Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Data sovereignty: how to shield your business from changing regulations

Gary Weiss, SVP, Cloud Solutions, OpenText | June 28, 2016
In Singapore, enterprises have a tendency to rate security as the number one barrier to cloud adoption, with IT professionals too pre-occupied with security to be looking at the other important consideration – sovereignty.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach

In Singapore, enterprises have a tendency to rate security as the number one barrier to cloud adoption, with IT professionals too pre-occupied with security to be looking at the other important consideration - sovereignty.

Whilst data security challenges differ depending on cloud technology, control and privacy are deemed as the main issues. However, the effect of cloud technology on data sovereignty can be far more serious. This is more evident in heavily regulated industries or organisations with a global presence.

International data privacy regulations can be complex and every changing. For example, the invalidation of the Safe Harbour agreement by the European Court of Justice, and the on-going negotiations about its replacement, means that many companies are now forced to rethink their approach to information governance, without the certainty of knowing exactly which regulations they will need to comply with.

Classifying information that is subject to data privacy regulations from information that is not can be a difficult task, one that requires businesses to implement a sound information governance strategy. When done properly - by classifying content with the right metadata - complying with any change in the shifting regulatory landscape becomes a lot easier. Yet businesses attempting to implement the correct information governance platform can face difficulties. So what do organisations need to consider?

1.    The whole picture: Looking at just one system, such as emails or file shares, does not work. Organisations must consider all the information entering the enterprise and every touch point where data enters or leaves

2.    Co-operation: Business stakeholders and the IT department must co-operate on the implementation of the strategy to ensure it addresses new regulations without blocking business productivity

3.    Prepare to be flexible: Laws and regulations constantly change so organisations must prepare an information governance strategy in which both the policies and the data model itself can be flexible. If the data model is not flexible, businesses may be able to tweak policy but could be faced with the herculean task of reclassifying terabytes of existing data for new regulations

Beyond these considerations, businesses must also take the continued growth of cloud-based services into account when preparing to become compliant with data privacy laws. Choosing a cloud provider is no longer just about functionality, features and price. Data privacy is a key consideration, particularly as widespread adoption of consumer-grade software in the workplace, especially cloud-based services, has exploded over the last couple of years. Employees are using these consumer-grade services - such as Google Drive, Dropbox and Evernote - to boost productivity in the workplace but they can make it very difficult for companies to address data privacy regulations.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.