179 Can you really trust your public cloud provider to keep your data secure, safe and in compliance? Maybe; maybe not. Recent reports have suggested some of the biggest providers can’t guarantee that your organisation’s sensitive data will remain in-country, which raises concerns around everything from GDPR compliance to national security. Public cloud infrastructure is incredible technology. It enabled many businesses to survive during the pandemic-related shutdowns, it has opened up new ways and places of working, and much more. It’s no wonder that worldwide revenue for the public cloud services market swelled to more than $669 billion in 2023 — it has transformed how IT is done. However, it can come with drawbacks in today’s data-driven, security-focused world. Ensuring that your organisation’s digital assets actually live (aka are stored) where you think they do is both more important than ever and harder to prove. When considering different public cloud offerings, organisations need to examine who will have access to their data and from where. Knowing where data is stored and who can access it are parts of the greater GDPR puzzle. Ensuring your chosen cloud provider has a data centre (or “region”) within your country is the first step to ensuring your data is not offshored across international borders and remains under your control and jurisdiction. This is the concept of data sovereignty, which is key for organisations to ensure their digital information is being handled appropriately as regulated by the laws of the country where it resides. In many countries, businesses are legally required to store customer data locally, but when you’re working with a public cloud provider, it can be more difficult to determine if that’s actually happening. The importance of data sovereignty for highly sensitive industries While data sovereignty has become a bigger concern across sectors, it’s especially important for certain industries like government, law enforcement and defence, to name a few. Such organisations are handling all sorts of sensitive data; everything from CCTV images to digital evidence from a crime scene, or patient health records. Why is data sovereignty a bigger concern in this case? For one thing, there’s a chance it could impact a court case. If data has been transferred and processed out of the country, it might not legally contribute toward prosecution in-country, given that evidence hasn’t technically been handled under local laws. There’s also the risk that your chosen cloud provider might not be as stringent with your data and it could wind up released into the public domain. Why more IT leaders are turning to private clouds Instead of relying on the public cloud, Scality offers customers an alternative: cloud-like storage that is hosted on-premise, with the same agility and standard S3 API. The bonus? You maintain full control of your data with the confidence that it resides in your own data centre with your security policies applied; performance is better due to the storage being local; and there are no hidden or surprise costs from egress of data and certain API calls, like you see with most public cloud providers. Another option is working with a smaller regional service provider, as opposed to a large, global cloud provider. At Scality, we work with a number of these smaller regional service providers to keep customer information stored securely. Read our case study with Australia’s Somerville to learn more about the kind of work we do with managed service providers. Delivering enterprise sovereign cloud capabilities: The Scality difference For over 15 years, customers spanning industries and continents have relied on Scality to store and protect their data. Our on-premises private cloud storage offers boundless scale, up to 14 nines of data durability, and 100% availability with both file and object access to your data. Before investing in the public cloud for your mission-critical sensitive data, consider talking to your local Scality representative to understand how we can help you navigate beyond the complexity of regulatory obligations to achieve data sovereignty.