Mining data without betraying customer trust: The role of sovereign clouds

Businesses today are struggling to perform a delicate dance: Turning customer data into actionable insights while managing customer information. This task has never been more complex and fraught with risk.

The term “data monetization” no doubt has a negative connotation. Many assume that it’s purely about companies selling our personal information. There’s no question that collection of our personal data is escalating, and it’s both troubling and creepy. But for the vast majority of organizations that I speak with, data monetization represents something completely different: It’s about gleaning valuable insights to reduce costs, boost employee productivity, and enhance existing products and services. This form of data monetization has nothing to do with selling personal data and everything to do with improving business performance.

And yet, almost every business leader I speak with recognizes that they must maintain a tricky balance: As they analyze customer behavior for competitive advantage, it is critical that they manage their data with care to protect customer privacy. That, in turn, requires them to navigate complex data sovereignty laws that differ from one country to the next. There are currently 137 countries that have their own laws governing how data should be treated and stored within their sovereign borders, according to the U.N. That does not include economic zones such as the European Union, which enforce data-protection regulations across national boundaries. All of these data laws are evolving rapidly and changing constantly.

Growing data economy impact

The stakes are high on both sides of this challenge. Today, 29% of all organizations are already utilizing data to improve their performance and increase revenue, according to new research conducted by Vanson Bourne and commissioned by VMware. Going forward, that number is expected to more than double, with 63% saying they expect to drive competitive advantage and revenue from their data within the next five years. In Europe alone, the data economy’s impact on GDP is projected to grow from 2.6% to 4.2% by 2025, according to the European Commission. As economic uncertainty intensifies, it is not surprising that more business leaders are zeroing in on their data as an untapped revenue source.

Yet the downside is just as big: Organizations that fail to comply with data sovereignty laws often wind up paying hefty fines. To date, more than 900 organizations have been fined for violating the EU’s Global Data Protection Regulation (GDPR), with the largest totaling $877 million. Potentially even worse is the damage to brand reputation, when customers realize their data have been misused and their privacy has been compromised. Among the nearly 6,000 organizations surveyed, a whopping 95% identified data sovereignty as a top business concern.

So, how can organizations perform this delicate dance in a way that allows them to mine customer data without betraying their customers’ trust?

There is no data sovereignty without cloud sovereignty

The answer lies in the ability to share, monetize, and protect data that reside across multiple clouds. Gone are the days when customer information lived in a monolithic database residing in a single cloud. Today, the average organization is using two or more public clouds, and they are tasked with managing data that are continually in motion, moving from one app to the next and across a variety of clouds.

Multi-cloud strategies are making it easier to manage and protect data wherever they reside. A global network of sovereign cloud providers has stepped up to help ensure that data are protected, compliant, and resident within a national territory. This gives businesses the ability to choose the right cloud for a specific data classification, with better governance around data mobility.

For individual consumers, sovereign clouds provide an assurance that their privacy will be maintained. Why? Because the sovereign-cloud approach guarantees that customer information is stored and secured by a specialized cloud service provider with expertise in local laws and regulations. By definition, sovereign clouds are operated by a sovereign entity, with employees who are national citizens possessing the relevant security clearances.

The data economy: A vital national interest

Of course, the challenge is more complex and nuanced than simply keeping data inside a sovereign border. While keeping data “in” is a key focus, it is also necessary to securely share data outside of a country when warranted. For example, the EU’s GDPR has mechanisms to control the cross-border transfer of data, ensuring that data can only be moved if the destination country provides an adequate level of protection. One of the many responsibilities of a sovereign-cloud service provider is to keep track of these complicated cross-border, data-transfer rules.

An increasing number of government leaders around the world now see sovereign clouds as a way to expand their country’s capabilities, especially when it comes to critical national infrastructure, national resilience, and public/private sector innovation. They recognize that the data economy is rapidly becoming a vital national interest, and they are looking for ways to reduce their dependence on foreign powers, in large part by reducing their reliance on others to manage and secure their government data.

From cloud (and data) chaos to cloud smart

As more organizations focus on monetizing their data to capture revenue, sovereign clouds are becoming an integral part of a “cloud smart” strategy. They enable organizations to take advantage of the unique capabilities of different cloud providers, while also ensuring that they address data-protection requirements within and across the national boundaries where they operate.

With a cloud-smart approach, businesses are able to perform the delicate dance between data monetization and data sovereignty, so that they can mine valuable data and extract revenue from it — without betraying their customers’ trust.

Raghu Raghuram is CEO of VMware.