The flurry of cloud providers setting up new EU data centres would lead many to think that construction is the only solution to the data sovereignty problem that the major vendors are facing. In recent weeks, AWS and VMware have both confirmed new data centres in the region, joining the likes of Microsoft and Google. There is not always strength in numbers though. This plan will not be the silver bullet that everyone is looking for. Purely having data located within the EU will not be enough to assuage fears over sovereignty and new data centre builds will just be a halfway house to a solution.
Belt and braces
The logic behind building new data centres in Europe is clear to see. In the post-Snowden/PRISM climate, enterprises are concerned about foreign governments requesting access to their data. The fallout from this means that many now want to work from national clouds where they can secure data under their own national laws, safe from overseas requests.
Companies that we are speaking to, across the globe, from The Netherlands to Malaysia, are telling us that they need us to stand up national clouds in order to do business. Laws coming in to play in Russia this coming January will dictate that all data must be stored within the country and Brazil is going down a similar route.
But the location of data is only half the battle. Data ownership is the more pressing matter and it is a problem that cannot be combated solely by building new data centres. The decisive factor is that these new data centres will still be owned by foreign-based companies and, as such, enterprises will still feel vulnerable to judicial reach from abroad. Increasingly, enterprises want more than just having data stored within their own country; they want it to be owned by a national company. This is where the service provider model comes into its own.
Home is where the heart is
Working with local service providers, as we have done with Mobily in the Kingdom of Saudi Arabia, UOL in Brazil and Colt throughout Europe, eradicates the problem of judicial oversight from abroad. This way, it is the national service provider that owns the data, not a company based overseas, and it will come totally under the remit of national law.
This policy allows a company to operate as a global cloud vendor, while allowing customers to work on a national level. For the other major providers, such as VMware and AWS, to maintain this global presence in the era of national clouds, they will need to build at least two data centres in every country to ensure failover and performance SLAs are met. It will not simply be a case of building data centres in Germany and solving the problem in one fell swoop. The policy will have to be Europe-wide and will become a massive drain on resources.
What are the other options?
There will be some enterprises that want to take another approach. Some businesses will prefer to implement their own private cloud if they do not want to go down the route of working with a third-party. As a result, another consequence of the national cloud drive will be a surge in demand for private cloud software.
The type of cloud providers that enterprise businesses are looking to work with will also shift with the growing prevalence of national clouds. With concerns over privacy and data sovereignty heightened, businesses are increasingly focusing on specialist cloud providers to deal with the high compliance, mission-critical data.
A way forward
There is no doubt that, in the wake of the Snowden and PRISM revelations, US-based cloud companies have faced significant challenges to their business models and are having to adapt. The problem is, the strategy that many of the big players have adopted will only solve half the problem. Building new data centres around the EU will still leave European companies vulnerable to data requests from overseas. Only putting data in the control of national companies will provide a complete solution.