How serious are organizations about their data sovereignty strategies?

Scality announced the results of an independent survey of IT decision makers across France, Germany, the UK, and the US about their data sovereignty strategies.

98% of organizations already have policies in place or have plans to implement them. To achieve data sovereignty, 49% of IT decision makers are using hybrid cloud or regional cloud service providers as an alternative to the public cloud.

137 out of 194 countries in the world have data protection and privacy legislation in place. As a result, organizations must adhere to the data residency guidance and local regulations required for data collection and processing.

According to the survey — conducted by Vanson Bourne — the vast majority of organizations across all four countries either have sovereignty regulations or policies in place to keep their data in specific locations (80%) or have plans to do so (18%).

The report reveals minimal differences between France (where 81% of respondents have policies in place), Germany (79%), UK (82%), and US (78%). Just 2% of respondents worldwide said they do not have sovereignty policies in place, nor do they plan to implement them.

Cloud technologies will benefit from this trend, with IT teams employing a number of data storage strategies to achieve sovereignty. Across the four geographies, of the organizations that have sovereignty policies or plans:

• 40% primarily (will) store their data on a large public cloud, such as regional offerings by AWS, Azure, or Google Cloud
• 36% of respondents (will) deploy a combined on-premises/public cloud solution, i.e. hybrid cloud
• 13% (will) store their data with a regional cloud service provider
• 11% (will) use an on-premises data centre.

While some large public cloud providers offer options to store data in specific regions, this isn’t suitable for many organizations that own highly sensitive data, or who wish to avoid vendor lock in and high data access or egress fees.

Hybrid cloud sovereignty emerges as viable strategy to meet regulations

36% of respondents opted for a solution that combines on-premises or private cloud/s with public cloud/s. This hybrid cloud approach provides the flexibility and control to store data locally for data residency and sovereignty while providing the freedom to easily migrate data to a different platform at any time.

Paul Speciale, CMO, Scality said: “It’s extremely encouraging to see that such a high number of organizations in the US as well as Europe are taking data sovereignty seriously and have plans in place, including a significant shift toward hybrid-cloud strategies. This can certainly help organizations prevent cloud lock-in and provide safety in having data stored locally or in multiple locations. The surprisingly high results in the US could be due to growing concerns regarding China’s strength in technology development.”

In the survey, IT decision makers from several industries including manufacturing, telecom, professional services, financial services, and retail, were asked: “To what extent does your organization have sovereignty regulations or policies in place to keep your data in specific locations (e.g., local, in specific countries or regions)?” Respondents that currently have or are planning sovereignty regulations to keep data in specific locations were asked: “How are you primarily storing or planning to store the data?”

Key findings in the UK include:

• 82% of UK respondents have already adopted data sovereignty policies, and 13% have plans to do so; 5% do not plan to implement them, and are most likely to come from a smaller sized organization (1,000-2,999 employees)
• In the UK, organizations from the IT, technology, and telecoms sector (92%), the business and professional services sector (90%), and the financial services sector (88%) are most likely to already have policies in place
• Manufacturing organizations are significantly behind the UK average of 82%, with 62% having policies in place, while 31% have plans to implement them
• To implement data sovereignty policies, 33% of UK respondents (will) use a large public cloud service, 42% a hybrid cloud, 14% a regional service provider, and 12% an on-premises data centre
• UK respondents from smaller organizations (1,000-2,999 employees) compared to larger organizations (3,000+ employees) are significantly more likely to select a public cloud service (45% vs 25%), and less likely to select a hybrid cloud (32% vs 49%).