Staying innovative: Realizing data potential and managing risks
The utilization of cloud computing services is experiencing a steady rise in adoption, as evidenced by a representative study conducted by Bitkom in 2024. The research indicates that a significant 81% of German companies have incorporated cloud services into their IT infrastructure. Furthermore, there is a widespread consensus among these organizations that the cloud will maintain a prominent role in shaping the future of corporate IT.
An overwhelming majority of surveyed companies (77%) plan to invest in additional cloud services to leverage benefits such as scalability, flexibility, downtime avoidance, and cost savings. Moreover, access to cutting-edge technologies remains a significant driver for adoption.
The adoption of cloud services allows companies to fully unlock the potential value of their data and to gain competitive advantages. However, this heightened importance also brings with it a heightened sensitivity to the risks and challenges associated with data management:
- Rising geopolitical instability, marked by protectionism and sanctions, creates the risk of companies losing access to or control over their data.
- The tense cybersecurity landscape makes precautions against cybercrime, sabotage, and espionage essential for your data security.
- Compliance with regulations like GDPR, the EU AI Act, and the NIS2 Directive or industry-specific regulations is crucial for maintaining transparency and resilience, especially in the European market.
- The increasing dependence on individual public cloud providers raises significant concerns regarding vendor lock-in.
To fully realize the potential of the cloud, companies need to find a balance between utilizing cloud capabilities and effectively managing those risks. The goal is to maintain control over data while leveraging cloud innovation requiring an approach tailored to the company's specific needs.
What is Data Sovereignty?
Data sovereignty is the ability to control the collection, processing, and usage of data. It includes the right to determine how data is used and to protect it accordingly in line with one's owns standards.
This concept is of particular importance when it comes to sensitive company and personal data, such as personnel or customer records. The ability to control the own data landscape allows to control which data should be shared with whom and allows a balanced solution with regards to opportunities and risks.
It is important to note, that data sovereignty cannot be achieved exclusively through on-premises solutions, but rather through the selection of appropriate measures tailored to the individual situation of the company.
Two steps for managing data sovereignty successfully!
Achieving data sovereignty requires a strategic approach that involves several key steps. The first step in this process is reviewing data that is already in the cloud or intended to be migrated there. During this analysis opportunities and risks are evaluated, considering regulatory requirements, industry-specific criteria, enterprise-wide compliance rules, and particularly the data strategy of the respective organization.
After conducting the review of their data landscapes, companies can move on to the second step: defining appropriate actions tailored to their specific needs and environment. This involves identifying the "crown jewels" of the company - i.e., the data that is particularly worthy of protection - and plan actions to enhance sovereignty for this critical data. Companies also need to consider the level of protection required for data with lower sensitivity, and how such data should be processed.
Selecting the right cloud model is essential for data sovereignty ...
The individual assessment includes choosing its appropriate cloud model for the specific situation. Just as choosing an investment product at a bank requires careful judgement, companies must choose a cloud model that balances utility and security. Common models include:
- Public Cloud Model: The public cloud model is a cloud computing approach in which an external provider operate a shared infrastructure and platform for multiple customers. Resources, such as servers, storage, and applications, are delivered via the internet and can be accessed and billed by customers according to their needs. The cloud provider is responsible for maintaining and operating the infrastructure and platform.
- Private Cloud Model: The private cloud model is an approach in which an organization operates a dedicated infrastructure and platform either in its own data center or in a dedicated facility of a service provider. The resources are provided via a private network and can only be accessed by authorized users according to their needs. The organization retains fill responsibility for maintaining and operating the infrastructure and platform, ensuring complete control over security and compliance.
- Hybrid Cloud Model: The hybrid cloud model is a hybrid that combines public cloud and private cloud resources to meet requirements. It allows organizations to move and manage workloads and data between different cloud environments to optimize costs, performance, and compliance. Note that this approach requires careful planning and integration to ensure interoperability and security.
- Multi-Cloud Model: A multi-cloud model is an approach that not only uses multiple public cloud and private cloud resources but also obtains them from different providers. This allows the technologies and strengths of the providers to be utilized and reduces the risk of outages and data loss. However, managing such a model can quickly become complex and must therefore be carefully planned, as with the hybrid cloud model.
Sovereign or Local Cloud Models: A sovereign cloud is a specialized type of private cloud operated within the borders of a specific legal jurisdiction, ensuring that all data is subject to the laws of that country.
...but there is more to consider
Beyond choosing an appropriate cloud model, there are additional ways to balance innovation with risk in the context of data sovereignty. For instance, configuration settings and encryption features can strengthen security and maintain control over sensitive data. Another important measure is to determine which data is needed for each use case. Transferring only the necessary data the reduces exposure. For personal data, pseudonymization can be applied to further minimize risk.
Just looking at data storage is too short-sighted
Data will play an increasingly important role in the future and unlock new opportunities for business. Data sharing and collaboration are key components of a future-oriented, data-driven company. AI applications based in data already support numerous industrial processes. Therefore, considerations of data sovereignty should not end with data storage but should also consider the resources and algorithms used for analysis.
Companies must evaluate which analytics services or AI applications can be utilized and whether full control over the data is guaranteed when using those services. In addition, service outages must be planned.
Careful, balanced, and well-structure planning is essential to find actions to reduce risk and fully leverage the potential of a company’s data. By selecting appropriate technologies and considering regulation and compliance rules, the right balance between innovation and sovereignty can be achieved, tailored to the specific situation and needs.
Do you have any questions?
Dr. Christoph Reiners
Head of Data Management Consulting