Data sovereignty starts with knowing the end-to-end solution

Moussa Zaghdoud

July 20, 2022

As the need for data sovereignty accelerates, solutions must ensure data is managed and stored according to regulations.

Experts have suggested the pandemic accelerated enterprise digital transformations by as much as five years. One of the challenges presented by this fast-tracked race to the cloud has been staying on top of data sovereignty and data protection in terms of understanding and adhering to the specific rules about how to protect this new flood of data as it traverses the globe.

Making protection a priority

Protecting data and data sovereignty are top of mind for today’s CIOs, CISOs and CxOs in general, especially when that data is in the cloud. Customers want assurances about where their data is passing through, how it’s being managed and where it’s being stored. They need to know the end-to-end story, not just because they’re interested, but because they are ultimately accountable ― for all of it.

Enterprises need to think about compliancy with the rules and the regulations in the countries of their customers or users. Today for example, Europe’s General Data Protection Regulation (GDPR), and the U.S. Cloud Act, need to be taken into consideration.

And although we are starting to see political announcements, the fact is that right now there is a gap between what needs to happen and what’s actually happening, and that can create liabilities. The risk for companies dealing with data is that users or customers can just sue the company or start some buzz on social media about bad data usage.

It’s extremely important for companies to understand what’s happening end-to-end. And that includes not only the SaaS provider, but all the related intermediaries that lead to the SaaS. And on the infrastructure side, from the root of the digital transformation all the way to how the data is being processed, extracted, used, and yes, potentially, exposed.

On the technical side, one of the challenges is to ensure all solutions that we provide include best-in-class encryption on all the methodologies, to deliver the highest level of security. In terms of data sovereignty, we are dealing with data that is sometimes kept on premises, sometimes in the cloud, and sometimes it’s in transit as people communicate. Customer contexts must also be taken in account, whether they are working on premises or mobile, to ensure that all information is well-managed and stored in the right environment.

Industry considerations

The need for data sovereignty spans all industries. Communications solutions enable the transit of data across governments, education, healthcare, hospitality and transportation, exchanging important, often mission-critical, confidential data with each communication.

Public sector organisations must consider data related to citizen information, voting, as well as the needs of every level of government ― from municipal to national. In healthcare, it goes without saying just how important personal privacy is, so ensuring patient-related data is secure and managed appropriately, with the right governance, is of the utmost importance. Transportation encompasses mission-critical environments, security and sovereignty when it comes to passenger safety and keeping things moving. On the education-side, student information, institutional management, as well as course delivery, must be considered. For the hospitality industry, it comes down to the guest experience and ensuring their data is handled with care. B2B organisations need to think about their employees with regard to the HR software they are using, as well as their business software in terms of consumer data, especially software used for marketing, PR and advertising.

The value of regulations and certifications

It’s crucial to be aware of the potential for data exposure. Some industries such as the financial, government and healthcare sectors are regulated and have certification processes. In the U.S. there are a number of cybersecurity regulations that cover these industries. In Europe the General Data Protection Regulation (GDPR) governs data protection and data sovereignty across the EU.

However, even when certifications are mandatory, they do not necessarily guarantee data sovereignty. Interestingly, France is leading by example with SecNum cloud certification. We are hopeful that the European Union will soon adopt similar certifications.

Standardised certifications are where we can add real value for customers by ensuring they are getting reliable solutions. Solutions that adhere to regulations and are compliant with certifications go a long way to easing the minds of CxO’s and ensuring their data is protected. Proof of concepts (PoC) and detailed analysis of contracts and supplier contracts can help them understand the end-to-end picture of how data is transported and how it is managed.

The power of partnering

With all this in mind, we cannot over-state the power of partnerships to deliver comprehensive, accountable, end-to-end solutions. From Infrastructure as a Service (IaaS) to Software as a Service (SaaS), from solution vendor, to system integrator, to service provider, everyone has an integral role to play to ensure a transparent, easy-to-deploy, easy-to-use data protected and data sovereign solution. At the end of the day the customers’ data must be protected and they must be secure in knowing that they own it and we are not using that for any other purpose.

Our Rainbow™ by Alcatel-Lucent Enterprise cloud-based offering, together with our OVH and NXO partner offerings provide a comprehensive hybrid cloud communications solution which protects your existing telephony investments and ensures data sovereignty. And since all parties are headquartered in Europe, we are not subject to the U.S. Patriot or Cloud Acts.

A peek into the future

We are only seeing the tip of the iceberg in terms of where we are and where we need to be regarding data sovereignty and data protection. When you look at world events and the potential for cyberthreats, understanding where your data is and how it is being managed is crucial for survival.

At ALE, we have appointed a Data Protection Officer (DPO) who is working closely with customers to assist and advise them on how to protect their data. Our services are designed with data sovereignty in mind and in accordance with international regulations and compliancy requirements. We continue to develop new cybersecurity solutions to detect and resolve security incidents on the customer network and provide the peace of mind business leaders need in today’s unpredictable times.