Recently, our CEO Vinay Joosery took part in the Tech Talks Daily podcast to discuss how true data sovereignty is more than just about compliance and achieving it is dependent on data stack sovereignty. Get the full scoop in this 30-minute episode or check out some of the highlights below.
Why is data sovereignty back in the limelight?
Increased and more assertive enforcement of the GDPR, the invalidation of the EU-US Privacy Shield by the Schrems II ruling, more data privacy regulations getting on the books in U.S. states and internationally, and the fact that most of the Western world’s data is pushed through AWS, Microsoft Azure, and GCP present a critical business risk that can no longer be ignored.
Couple the above with a complex, relatively opaque regulatory landscape where businesses are unable to confidently assess and mitigate the risk, new questions and ways of thinking will arise.
Ultimately, it means that more regulation is inevitable, so we’re finally seeing an acknowledgment that organizations need to proactively address data sovereignty challenges now by implementing a strategy that includes them being in greater control over their data stacks. Luckily, this is becoming easier and will provide additional benefits.
What’s at the core of true data sovereignty?
Data sovereignty is an outcome of possessing control over your data stack – the infrastructure, servers, databases, tooling, etc. And, to have control over your stack, you need to be aware, have visibility, and be able to affect change.
However, achieving practical sovereignty is not binary. Think about sovereignty on a sliding independence scale with extremes on each end. On one end, you have companies that are fully dependent on public clouds and managed service providers, and on the other, those that are fully independent and running their own data stacks. The point is not to be on either end of the spectrum but to be as close to the independence end as your capabilities allow and current and future business needs dictate.
The biggest risks that data stack sovereignty mitigates
Vendor & environment lock-in — Using one or a handful of vendors’ products and services to satisfy your needs presents efficiencies but also a ton of dependencies. Those dependencies result in a less nimble business posture and consequently, negotiation power. Costs skyrocket, sometimes seemingly overnight, and moving away or to a multi-provider / -environment strategy becomes a painfully monumental, expensive task.
Key person dependency — a person or small team builds and maintains a key component of your data stack; they know where the skeletons are buried, and there’s little to no documentation. Their departure can be as bad or even worse than vendor lock-in because you have to hire yesterday and don’t have 3rd-party, documented managed services to rely on.
Open-source license instability — very little is said of this, but there is now a precedent for database vendors to change their license model to a more restrictive one that disallows 3rd-party providers to offer their database as a managed service. What happens when a key component of your data stack requires you to self-manage or use the vendor’s service?
Data protection regulation changes — Regulations will change, and we have to accept it as a fact. Relying on handshake deals and hoping that providers will figure it out will no longer work.
Cost predictability — Pricing models of major cloud service providers are opaque and overcomplicated, which makes it a headache to predict your infrastructure cost in the long run. The same goes for proprietary database software – price renegotiations with big vendors are infamously known for not being in your best interest and could even end up in a lawsuit (for example, Oracle vs. Envisage Technologies).
Implementing a Sovereign DBaaS concept mitigates multiple risk vectors
The current cloud database landscape has not evolved to meet the needs of enterprises today, and most have relinquished control to hyperscalers and 3rd-party vendors, thus sacrificing control.
Enterprises want three things:
- Environment agnosticism, i.e., workload portability or the ability to move workloads freely from one environment to another.
- End-user independence, with access to the infrastructure and database to fix issues if and when they occur.
- Open-source / source-available tool accessibility, and the operational software and tooling to help you run the database.
With Sovereign DBaaS, we’re aiming to provide organizations with a way to achieve all of those three things together:
- Sovereign DBaaS empowers cloud-vendor neutral deployment with complete control – we provide a single pane of glass management console to manage and migrate workloads and assets between on-premise and cloud environments of multiple providers.
- End-user controls the infrastructure – even if it’s deployed in a public cloud, the end-user gets the root access together with the ability to install and manage any software components needed
- The concept is built on open-source/source-available tools & technologies with simplified cost management.
As enforcement, fines, and application increase, data privacy regulations centered around data sovereignty will be top-of-mind for many organizations in 2023 and beyond. Each will have to determine what makes the most sense for their operations and needs, but they should think and plan further ahead than just today’s needs. The current implementation will make sense for some, but we will likely see more organizations rethink their data stacks and adjust accordingly.
This is where laying their data stack along an independence scale and implementing a Sovereign DBaaS concept come into play. By doing so, they will not only stay ahead of the regulatory curve but improve the efficiency and adaptability of their operations. Check out the full conversation on Tech Talks Daily to hear Vinay and Neil Hughes discuss this in-depth!