Strategies for dealing with data sovereignty at scale

Data sovereignty, the concept that data is subject to certain laws usually specific to geographies, is becoming more challenging for businesses as they scale across different regions. 

However, compliance considerations don’t only apply to data at rest but also to data in transit. With consumer awareness growing, failure to meet compliance requirements can lead to huge negative implications to your businesses’ finance and reputation.

At a recent online event I led a panel discussion about the challenges businesses face with regards to data sovereignty. Continue reading to get yourself up to speed!

What does data sovereignty mean?

Data sovereignty boils down to adherence to local regulations around collecting, storing and processing data. It’s really about taking control of data, looking at where it’s stored, how it’s stored, and most importantly, how data is processed.

Why is data sovereignty important?

The definition of privacy isn’t the same in every country. That said, data security should be among the highest priorities for today’s organisations regardless where they operate. Here’s why:

Non-compliance = trouble

Failing to adhere to compliance rules can lead to trouble, ultimately becoming a huge hindrance to growth when you want to direct your focus towards reaching out to as many people as possible and providing a quality user experience. If your company is preoccupied with fighting legal battles about non-compliance and regulatory issues, then you’re using your energy to put out fires instead of focusing on business expansion.

Lost trust = bad for business

Loss of trust is always going to be bad for business. Users today are more aware and more informed about where and how their data is used. Therefore, once user trust in data security is gone, it becomes an enormous challenge to recover that trust.

Lost reputation = no takers

Loss of reputation goes hand-in-hand with loss of trust. As a result of a diminished business reputation, you’ll have no takers, meaning you won’t have users. Fundamentally, this will have a huge knock-on effect on your business finances and profits. Once damage is done, it’s really hard to make a recovery back towards positive brand perception.

When do you need to think about data sovereignty? 

Scaling across regions

If you’re looking to scale out across different regions, for example, to create a better user experience, lower latency, or create a personalised experience at a local level, you’ll want to be as close to the users as possible. Doing so helps provide the best possible experience for the people who will be buying and using your product. 

So scaling across the region would be the first case where you need to think about your data sovereignty because your data is likely going to sit across multiple regions. Therefore your compliance requirements might come into play.

Backing up your data

Backing up your data should be part of your disaster recovery strategy. You need to cater for business continuity in case something goes terribly wrong. 

If something goes wrong, you need to have a system in place across geographical locations to isolate the problem to specific data centres. Backing up your data should also be a strategic move as part of disaster recovery or a business continuity plan to ensure that your users are not cut off from your services. The consequence could have a huge impact on your business and your reputation.

Key considerations and challenges surrounding data sovereignty

When you’re scaling across different regions, starting to think about the verticals your business will operate in, and backing up your data, it’s critical to keep data sovereignty at the front of your mind.

Data at rest

Before you start thinking about your compliances, rules and regulations, one of the first things to consider is where and how data is stored. Depending on your solution architecture, your data may be stored in a premises-based setup where your company owns the data centre. Alternatively, you may operate using cloud-hosted solutions for data storage.

A typical challenge around data storage with cloud hosting solutions involves the need for automatic recoveries and backups in place. As a safeguard for the data, you need to be extremely careful where that automatic recovery is sitting. In most cases, cloud-hosting providers give the option of selecting the region where your data backups are going to be stored.

Data in transit

As a counterpart to data at rest, data in transit is an element sometimes missed. During the panel presentation, I asked participants to consider:

  • How is your data transiting on the wire?
  • What does the data transmission channel look like? 
  • What journey does the data take from the point where the user makes a request, through to your app and microservices backend?

That entire journey is essential to understand because it’s not only about how data is being collected, but also how and where data is being processed. In terms of ensuring compliance, companies need to take data in transit seriously to avoid security or integrity problems from rearing their head.

Key takeaways from our data sovereignty panel discussion

  • Consider your data sovereignty solution as a whole. When it comes to compliance, it’s rare that there’s only one component of your solution that needs to be compliant. Think about your entire stack as a whole so that nothing is missed.
  • Location, location, location! Some locations or countries around the world are a lot stricter than others when it comes to their data rules and privacy requirements. Research the local regulations you need to adhere to.
  • Transparency in data sovereignty. To properly take recovery and automatic backups into account, you need to consider the transparency that your solution, SaaS or cloud-hosting provider is delivering to you. 
  • Vendor agnosticism. Aim for flexible solutions to balance scalability while remaining compliant. Being locked into rigid solutions could create regulatory challenges in the future.
  • Bonus takeaway: BE AWARE! Be vigilant about the rules and regulations that you need to adhere to. Aiming to comply with the strictest of rules that are out there will benefit your business. 

Discover the Tyk way today

As the leading API and service management platform that’s always evolving, we’re here to help make big things happen in your business. At Tyk we encourage a creative, open and curious mentality. We don’t just solve problems, we seek them — tinkering, tweaking and hacking are in our DNA.