REQUEST A TRIAL
back to blog

Think you’ve got Data Sovereignty sorted?  Maybe time to think again

Think you’ve got Data Sovereignty sorted?  Maybe time to think again

Data Residency v Data Sovereignty – One is Location, and One is Control, and the difference is critical

A series of revelations this year has fuelled increased debate about what true Data Sovereignty really means. Many organisations think they have ticked the Data Sovereignty box, when in reality they have Data Residency.

Data Residency is a term relatively recently coined to describe where data is held – i.e. where the datacentre that hosts it is located. Many organisations believe (erroneously) that if their data is held in the UK or EU, it is subject to those governing regulations, and therefore as the data is held on sovereign shores it is under their own control.

Data Sovereignty is a term that is often misused to refer to the location of data, when in fact, it means keeping total control of that data. Unless data is held on servers in-house, this is more difficult to achieve than it may at first appear. This is because most organisations use business products and services that are supplied by US tech giants (Microsoft and Amazon are the two that spring immediately to mind, but there are plenty of others).

Why are we talking about Data Residency v Data Sovereignty

In many industries, data sovereignty and keeping control of data, is extremely important for reasons of national security as well as for commercial reasons.  And, in certain cases, it is a legal requirement. Here are a couple of examples that hit the press during the last year where “sovereignty” was not all it was cracked up to be:

In June Computer Weekly reported that Microsoft cannot guarantee the sovereignty of UK data hosted on its hyperscale public cloud infrastructure.  In the detailed article Computer Weekly explains that under Part 3 of the Data Protection Act (DPA) 2018, law enforcement data (the story was about the Scottish Police) must be kept within the UK, as must all public sector data under the G-Cloud 14 framework regulations.

A few weeks later in July The Register reported that; “Microsoft says it “cannot guarantee” data sovereignty to customers in France – and by implication the wider European Union – should the Trump administration demand access to customer information held on its servers.”

The article went on to explain how the CLOUD Act gives the US government authority to obtain digital data held by US-based technology companies irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request for information. A Microsoft employee admitted in court that they would be compelled to reveal information to US officials, even if that data were held in France.

All of which contravenes GDPR and UK data protection legislation, however – whatever lip service may be paid to these laws – a US company is more likely to abide by US regulations, despite what a host nation may require.

Data Sovereignty and Secure Communications

At Armour Comms we have a long track record of working with higher assurance organisations, so when we talk about Data Sovereignty we understand the term, and we mean enabling our clients to keep total control of their data.  So that only the data owner has access to it.  This is particularly critical when handling sensitive or classified information.

The Armour® Secure Communications Platform is a federated, cross domain, interoperable architecture for secure communications – voice, instant messaging and video conferencing – enabling interoperability between organisations and their partners and supply chains.

The Armour Secure Communications Platform provides a range of options for on-premises, standalone, sovereign installations, that can be securely federated and provide secure interoperability with other communications, platforms as required.

Armour is approved for use at OFFICIAL-SENSITIVE and NATO RESTRICTED and with our partners, protects communications up to higher assurance levels.

For more information about Secure Communications that provide true Data Sovereignty, contact us today: sales@armourcomms.com, or read our blog: Cloud Repatriation -the new trend, https://www.armourcomms.com/2024/10/11/is-cloud-repatriation-the-new-trend/  or download our white paper: https://armourcomms-25743375.hs-sites-eu1.com/

 

  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
  • Think you’ve got Data Sovereignty sorted?  Maybe time to think again
Armour Comms
GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.