Data sovereignty, the cloud and custom software
5 Aug 2019
Who really owns your data? The last decade has seen an explosion in cloud computing and web-based service delivery which have significant implications for the security of vast quantities of data being stored about people.
The introduction of the GDPR in 2018 got people talking about data security in a new way and it, together with similar legislation in other countries, has posed challenges for businesses all over the world.
The issue of data sovereignty has been a subject for much discussion and debate across the IT industry. Whilst it is far from perfect, many see the GDPR as the blueprint for applying different concepts around data sovereignty and data privacy mandates, with a common belief that many of the current laws are, at best, inadequate.
Whilst the wider industry work at developing a universal, common ground for data protection and management, let’s look at what data sovereignty might mean to your business.
Just a head’s up – this article will probably give you more questions than answers!
Who owns your data?
In the modern business world, data is king. Data tells you who your customers are, what they want, and when they want it. It is, for most businesses, their lifeblood.
When you commit to a new cloud-based system or software solution, do you really understand how that might affect your business in the long term? Or are you making a decision based on current market trends and the perceived opportunity for a convenient resolution to a particular challenge?
IT as a service, through cloud-based providers, may seem an attractive option. You no longer have to worry about your in-house servers, security becomes ‘someone else’s problem’ and can focus on your day to day business activities.
Are you just replacing the current business risk with a less tangible one?
Even assuming that you have thoroughly checked the security arrangements of your cloud-based provider, how deep did you go?
For example, do you know enough about any third party connections that link into the service you are buying? If you didn’t delve into the intricacies of their supply-chain, you could be exposed to unidentified risks.
It is also important to consider the long term integrity of your data when entrusted to a remote service provider.
- Are you entering into potential problems over the ultimate ownership of the information being managed on your behalf?
- What happens if you need to recover your data?
- How do you manage and monitor your service provider to ensure they have relinquished any and all of your information when requested?
You could think about it in terms of people who don’t trust the banks to look after their money. If you have complete control and ownership of your data within your business, you don’t have to worry about your supplier letting you down.
Sorry – the system is down
What are the arrangements if your provider’s IT is “down”?
How thoroughly have you explored their backup arrangements?
For example, a quick internet search for Amazon Web Service (AWS) outages soon reveals the extent to which businesses can be adversely affected in the event of a datacentre power failure or human error. Even an initial problem that may have been short-lived at source, can have a significant ripple effect across the wider network of users.
If your business is affected, you need to understand the implications that has for your business. Your clients may lose visibility of you, perhaps access to your sales pipeline will be interrupted, and then, of course, there is the reputational damage that you will suffer.
Of course, not all downtime is unplanned. It is inevitable that system upgrades and maintenance will need to be carried out from time to time. It’s important that you understand how that will impact on your business and what the contingency arrangements are. Don’t wait until it happens to discover there is no backup plan!
What happens if a system goes rogue?
Within every organisation, there will be a decision-maker whose job it is to procure suitable IT services. If you’re that person and systems fail, the resulting business impact could pose significant harm to your professional reputation.
Of course, if you are part of a larger organisation, there’s a good chance that you’ll have the support of a wider team who will have provided specialist advice and guidance. But the fact still remains that, as the decision-maker, you are very likely to be held accountable.
In reality, there are many solutions to most IT and web-related challenges. The key is to work with experts you can trust who can help you understand the best way forward for your business. At Pivale , we are experts at doing just this. Providing a service that is an extension of your in-house team, we can develop solutions that allow you to retain absolute control of your data, it’s integrity and security.
We design custom-built web-based systems to meet your specific compliance criteria and our platform is one that supports the future growth and innovation of your business. The team help you to understand where and what the risks are and how to mitigate them.
If you’re thinking of investing in a cloud-based business solution, why not speak to one of the experts at Pivale and explore the bespoke options available.
Get in touch about your project
Give us a call or send us an email to talk through your project
Why the lack of industry standards makes us mad!
22 Mar 2019 We all too often speak to potential clients who have been 'scarred' by their experience with other providers in our industry.
More recent articles
Being compliant doesn’t have to be a bore
24 Oct 2021 The importance of balancing the exciting parts of web design with standards and good compliance.