Sorry Ladies and Gentlemen, I don’t want to alarm you, but there might be a few things happening around the world that will make you have to seriously re-think your infrastructure and platform strategy in the not too distant future. Let me tell you why. The key word is data.
Data sent by IP doesn’t have a passport. It flows around networks, be they sub sea cables connecting continents, soon to be satellite stations in low earth orbit or happily flowing around your home network, usually helping your teenage son shoot up numerous aliens with plasma weapons. HTTP traffic has been built for open borders and free data exchange. We should, therefore, only be concerned with latency of data traffic as it is sent around the globe, right?
The reality is that the data being sent is often subject to legislation covering privacy, data residency (where the data is stored), data sovereignty (who owns the data) and restrictive classification (who can see the data). This means that whilst theoretically I can move information anywhere, there are restrictions placed on my ability to do so, enforced by governmental decree.
This affects the cloud providers greatly: If data is subject to any restrictions as detailed above, then moving the data outside legal jurisdictions is prohibited.
Notice how the availability zone placements for AWS are quite spaced apart in the US (N. Virginia, Ohio, N California, Oregon) and in Europe they are far more densely packed (Dublin, London, Paris, Amsterdam, Frankfurt and others)? The demands of data residency are leading this less efficient model and it doesn’t stop there. We can see the roll out of these Availability Zones is not keeping up with Data Residency requirements, with areas like the Middle East only being served out of Bahrain, South America from Brazil and the entire African continent served from South Africa. This makes Hyperscale public cloud adoption from vendors like AWS for certain verticals in certain countries very difficult. Saudi Arabia’s National Cybersecurity Authority published their Essential Cybersecurity Controls in 2018 (here) states in 4-2-3 “Organization’s information hosting and storage must be inside the Kingdom of Saudi Arabia”, this covers all Saudi Government and what they define as “Critical National Infrastructure”.
So, the first problem for a Global Cloud is Data Residency, which is some years away from being fixed. The second is Data Sovereignty, which moves IT into an area it is not normally associated: Geopolitics. Gartner doesn’t conduct any quantitive or qualitative based research into Geopolitics and Law, we can merely point out facts stated in our inquiries (Which this author has conducted over 5000 in his 9 year tenure). The fact is that the Gartner Magic Quadrant detailed here only has US and Chinese headquartered enterprises in it. This is understandable due to the sheer size of their domestic markets. The reason that geopolitics is now involved is that these organisations are seen as particular national entities, subject to their home country laws and politics. One thing that can be observed is the increase in geopolitical tension with tariffs on US imports, political rhetoric and Brexit. We are seeing national and regional “public clouds” continually evolve in either areas that do not have hyperscaler presence, or that have had strong managed hosting marketplaces for decades before the advent of cloud. In Europe we are seeing the beginning of potentially a Pan European PaaS being incubated. Sponsored initially through the German Economic Ministry’s “Gaia-X” Framework, it now sits as the Gaia-X Foundation which has some 300 organisations participating. More information here. Gartner has assessed the Gaia-X framework for service providers in its Market Trends: Europe Aims to Achieve Digital Sovereignty With GAIA-X found here.
Two of the key concepts around Gaia-X has been (quoted from the Gaia-x foundation’s website linked above):
- sovereign data services which ensure the identity of source and receiver of data and which ensure the access and usage rights towards the data;
- the integration of existing standards to ensure interoperability and portability across infrastructure, applications and data
So your second problem is data needs to have an element of sovereignty to it, which is definitely another set of storm clouds gathering covered by Gartner Analysts such as Nader Henein or Bart Willemsen
Therefore IT leaders need to be mindful of the service provider being used, does it support open standards and interoperability? Can it support data sovereignty? The lead AWS and Microsoft have in the Western World and Alibaba and Tencent in the Eastern makes it incredibly difficult for any one organization to compete on a global level. But regional concerns exist and are growing. These might have material effect on your ability to do business in countries in the future, if your IT is not compliant with ever changing Data Residency and Data Sovereignty laws. Research from Gartner is constantly being updated in these areas, so look out for the updates. Nobody ever said this world was boring.