. As more of our critical infrastructure and services become dependent on software hosted in the cloud, outages are more than just an inconvenience.
But many businesses are playing a risky game with their cloud providers. They often use one main provider, located in a small number of places around the world – meaning if downtime occurs, they are left high and dry. On top of this, there are various data sovereignty and privacy concerns associated with using one sole provider across borders.
In this piece we’ll explore the changing weather of cloud infrastructure, including the rise of local providers, the increasing data sovereignty complications, and how diversifying to a multi-cloud approach can help businesses address these challenges.
Local cloud options
When choosing a cloud provider, large organisations are often drawn to using one of the ‘big five’ suppliers. Of these, four of the five (Amazon, Microsoft, Google and IBM) are American.
With the US having recently passed the CLOUD act, which has provisions that enable the US government to demand access to data stored by American companies overseas, many companies that handle sensitive information are concerned about the privacy aspect of storing their data with these US-based companies.
Businesses are therefore considering building their online presence across providers within each jurisdiction they operate in. By seeking local market providers who provide cloud-based durability, cost-effectiveness and ease-of-use, they can rest assured that they are operating within the legal framework of each country they are established in.
These local options are expected to increase over the next few years, given moves to promote competition, such as the EU’s recent ruling that countries should be encouraging local providers over the large US-based cloud vendors.
Data sovereignty complications across borders
Organisations who operate across several different countries are also impacted by a global web of data protection and residency legislation, which applies to the user data they hold, yet most companies are not even thinking about it.
This is because current national and international legislation around tax, data protection and privacy are not compatible with one another, which makes dealing with data and transactions ethically a quagmire.
There is a definitive need for a simplification of digital tax and data policy within major trading blocks. For example, although GDPR is a block-wide requirement in the EU, handling VAT on transactions is done on a nation-by-nation basis and needs to be managed independently for each country that gets serviced. This is incredibly complicated for a market that is
increasingly dominated by digital transactions.
Addressing these challenges
Over the next few years, and in absence of a universal simplification, the challenge for many global companies will be to ensure they are compliant to the increasing amounts of data protection legislations, which seek to regulate how they use and store data across countries.
This challenge, combined with a much larger public awareness of data privacy and consumer’s rights, means that organisations immediately need to be transparent about their use of data and who it can be accessed by.
To do this, awareness and protection are the first line of defence and, as well as getting an experienced lawyer to draft your company’s privacy policies, a risk assessment should be undertaken to determine potential exposure.
With increasingly aware customers, businesses should be especially aware of the possibility of receiving Freedom of Information Act (FOIA) requests from the public who want to know how their data is being used. To prepare, businesses should ensure they have systems in place to handle the formal processing of these requests.
Most importantly, in a time when the vaults of data businesses own and use are getting larger and more complex, companies need to ensure they’re compliant and avoid making mistakes. From marketing lists, to customer mailing lists and ad-hoc visitor lists, organisations need to clearly think through how they are working with people’s data and keep track of it.
Building a multi-cloud approach
To help address these challenges, business leaders should consider building their applications across a range of providers within their own borders in order to mitigate their risk around compliance.
For businesses, doing this also means that they can access data centres in areas which are not provided by the primary cloud provider and manage costs and resources more effectively by taking advantage of reduced prices or specialised offerings which are not available with large vendors.
A key consideration when looking at moving to a multi-cloud approach is the role of API management.
As moving data tends to rely heavily on APIs, supporting a multi-cloud strategy requires evaluating your API management approach – this includes finding an API management solution that is capable of working in a multi-cloud, multi-region configuration, while ideally providing a centralised view.
With countries around the world beginning to build their own internal cloud infrastructure and with the increasing demand for domestic data storage solutions, the future for businesses is multi-cloud.
Although the temptation may be to simply think short-term amid the pandemic, true business leaders will be focused on building for the future. Along with enabling remote working, this means investing in improving agility and efficiency. Considering a multi-cloud strategy, with all the flexibility, cost benefits and competitive advantages it offers, will help them to do that.