With a large amount of sensitive data now hosted in the cloud, data sovereignty is becoming an increasingly powerful influence over an organisation’s future cloud strategy. This is the finding of recent research we conducted with IDC, the corresponding report to which can be found here.
This blog is the second in a two-part series, which examines the key findings from this research. The first piece, which you can read here, looked at why rising volumes of sensitive data in the public cloud make sovereignty an imperative. But the research also found that organisations also need help to navigate the complexities of evolving from where they are now.
A massive unmet demand for sovereignty solutions
This is because the levels of control of data in the cloud are not at the right level. This is prompting organisations to review their usage of private and public clouds to unlock the value of their data and meet strict, complex and changing data sovereignty regulations. Combating new threats to data privacy and security is also an imperative. The size of the challenge is laid bare in the research findings.
More than half of organisations say they require sovereign capabilities for up to 10% of their data kept in the cloud. That means for 90% of data in the cloud there remains a vital need for organisations to review their security and compliance processes, tools, and skills to assess if there is an unmet demand or requirement for sovereignty solutions that they are not aware of.
Sovereign cloud is not a “done deal”
While the need for sovereign cloud is well documented (for more on this see part one of this series), sovereign cloud is not a “done deal” and most organisations face deployment challenges. Despite many organisations using public clouds for their “top secret” and “highly confidential” data, only 19% have actually implemented a data sovereignty strategy. When asked about their main concerns regarding implementing a sovereign cloud strategy the top concerts cited by almost half of businesses (49%) were high implementation costs and high complexity.
In spite of this, 40% of organisations anticipate increasing their investment in sovereignty solutions over the next two years. This figure rises to 53% over a longer term of three to five years. The research found that while cost may be a barrier, businesses clearly see the value in sovereign cloud and are prepared, to a degree, to pay for the privilege. Just under half are willing to pay up to 10% more for sovereign cloud offerings, but larger firms with 1,000 or more employees are prepared to pay as much as 30% extra. However, 39% remain reluctant to pay any premiums for such solutions, which suggests a need to embed sovereignty into cloud solutions by default.
The usual suspects of sovereign cloud providers
Away from the investment, another challenge cited was that of moving workloads to sovereign cloud and the lack of maturity that exists in the market today. Of those questioned, 39% cited insufficient sovereign cloud knowledge and 31% insufficient knowledge of legacy apps. This lack of knowledge is one of the main reasons why organisations often default to the “usual suspects” when seeking sovereign cloud providers. As a consequence, it was no surprise to find that a limited choice of sovereign cloud providers was one of the top concerns for 41% of organisations implementing a sovereign cloud strategy.
So much so that a ‘trusted brand’ is the number one non-technical attribute organisations look for when seeking sovereign cloud partners. End-to-end capabilities and certifications will also be crucial when choosing a partner for a sovereign solution deployment. For sovereign solutions, security and compliance must be maintained on an ongoing basis and as a shared responsibility between vendor and customer. It is therefore essential to work with partners that can verify trusted credentials.
Helping organisations become more resilient
Because of all the costs, complexities, and processes involved, businesses should seek out partners and providers that offer the greatest adaptability, flexibility, and control when it comes to sovereign solutions. Solutions that lead to vendor lock-in will restrict data maneuverability for customers, while open source solutions lend themselves well to data interoperability, portability, and transferability. This is vital for sovereignty success
For their part, vendors should be prepared for greater customer and auditor scrutiny. Organisations should look for providers that offer the greatest transparency in terms of their solutions, services, and platforms. Working within an ecosystem is also a foundation for sovereignty success, but customers must seek assurances that all the provider partners adhere to sovereign rules.
Ultimately, digital sovereignty should be seen by both providers and customers as a way of helping organisations become more resilient.
Authentic and autonomous sovereign cloud platforms
To ensure success in their sovereign journey, organisations must work with partners they trust and that are capable of hosting authentic and autonomous sovereign cloud platforms. VMware Cloud Providers recognised within the VMware Sovereign Cloud initiative commit to designing and operating cloud solutions based on modern, software defined architectures that embody key principles and best practices for data sovereignty.
More than 42 global (and 19 in EMEA alone) VMware Sovereign Cloud Partners can deliver to customers cloud services in alignment with security and local regulations, while enabling sovereign innovation.