Data sovereignty meets bare metal cloud computing
A bare metal solution should be part of your data sovereignty strategy
Data sovereignty has become a hot topic – especially in Europe. In essence, it relates to the need for a country to apply legislation and governance structures to data stored in its own jurisdiction. As the global cloud market developed, the issue emerged with use of cloud provider infrastructure and datacenters not located in the nation in which a cloud customer operates.
The US Cloud Act, enacted in 2018, provided a baseline to address this pressing issue. Hyperscalers rose to the challenge to meet their customers’ needs by expanding or forming partnerships to provide local datacenter services as a seamless part of their solution. Did this solve the problem? Not necessarily.
Let’s look more closely at what data sovereignty means, and what enterprises need to consider before making – or continuing – their journey to cloud.
The reality is that these days, most organizations’ choice of cloud will be hybrid or multi-cloud. In the context of a maturing cloud marketplace, it’s more critical than ever to make the right cloud choices based on a clear understanding of your business needs and the nature – and sensitivity – of your data.
Before migrating data to cloud, every organization first needs to carry out a rigorous data classification exercise. This means knowing what your data is, where it’s located and its level of sensitivity, so that you can decide which type of cloud is appropriate for each data set (always remembering that if data of different levels of sensitivity is mixed, then the entirety must be treated at the highest level of security).
This data classification process is fundamental to meeting the requirements of data privacy regulations. Questions include: what is my data and which data will I monetize? Where should I store my data? How should I control, protect and exchange my data? And where should I process my data – at the edge, in a private cloud, in a public cloud?
Four dimensions of data sovereignty
Having conducted a data classification, there are then four dimensions of data sovereignty to consider:
- Ensuring it’s in a local data center (within the correct jurisdiction), is a necessary step.
- What kind of platform ecosystem holds the data? Are you sharing an IP address with another organization? Could this compromise your security?
- What are the arrangements for data exchange and usage? Who has access to it? And how is it shared?
- From an operational point of view, who manages the data and the related infrastructure on which it is stored?
In response to these questions, data sovereignty encompasses data protection in the form of classic encryption, key and access management. It means that data can only be exchanged, accessed and used by authorized parties. And it demands complete auditability and traceability of data.
Bare metal is an integral piece of the strategy
Here's where bare metal has a key role to play as the only practical solution for certain workloads that require segregation and a high level of access. This is because bare metal provides a physical server dedicated to a single tenant and optimized for specific performance, security and reliability requirements. We have already seen examples of this combination of hybrid public/private/bare metal cloud environments implemented in government, healthcare and finance.
As a founding member of Gaia-X, Atos has been active in data sovereignty for several years. European jurisdictions require tight data governance and sovereignty controls. Levels of protection and segregation must be assigned and operated precisely. That’s why we developed Atos OneCloud Sovereign Shield. It’s the only truly end-to-end solution in the marketplace — from open-source software and edge servers, right through to trusted digital ID platforms that manage access to data, together with managed cyberthreat detection and response.
Enabling the data economy
By accessing the full spectrum of cloud environments seamlessly, organizations can blend them to create the most efficient, effective, secure and compliant cloud environment that gives them complete data sovereignty where required. They can select different types of cloud, with gradations of data access and segregation depending on exact need. For example, they can specify whether encryption and key/access management is only on the cloud provider’s side, or on both the provider and customer sides.
To succeed, organizations must assess their data landscape and work with partners who understand what they need and can support an optimized cloud strategy.
What’s clear is that bare metal is now a key consideration for any data-driven business.
Bare metal is now a key consideration for any data-driven business. As the new data economy evolves, bare metal will become a critical enabler to underpin data sovereignty.