Dahlia Mihyar is the VP and Global Head of National Security Accreditation at SAP.
A clear-eyed assessment of current affairs reveals an interesting trend: We’re seeing a worldwide shift towards more conservative governance and deglobalization. For economic, security and social reasons, countries are turning inward, seeking to leverage their own resources and capabilities rather than relying on those of foreign partners.
Within the data center space, this brings up a host of questions, particularly as cloud computing becomes the norm. When we talk about “the cloud,” this refers to a network of servers housed in physical locations—data centers—around the world. Companies select which data centers to use, ensuring speed and efficiency by choosing locations closest to their users.
The question facing global enterprises, then, is how to maintain data sovereignty while still depending on the data infrastructure of other host nations to ensure rapid “time to cloud.” Is there a way to do both?
A Shift Toward Nationalism And Sovereignty
In a globalized system, every country has data stored in other countries, each relying on a host of other nations’ data infrastructures. For example, Europe can’t always rely on Oceana-based servers due to latency issues, so companies structure their data flow based on proximity, hosting it in intermediary locations (say, in southeast Asia). This allows for faster speeds and lower latency.
But recently, geopolitics have begun impacting cloud data infrastructure. This shift gained traction when the war in Ukraine began. Many companies operating in Russia had to respond to the sanctions imposed by the U.S. and other countries. This led these nations to ask, “What if a major power suddenly decides to sanction us? What happens to our data?”
Companies and governments were forced to consider the fact that relying on another country’s cloud infrastructure means being subject to its regulations. (This dependency means not only being subjected to potential sanctions but also to data privacy and security laws that vary geographically.) Concerns arose about data sovereignty, and nations began moving toward self-reliance, with the goal of ensuring their data wouldn’t be vulnerable to foreign control.
This is consistent with the broader political shift toward nationalism and sovereignty that we’ve been seeing. Governments now want control over their data to protect their economies and national security. Even if the data isn’t classified, having it stored in a foreign country raises security concerns: What happens if relations deteriorate? Who controls that data?
A Growing Need For Infrastructure
Building data infrastructure is both difficult and complex. Right now, the big cloud providers—Google, Microsoft, Amazon—are all based in the U.S., which means their infrastructure is subject to U.S. regulations. Many countries worry about the U.S. CLOUD Act, which allows the U.S. government to access data stored by American companies via warrant or subpoena, regardless of location.
Wealthy nations can afford to build their own cloud infrastructure, but mid-sized companies in smaller economies simply don’t have the budget for that kind of broad undertaking. And in many cases, even if they wanted to, they lack the necessary funding, talent and time.
These smaller countries, then, have the same concerns as bigger countries that are nonetheless dug into foreign data environments: How can we maintain data sovereignty on someone else’s soil?
A Case For Data Embassies
An interesting possible solution to this problem is to create a system of “data embassies.” The idea is inspired by traditional embassies, which operate under the jurisdiction of their home country even when located abroad. A data embassy would function similarly—a nation would store its data in a friendly country with strong infrastructure but retain full sovereignty over the data.
For example, a smaller country—say, Chile—would establish a data embassy in Canada. The agreement would state that the data remains under Chilean jurisdiction, and Canada would have no authority to access or seize it. If relations ever deteriorated, Chile would have the right to remove its data, just as embassies can evacuate their personnel and sensitive materials.
This could be a game changer for smaller nations with less developed data infrastructure. But could they trust host countries to honor these agreements? That is indeed a key question, and the success of this model depends on trust and adherence to international law—just like the functioning of traditional embassies does. If a host country were to breach the agreement and seize data, it would create a diplomatic crisis.
A Focus On Tech Development
Data embassies are still only an idea—and naturally, countries must develop data management strategies that work in the here and now. Ultimately, this comes down to investment in money, talent and resources. Today, many countries’ approaches to data are reactive rather than proactive; they don’t prioritize security and infrastructure until they face a crisis, much like how businesses often only invest in cybersecurity after they’ve been hacked.
Companies and governments will need to start building internal expertise and infrastructure in order not to find themselves lagging in the current drive toward technological supremacy. A great example of this in practice is Saudi Arabia: They’re investing heavily in training local talent, offering free education and certifications for government employees in cybersecurity and related fields. They’re also hiring top experts from around the world to train their workforce; in the future, they expect that local professionals will be able to lead these initiatives.
In a longer-term view, this prioritization of infrastructure and workforce development is critical for enabling countries to stand on their own power in a shifting global technology landscape, including managing their own data sovereignty. If businesses and governments proactively invest now, they’ll avoid or be able to surmount many roadblocks in the future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
