{"id":6989,"date":"2023-05-26T07:43:32","date_gmt":"2023-05-26T07:43:32","guid":{"rendered":"https:\/\/heliview.com\/cyber-resilience-belgium\/?p=6989"},"modified":"2023-05-26T07:43:32","modified_gmt":"2023-05-26T07:43:32","slug":"how-to-maximize-cloud-benefit-with-digital-sovereignty","status":"publish","type":"post","link":"https:\/\/heliview.com\/cyber-resilience-belgium\/how-to-maximize-cloud-benefit-with-digital-sovereignty\/","title":{"rendered":"How to Maximize Cloud Benefit with Digital Sovereignty"},"content":{"rendered":"
[vc_row][vc_column width=”2\/3″][vc_column_text]Driven by changing worldwide privacy legislation and regulation, digital sovereignty has become a major concern for organizations worldwide. According to the S&P Global Market Intelligence 2023 Data Threat Report<\/a> custom survey commissioned by Thales, more than four-fifths (83%) of organizations are concerned about the effect of sovereignty and privacy legislation on cloud deployment plans.<\/p>\n

As a leader towards helping organizations simplify governance, achieve regulatory compliance, and reduce risk in the cloud, Thales commissioned S&P Global Market Intelligence to write a Pathfinder Paper<\/a> to examine the various aspects of digital sovereignty. Some of the key findings help assist organizations with maintaining digital sovereignty.<\/p>\n

Privacy, Safety, and Trust<\/strong><\/h4>\n

Privacy, safety, and trust lie at the heart of digital sovereignty. The General Data Protection Regulation (GDPR) serves as the most comprehensive legislative example of codifying these protections. Recent initiatives, including the European Union\u2019s Gaia-X, France\u2019s Cloud de Confidance, Australia\u2019s Whole-of-government initiative, and the Digital Operational Resilience Act (DORA), all build upon the concepts of GDPR and but go considerably beyond privacy protection into the field of data and digital sovereignty.<\/p>\n

Digital sovereignty regulations mandate that specific restricted or classified data and workloads reside and run in the desired geographic jurisdictions, being accessed only by users in the specific geographies. The proliferation of these regulations is forcing enterprises globally to consider how they will act in each locally governed jurisdiction where they do business. However when considering the cloud, that is easier said than done.<\/p>\n

The Impact on Cloud Strategies<\/strong><\/h4>\n

What complicates the situation is the high percentage of enterprises that are already multicloud. According to the Thales 2023 Data Threat Report<\/a>, 79% of organizations are using at least one public cloud provider, and respondents on average are using 2.26 cloud providers. In the same study 64% of organizations said that more than 40% of their sensitive data is stored in the cloud.<\/p>\n

Cloud providers are very clear about their \u201cshared responsibility\u201d model, delineating their obligation for the security of the cloud, while the client is charged with the security in the cloud, especially as it is related to data, workloads and access control. However the 2023 Data Threat Report also showed that only 35% of enterprises were \u201csomewhat\u201d or \u201cnot at all\u201d confident they can fully identify the location of their data across multiple repositories and only 31% of respondents said they could fully classify their data.<\/p>\n

Sovereignty Journey and Sovereignty Controls <\/strong><\/h4>\n

Enterprises\u2019 and cloud providers\u2019 shared fate regarding sovereignty, and the process of working toward viable solutions, presents an opportunity. Since sovereignty is initiated by the enterprise and not the cloud provider, it is imperative that enterprises own and maintain sovereignty controls that are independent of any single cloud provider, whether globally or locally. By this definition, sovereignty controls are external to the cloud provider and internal to the enterprise.<\/p>\n

\u00a0<\/strong>Sovereignty represents an essential first step in the cloud journey that should be implemented at the earliest opportunity. S&P Global Market Intelligence<\/a> outlines the following steps for the digital sovereignty journey and the capabilities Sovereignty Controls should have:<\/p>\n

Assessment<\/strong><\/h4>\n

The first step in the journey is to discover, assess risk, classify and protect sensitive data based on specific regulatory requirements. This must be an ongoing practice within organizations, with an automated, continuous assessment enabling organizations to embrace principles of privacy by default and design.<\/p>\n

Design<\/strong><\/h4>\n

By adopting a \u201cthink globally, act locally\u201d design approach, centralized controls can more readily affect local enforcement and ensure sovereignty for specific regions. A variety of controls should be considered, such as:<\/p>\n