Public cloud has become an indispensable tool for enterprises to scale efficiently and store data. Because of globalization, however, enterprise data can be stored in datacenters situated in other geographic regions. This means data is not only governed by different regional laws, but it is also susceptible to cybersecurity attacks depending on the vulnerability of the datacenter.
In 2016, the European Union adopted the General Data Protection Regulation (GDPR), which later became enforceable in 2018. As it is a regulation and not a directive, the GDPR is malleable with each member state of the union having a different version of the directive. The GDPR was an important steppingstone that guaranteed data privacy to EU citizens; since its enforcement, regional governments across the EU have collected fines of over €1 Billion. It has also served as a framework to nations outside the EU to guarantee data privacy and security. The sovereign cloud builds on GDPR by enhancing the sovereignty of data originating from inside the region.
On July 16, 2020, the Court of Justice of the European Union (ECJ), in its Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”), invalidated the EU-U.S. Privacy Shield with immediate effect. In March 2022, both regions agreed with the court’s decision about new principles for "Privacy Shield 2" with the adoption of proportionate surveillance activities and an independent adjustment mechanism. However, many organizations based in Europe and the U.S. lacked a legal basis for their transfers of personal data.
The ISG white paper Exposure of Data in the Cloud Induces Greater Risk of Data Corruption and Data Theft explores the idea of a sovereign cloud and what enterprises, public institutions and service providers can do to protect themselves and their data in the cloud-first era.
Please complete the form to download this white paper.
About the authors
Antoine’s background includes more than twenty-five years of progressively responsible positions in Business and High-Technology services companies. He is a talented and accomplished senior management professional, highly skilled in complex IT Strategy engagements and large transformational deals. He has established and directed highly successfully, multi-million dollar Information Technology programs for large fortune 500 companies (Alstom, AXA, AXA Technology Services, BNPP Corporate Investment Banking, Bridgestone, Carrefour, Crédit Agricole, DassaultAviation, EDF, Givaudan, HSBC, Alcatel-Lucent and Nokia, Renault-Nissan, Sanofi, TEVA Pharmaceuticals, Total…). He has negotiated more than $4 billion in proposals and contracts.
Michael advises his clients on the development and implementation of business-oriented IT strategies, comprehensive IT sourcing strategies as well as ramp-up and operation of transformation programs. He supports medium-sized and large companies in organizing and carrying out tendering and negotiation processes for IT services (ADM and IT infrastructure). In addition, Michael advises CIOs and IT managers on the strategic realignment and redesign of IT organizations (role of IT, target operating model, structural organization, IT governance and IT processes and roles). In addition, he has concrete experience in change management as well as in coaching IT executives. Michael has developed 360-degree assessments for selected IT management functions and successfully applied them in customer projects, e.g., project and application portfolio, enterprise architecture management as well as sourcing and change readiness assessments.
Rohan Thomas has a Masters of Technology Degree in Computer Aided Design and Manufacturing (CAD/CAM) from the Vellore Institute of Technology, India. Rohan brings to the job close to a decades’ worth of experience in communications technology, hardware & semiconductors, and communications testing. At ISG, Rohan is a knowledge expert on the adoption of the cloud and has done extensive research on the Private and Hybrid in France and the Benelux.