Data residency, data sovereignty, data localization – the trio of data compliance and governance – have been on my mind a lot lately. I am seeing a disturbing trend. “Splinternet” has taken a hurried and hastened pace. We are now seeing many countries drawing up digital boundaries in the name of data privacy and data protection with sovereign laws and regulations. Besides, these digital demarcation along the lines with data definitions, digital “colonization” is a strong undercurrent as developing countries are accepting larger and more powerful foreign powers into their playpen.
- [ September 2012 ] The Internet and ‘balkanization through regulation’.
- [ October 2020 ] Sovereignty and the Evolution of Internet Ideology.
- Data sovereignty vs Data residency vs Data localization
Public cloud services transcend national borders. The breakneck speed in the adoption of public cloud services is causing anxieties and concerns with conservative governments everywhere. On the flip side of the coin, commerce has certainly flourished and bloomed as global wide collaborations bring new opportunities, new markets – all for capitalism and growth.
[ Note: While we are on this debacle, the voices of decentralization are getting louder as well, but that is a topic for another day ]
- Who controls the Internet?
- [ January 2017 ] The future is a decentralized Internet
- [ January 2021 ] The Decentralized Internet is coming
The problem with Files
On a daily basis, we work with files. Almost all digital entities work with files because files are our work. Cloud storage, through early startups created the BYOD (bring your own device) phenomenon more than a decade ago. It democratized files that were previously locked in on-premises file servers. We can now take our files on-the-go, knowing well that as long as we have Internet access, we can get to our files anywhere, anytime, any device.
However, this freedom created other problems – data silos, proliferation of copies and copies of files, orphaned files, zombie files and the list goes on. In the face of these problems, files are leaking sensitive information as well. Ransomware proliferated mostly through files. Files, without the cybersecurity hygiene are violating data compliance regulations. And public cloud storage like Dropbox®, Box, OneDrive, Google® Drive and many others are part of this file democratization revolution and also part of the bother of data regulators as well.
This easy way with files has almost made us lazy when it comes to making sure that use and the sharing of files in a borderless world, is better managed.
Control your Files
It is pretty obvious that some level of dedicated work has to be done to achieve a good level of data sovereignty and data residency to attend to the requirements of these digital data laws. The shared responsibility model of many cloud service providers does not absolve a company or an individual from data sovereignty responsibilities and duties.
We can certainly apply layers of cybersecurity defense to the file server but that usually comes in the expense of inflexibility, and a burden to cross borders collaboration.
One prominent way is to build our own private cloud storage. We can be in greater control and the operative word here is CONTROL.
CONTROLS and COSTS
We are spoiled for choice in this segment. Having your own private cloud file sharing solution, although require a bit more work and prudence, definitely has its upside. In the department of data sovereignty, we can develop a more astute process and data management framework with CONTROL in our favour. Yes, I am emphasizing the word CONTROL here again because it empowers organizations and individuals to be in constant observance of the files shared and distributed. Integration with IAM (identity access management), cybersecurity measures in both processes and technologies, and data compliance regulatory frameworks can certainly be tighter and significantly auditable without the fear of incurring plenty of ambiguous pricing in the cloud services offerings.
I am working on a healthcare related opportunity right now. I am doing research on Google® Cloud’s Healthcare API pricing. Here is a look at how it is priced:
This might not hit the pocket of an individual or a small medium business, but for larger organizations to be charged for all kinds of transactional fees in the public cloud service that are covered with layers and layers of opaque pricing is absolutely bonkers!
Costs become a limiting factor in designing and implementing a suitable and agreeable data compliance framework that is admissible for data sovereignty reasons.
Nextcloud and EasiShare
I am fortunately to work with 2 of the best private cloud file sharing solutions. On the open source side, I have doing a lot of hands on with Nextcloud, and getting better with it. Nextcloud is privately hosted but democratize the files in the file server to Internet easily, through the web browsers and clients for Windows, MacOS, Linux, iOS and Android. I have several blogs on Nextcloud in the past:
- My 2-day weekend with Nextcloud on FreeNAS
- Setting up Nextcloud on FreeNAS™ – Part 1
- Setting up Nextcloud on FreeNAS™ – Part 2
In fact, Nextcloud is beyond private cloud file storage, and has an extensive suite of applications such as Talk, Groupware, Calendar, email and office productivity that rival Google® G Suite (now renamed as Google® Workspace).
Closer to home here in South East Asia, I have been a big advocate to Inspire Tech Easishare. Easishare is a military grade secure private enterprise file sync and share solution from Singapore. It is based on a 3-tier architecture that overlays the iXsystems™ TrueNAS® on-premises file server with very secure HTTPS link-based file sharing (for both uploads and downloads) with expiry policies, 2FA (2 factor authentication) with SMS, Google® and Microsoft® Authenticator, Air Gap architecture, Unified Administration, audit trails for users’ file access and file activities, and many more. Furthermore, the Easishare desktop client integrates seamlessly into Windows, MacOS, iOS and Android in addition to web browser file explorer access.
No wonder, Easishare can count on the Monetary Authority of Singapore (MAS) as one of its esteemed customers. If it is good enough for MAS, which is known for its hyper secure approach to files sharing because MAS is the epitome of data sovereignty for Singapore as an international financial hub.
I have also written a few blogs on Easishare:
- TrueNAS® – The Secure Data Platform for Easishare\
- Secure Private Sync and Share with Easishare
- 4 Digital Workplace Moves after Covid-19
Control your files to control your sovereignty
Files are the conduits of data, all types of data. They flow everywhere according to how we share them. Many times, because public cloud storage services are so pervasive, organizations tend to take a lackadaisical attitude. But the noose on data residency, data sovereignty and data localization is tightening. And these regulations are already sanctioning organizations to take heed to take control of their files, without taking too much away in the flexibility of international collaboration that give rise to global commerce while not too much impacting the organization’s operational costs.
It is easier said than done but the 2 companies I have shared here (partly because I taken a passionate stand to their capabilities) can be the middle ground for file sharing, with advanced security and control and not sacrificing too much of the flexibility and unrestricted sharing in public cloud storage.
Returning CONTROL and managing the COSTS of global organizations are keys in developing a compliant framework for data sovereignty.