Privacy policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content.
You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Managing your cookies

Our website uses cookies. You have full control over what you want to activate. You can accept the cookies by clicking on the “Accept all cookies” button or customize your choices by selecting the cookies you want to activate. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button.

Necessary cookies

These are essential for the user navigation and allow to give access to certain functionalities such as secured zones accesses. Without these cookies, it won’t be possible to provide the service.
Matomo on premise

Marketing cookies

These cookies are used to deliver advertisements more relevant for you, limit the number of times you see an advertisement; help measure the effectiveness of the advertising campaign; and understand people’s behavior after they view an advertisement.
Adobe Privacy policy | Marketo Privacy Policy | MRP Privacy Policy | AccountInsight Privacy Policy | Triblio Privacy Policy

Social media cookies

These cookies are used to measure the effectiveness of social media campaigns.
LinkedIn Policy

Our website uses cookies to give you the most optimal experience online by: measuring our audience, understanding how our webpages are viewed and improving consequently the way our website works, providing you with relevant and personalized marketing content. You can also decline all non-necessary cookies by clicking on the “Decline all cookies” button. Please find more information on our use of cookies and how to withdraw at any time your consent on our privacy policy.

Skip to main content

Digital Vision: Cybersecurity 3

Digital Sovereignty

Preparing organizations for a sovereign digital future

At a Glance

In a world where most data is processed and stored across geographical borders, often using foreign technologies, many governments are raising valid concerns around data, technological and digital sovereignty. In this article Zeina Zakhour and Vasco Gomes seek to untangle the different aspects of sovereignty and explain why understanding these is increasingly central to organizations’ long-term decision making.

5 Minute Read

In a world where most data is processed and stored across geographical borders, often using foreign technologies, many governments are raising valid concerns around data, technological and digital sovereignty.

Before tackling this issue further it is crucial to agree on the definition of sovereignty. Data sovereignty refers to the degree of control an individual, organization or government has over the data they produce and work with (whether local or online). In contrast, technological sovereignty is the degree of the control the organization has over the technology it uses.

Data sovereignty and technological sovereignty are the two pillars of digital sovereignty, which can be defined as the degree of control an organization has over its entire digital environment, including data, applications, software, systems, and hardware. Which is aligned to the World Economic Forum definition of “the ability to have control over your own digital destiny – the data,
hardware and software that you rely on and create.”

Zeina Zakhour

Global CTO Digital Security, Atos

Vasco Gomes

Global CTO Cybersecurity Products & Digital Security Offering Technology Lead, Atos

Taking a closer look

A closer examination reveals that cybersecurity is at the heart of data sovereignty and helps enhance technological sovereignty.

It is important that organizations understand that digital sovereignty is not an “all or nothing” proposition. Digital sovereignty exists in varying degrees on a scale which is constantly in flux.

Governments and organizations advocating for digital sovereignty need to adopt a risk-based approach. They must carefully assess their level of control over data and technology and take great care to ensure that sovereignty does not come at the cost of agility — a key factor to thriving in the Digital Age.

As many organizations make the massive move to the public cloud and embrace mobile/remote working (which has greatly accelerated during the COVID-19 crisis), they must measure the risks to their digital sovereignty. When they delegate technological choices data hosting and data processing to a provider, they put themselves at the mercy of that provider and its respective regulatory authority.

As a result, a hybrid cloud approach is gaining significant traction. Hybrid cloud leverages several different cloud solutions in parallel: from the least trusted to the most trusted, or even a disconnected, on-premises deployment. Data can be processed and hosted in different environments, depending on its business sensitivity.



Related Resources

Atos Solution
Digital Sovereignty: Regaining control of your digital environment with trusted digital solutions

Client Story
Press Release: Atos and partners launch Gaia-X lighthouse project for European cloud infrastructure

Unlocking potential

This modular approach helps organizations leverage the potential of large providers to enhance the competitiveness of their less sensitive business processes. At the same time, they can protect their most sensitive business processes by keeping them under their own control or the control of more trusted providers.

Most importantly, organizations should not overlook the fact that digital sovereignty can become a competitive advantage by putting data sovereignty — and consequently, trust and transparency — at the core of their digital transformation.

Digital sovereignty is a growing concern in our increasingly digitalized world. Yet, policy makers, governments and enterprises must master the art of balancing digital agility with digital sovereignty, as this will be key to competitiveness.

Maximizing data sovereignty

Atos defines data sovereignty as the degree of control an individual, organization, or government has over the data it produces and works with. Accepting this definition leads to a big question: “How can an organization find the right degree of control?” Let’s tackle it in four steps.

1 What is control?

Data has become the main support of our digital economy. For most companies, the digital strategy relies on a few critical pillars:

  • Their data
  • The way data are processed (algorithms, apps, compute)
  • Who can access data and run operations and reports on them

If you don’t have a clear view of these pillars, you don’t have a clear picture of your business — which means you will soon be out of business. It’s that simple.

You must ensure that access rights and identities are compliant with your digital strategy and based on the sensitivity of your data. That’s the definition of control. Controlling your data is to specify and enforce who can do what with them at any point in time.

2 How can you increase control?

To control who can do what with your data, you have to start with identity and access management (IAM) and extend it beyond your employees to all kinds of IT, OT and IoT objects. However, IAM and encryption are often entangled in layers of applications, infrastructures and networks to run business applications and facilitate user experience. There is no such thing as perfect cybersecurity controls, so you must constantly monitor them for compliance and incidents and be able to respond and recover from them in a timely manner.

3 How much should you increase it?

Strengthening a security control can come at the expense of agility. So, for every security control, you should find the proper balance between excess and restraint. The best way to find that sweet spot is at the core of cybersecurity:

What kind of risk am I addressing and in which form could it happen? You won’t apply the same level of control to mitigate an espionage risk, external influence, usage/operation prevention, or data loss, whether accidental or malicious.

4 Is all data born equal?

Protecting all assets the same way often results in protecting none of them correctly. Indeed, security controls tend to be attracted by the weakest link. Data classification is a huge program that should never be underestimated. But, to give you a sense of scale, we have observed through many projects that, in average 80% of customers’ data are not sensitive, and that the remaining 20% can further be split into 80% “just sensitive” and 20% highly sensitive. It is not unusual that the split is close to that double 80/20 rule: 80% non-sensitive, 16% sensitive and 4% highly sensitive (maybe even classified).

Digital Vision: Cybersecurity 3 – Further Insights

From across Atos and beyond, find out more about cybersecurity challenges and how organizations can respond to cyber threats

Download our Digital Vision: Cybersecurity 3 Opinion Paper

Facts & Figures

Infographic

Cybersecurity – Industry Insights

Views from the markets

What does it all mean

Lexicon

Cybersecurity from Atos

Solutions & Offerings

See more

Digital Transformation >

Zero Trust >

Digital Sovereignty >

Cloud security >

Digital Vision: Overview >

Share this Page

Kulveer Ranger, SVP, Head of Strategy, Marketing, Communications & Public Affairs, Northern Europe & APAC, Atos

Email Kulveer about Digital Vision: Cybersecurity 3