One of the greatest challenges facing enterprise IT organizations today is data sovereignty.

Data sovereignty refers to the fact that when organizations generate, process, convert, or store data, those activities must comply with the laws of the country where they take place.

Sometimes data sovereignty applies to data residency, which refers to the requirement that data must reside in a particular jurisdiction. Sovereignty, however, is a broader notion than residency, as laws may constrain how organizations work with information beyond where they locate it.

Data sovereignty regulations have been a boon to the public cloud providers, who have each rolled out various services to meet the demand.

While these cloud-based sovereignty solutions meet the needs of some organizations, there are broader, more complex data sovereignty challenges that cloud providers are poorly suited to address.

For those organizations, implementing a proper architecture for data sovereignty is essential – as is implementing a global infrastructure that complies with such an architecture.

The Cloud Providers Toss their Hats into the Ring

Each of the three major public cloud providers (as well as a smattering of smaller players) have offerings that help their customers address their data sovereignty requirements.

• Amazon Web Services offers AWS Outposts rack, consisting of on-premises hardware that AWS manages as a part of its cloud. The company’s data sovereignty solution leverages Outposts in conjunction with the AWS Control Tower cloud governance service and landing zone and the AWS Organizations account management service.
• In Microsoft Azure, public sector customers can leverage Microsoft Cloud for Sovereignty services. The company has yet to announce corresponding services for the private sector.
• Google’s data sovereignty approach levers the three pillars of sovereignty I discussed in a previous article: operational and software sovereignty in addition to data sovereignty. Various Google Cloud services then make up the offering.

The problem with each of these public cloud offerings is that while each cloud delivers distributed infrastructure, it is only within each cloud’s own environment, with control centralized within that environment as well.

From the providers’ perspectives, this limitation helps them lock in their customers. But from the customers’ perspective, each cloud-based offering falls short of any data sovereignty requirement for organizations that have hybrid and/or multi-cloud data estates.

The Three Architecture Choices

As with so many architectural tradeoffs, architecting for data sovereignty depends upon choosing centralized vs. decentralized approaches to both control and infrastructure.

However, just because one of these approaches is centralized, the other one may not be. As a result, there are three basic options:

• Centralized control and centralized architecture – this combination is what customers can expect from the public cloud providers. While their respective infrastructures are distributed, they each require their customers to comply with their architectural principles within a cloud-centric model.
  Not only does this combination lead to provider lock-in, it can also cause bottlenecks and latency issues when organizations seek either to connect on-premises data assets to the cloud or to implement hybrid cloud solutions.
• Decentralized control and decentralized architecture – In one sense, this combination is the easiest to implement. If every division or subsidiary in each jurisdiction is responsible for its own data, then data sovereignty takes care of itself – unless, of course, there’s a reason to share data across jurisdictions.
  The risks of this combination are bottlenecks in communication, inconsistent policy definitions, incompatible applications, and all sorts of shenanigans, from cybersecurity breaches to money laundering.
• Centralized control and decentralized architecture – this combination is the best of both worlds. Every division in every jurisdiction implements the architecture that meets its needs, while the organization as a whole is responsible for maintaining corporate data policies and the global application architecture.
  The problem with this combination is that of the three options, it is the most difficult to implement successfully, as only global, hybrid, multi-cloud applications will fulfill the combination’s requirements – and without the right infrastructure, such applications are typically out of reach.

Implementing Global Hybrid Multi-Cloud Applications for Data Sovereignty

As I’ve explained in a previous white paper, global hybrid multi-cloud applications (GHMAs) require a cloud native, real-time infrastructure like Fiorano’s.

Instead of delivering an infrastructure centered on a particular cloud – or a particular Kubernetes deployment within a cloud – Fiorano’s peer-to-peer distributed infrastructure integrates multiple clouds as well as on-premises deployments.

Furthermore, Fiorano provides centralized control for all GHMAs running on its infrastructure, following policy-based, declarative best practices.

In other words, with Fiorano, organizations can implement data sovereignty solutions with centralized control and decentralized architecture – the best combination for building compliant GHMAs at scale.

The Intellyx Take

Data sovereignty regulations constrain the flow of information within businesses and thus act as dampening factors on the growth and success of organizations that must comply with them.

As a result, no one likes data sovereignty. It is a necessary evil that should consume as little budget as possible.

The primary business challenge organizations face, therefore, isn’t simply compliance. It’s being able to obtain the flexibility and customer value the organization requires despite regulatory constraints.

GHMAs are the key to achieving this difficult combination of priorities – at scale, without sacrificing the flexibility necessary to respond to changes in the marketplace.

Copyright © Intellyx LLC. Fiorano is an Intellyx customer, and Microsoft is a former Intellyx customer. None of the other organizations mentioned in this article is an Intellyx customer. Intellyx retains final editorial control of this article. No AI was used to write this article.