Control your Files. Control your Sovereignty.

Data residency, data sovereignty, data localization – the trio of data compliance and governance – have been on my mind a lot lately. I am seeing a disturbing trend. “Splinternet” has taken a hurried and hastened pace. We are now seeing many countries drawing up digital boundaries in the name of data privacy and data protection with sovereign laws and regulations. Besides, these digital demarcation along the lines with data definitions, digital “colonization” is a strong undercurrent as developing countries are accepting larger and more powerful foreign powers into their playpen.

Public cloud services transcend national borders. The breakneck speed in the adoption of public cloud services is causing anxieties and concerns with conservative governments everywhere. On the flip side of the coin, commerce has certainly flourished and bloomed as global wide collaborations bring new opportunities, new markets – all for capitalism and growth.

[ Note: While we are on this debacle, the voices of decentralization are getting louder as well, but that is a topic for another day ]

Where are your data files now?

The problem with Files

On a daily basis, we work with files. Almost all digital entities work with files because files are our work. Cloud storage, through early startups created the BYOD (bring your own device) phenomenon more than a decade ago. It democratized files that were previously locked in on-premises file servers. We can now take our files on-the-go, knowing well that as long as we have Internet access, we can get to our files anywhere, anytime, any device.

However, this freedom created other problems – data silos, proliferation of copies and copies of files, orphaned files, zombie files and the list goes on. In the face of these problems, files are leaking sensitive information as well. Ransomware proliferated mostly through files. Files, without the cybersecurity hygiene are violating data compliance regulations. And public cloud storage like Dropbox®, Box, OneDrive, Google® Drive and many others are part of this file democratization revolution and also part of the bother of data regulators as well.

This easy way with files has almost made us lazy when it comes to making sure that use and the sharing of files in a borderless world, is better managed.

Control your Files

It is pretty obvious that some level of dedicated work has to be done to achieve a good level of data sovereignty and data residency to attend to the requirements of these digital data laws. The shared responsibility model of many cloud service providers does not absolve a company or an individual from data sovereignty responsibilities and duties.

We can certainly apply layers of cybersecurity defense to the file server but that usually comes in the expense of inflexibility, and a burden to cross borders collaboration.

One prominent way is to build our own private cloud storage. We can be in greater control and the operative word here is CONTROL.

CONTROLS and COSTS

We are spoiled for choice in this segment. Having your own private cloud file sharing solution, although require a bit more work and prudence, definitely has its upside. In the department of data sovereignty, we can develop a more astute process and data management framework with CONTROL in our favour. Yes, I am emphasizing the word CONTROL here again because it empowers organizations and individuals to be in constant observance of the files shared and distributed. Integration with IAM (identity access management), cybersecurity measures in both processes and technologies, and data compliance regulatory frameworks can certainly be tighter and significantly auditable without the fear of incurring plenty of ambiguous pricing in the cloud services offerings.

I am working on a healthcare related opportunity right now. I am doing research on Google® Cloud’s Healthcare API pricing. Here is a look at how it is priced:

Google Cloud Healthcare API pricing

This might not hit the pocket of an individual or a small medium business, but for larger organizations to be charged for all kinds of transactional fees in the public cloud service that are covered with layers and layers of opaque pricing is absolutely bonkers!

Costs become a limiting factor in designing and implementing a suitable and agreeable data compliance framework that is admissible for data sovereignty reasons.

Nextcloud and EasiShare

I am fortunately to work with 2 of the best private cloud file sharing solutions. On the open source side, I have doing a lot of hands on with Nextcloud, and getting better with it. Nextcloud is privately hosted but democratize the files in the file server to Internet easily, through the web browsers and clients for Windows, MacOS, Linux, iOS and Android. I have several blogs on Nextcloud in the past:

In fact, Nextcloud is beyond private cloud file storage, and has an extensive suite of applications such as Talk, Groupware, Calendar, email and office productivity that rival Google®  G Suite (now renamed as Google® Workspace).

Closer to home here in South East Asia, I have been a big advocate to Inspire Tech Easishare. Easishare is a military grade secure private enterprise file sync and share solution from Singapore. It is based on a 3-tier architecture that overlays the iXsystems™ TrueNAS® on-premises file server with very secure HTTPS link-based file sharing (for both uploads and downloads) with expiry policies, 2FA (2 factor authentication) with SMS, Google® and Microsoft® Authenticator, Air Gap architecture, Unified Administration, audit trails for users’ file access and file activities, and many more. Furthermore, the Easishare desktop client integrates seamlessly into Windows, MacOS, iOS and Android in addition to web browser file explorer access.

Easishare and TrueNAS architecture

No wonder, Easishare can count on the Monetary Authority of Singapore (MAS) as one of its esteemed customers. If it is good enough for MAS, which is known for its hyper secure approach to files sharing because MAS is the epitome of data sovereignty for Singapore as an international financial hub.

I have also written a few blogs on Easishare:

Control your files to control your sovereignty

Files are the conduits of data, all types of data. They flow everywhere according to how we share them. Many times, because public cloud storage services are so pervasive, organizations tend to take a lackadaisical attitude. But the noose on data residency, data sovereignty and data localization is tightening. And these regulations are already sanctioning organizations to take heed to take control of their files, without taking too much away in the flexibility of international collaboration that give rise to global commerce while not too much impacting the organization’s operational costs.

It is easier said than done but the 2 companies I have shared here (partly because I taken a passionate stand to their capabilities) can be the middle ground for file sharing, with advanced security and control and not sacrificing too much of the flexibility and unrestricted sharing in public cloud storage.

Returning CONTROL and managing the COSTS of global organizations are keys in developing a compliant framework for data sovereignty.

Tagged , , , , , , , , , , . Bookmark the permalink.

About cfheoh

I am a technology blogger with 30 years of IT experience. I write heavily on technologies related to storage networking and data management because those are my areas of interest and expertise. I introduce technologies with the objectives to get readers to know the facts and use that knowledge to cut through the marketing hypes, FUD (fear, uncertainty and doubt) and other fancy stuff. Only then, there will be progress. I am involved in SNIA (Storage Networking Industry Association) and between 2013-2015, I was SNIA South Asia & SNIA Malaysia non-voting representation to SNIA Technical Council. I currently employed at iXsystems as their General Manager for Asia Pacific Japan.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.