Data Matters

Don’t let the AI buzz drown out the value of data sovereignty

Brian McKenna
Brian McKenna
Enterprise Applications Editor

This is a guest blogpost by Rick Vanover, vice president, product strategy, Veeam.

AI has been constantly held up as the latest ‘business-transformer’ and, according to the recent McKinsey Global Survey on AI, over three quarters of organisations now use it in at least one business function. It can often feel like all roads lead to AI. And yet, there is another area with just as much transformational impact: data sovereignty. But is it getting enough airtime?

Data sovereignty is being increasingly recognised in IT and security circles for its potential to revolutionise compliance and resiliency, whilst also establishing absolute control over an organisations’ data. Despite this recognition, it still isn’t being given priority in technical decisions. This isn’t to say that data sovereignty should be compared to AI, as the two are very different, but it should be just as much of a priority.

In fact, where the two technologies do cross over is in their importance to business outcomes. When either is harnessed well, an organisation is praised. But if executed poorly, it could mean the loss of a competitive edge, increased risk, compromised security, and potential noncompliance with essential regulations. Not convinced? Here are just a few areas where data sovereignty is already on par with AI, if not superseding it.

Risk and regulation

While there are rumblings of more stringent AI regulations on the way, data sovereignty is already becoming deeply enshrined in regulations across the globe. Many regulations already require organisations to ensure their data remains squarely under their control, rather than being passed off to third parties. For instance, the Health Insurance Portability and Accountability Act (HIPAA) in the US that specifically requires organisations to create and maintain retrievable exact copies of electronic protected health information. Another example, the EU’s General Data Protection Regulation (GDPR), which requires data to be subject to the laws of the country it is stored or processed, regardless of where it was originally collected. No matter which regulation an organisation is subject to, in today’s landscape, noncompliance is a nonstarter.

It’s a similar story with risk in general. Adding AI to a workflow adds more risk to be weighed up with the possibility of a greater return. Whereas data sovereignty can help address existing risk, rather than adding more to the pile. To begin securing and addressing risk surrounding data, organisations first need to know where it’s stored, and how, which is where taking a data sovereignty approach can help. Assessing an organisations’ status through this lens can highlight previously unseen issues such as data residing in the wrong place, or where data needs to be accessible by law enforcement.

Value and transparency

It’s not just in risk and compliance where data sovereignty can deliver value on par with AI. As costs are being increasingly driven up by AI and other new, transformational tech, budgets are becoming ever tighter. But with data sovereignty, organisations can exercise full control over data, and all its associated costs. So, organisations can pick and choose what approaches make the most sense for them. For some, storing organisational data in a specific cloud-based region might be best. For others, they may prefer to use a managed service provider (MSP) based in a country where the organisation has a critical footprint. Still, others may want to store data within the walls of their own data centre.

Data sovereignty also delivers value when it comes to peace of mind. And in this regard, it blows AI out of the water. With AI, it’s usually unclear exactly how data is being used, which can create problems down the line; for instance, in the event of an audit, an outage, or some other unforeseen circumstances, not having sight of where data is can be a huge risk. However, with data sovereignty, organisations can in theory unlock complete transparency with their data. This allows organisations to confidently state that they have absolute control and visibility over data, whether it be in the form of an export, a copy, or a managed service with user-driven controls

Working together, not against each other

While they serve different functions, organisations should give both AI and data sovereignty the same weighting in their decision-making. In fact, the pair are both best used in conjunction with each other, building data sovereignty in tandem with a wider AI strategy. As organisations increasingly seek new ways to develop AI models and build solutions based on their data sets, new risks emerge at the same pace as the benefits. But imagine the potential of a data layer self-managed in ways that address compliance, risk, and value all at once – making the use of data in AI far easier to navigate. Organisations could utilize AI solutions fed by data sources that sit entirely under their own purview, with compliance built in and economics in place. This could allow organisations to embrace AI in ways that might not be suitable for public domain offerings, such as in-house AI initiatives.

In what feels like the era of AI, other technologies can get a muted reception at best. But organisations should assess the role of data sovereignty with just as much reverence. Ask yourself, does data sovereignty have the right seat at the table in your IT operations?