• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Management Leadership Finance Governance, Risk and Compliance

Architecting for meaningful data sovereignty strategies

Allan Tan by Allan Tan
March 17, 2023

The IDC Cloud Pulse 2Q22 Survey noted that data sovereignty and industry compliance have factored highly in discussions about the future of their IT architectures, with just 4% of organisations indicating that their IT organisation will not be impacted by data sovereignty and compliance considerations.

Chris Drake

"Among organisations that expect their IT budgets to increase in the coming year, the vast majority believe that data sovereignty and industry compliance considerations will strongly influence service provider selection decisions and decisions about their primary datacentre environments," said Chris Drake, senior research director, BuyerView research at IDC.

IDC expects data sovereignty and industry compliance considerations to be of increasing importance in decisions about the design, operation, and management of IT architectures (including the selection of cloud service providers).

FutureCIO spoke to Ian Lim, field chief security officer for Asia Pacific at Palo Alto Networks, on how data sovereignty elements are impacting operations across the organisation.

What is data sovereignty?  Who is responsible for data sovereignty?

Data sovereignty is the idea that digitally stored information is subject to the laws of the country. The idea is I want to keep my data in my country so that my laws protect and govern the data that matters to me.

Executive leadership falls under the remit of general executive counsel, in most organisations. If they have a data privacy officer, it falls under their purview as well, and then very closely tied to the chief security officer and the CIO, who must figure out how to execute it technically.

When you have an organisation that has all of them, legal counsel, data officer, privacy officer? How do you manage this complexity of too many heads?

Typically, you have a committee that's driven by the data officer. It is his responsibility to know all the data regulations, not only around sovereignty but around privacy and protection across the region where they're doing business in.

He will probably call the committee together, to meet and figure out what issues, what countries, what applies to them, and how to do it most cost-effectively. Additionally, he also must make sure that it's consumer friendly. Most importantly, at the top of the agenda lies how the organisation can comply with these laws.

How important is data sovereignty? And in which countries or industries in Asia is it more actively observed?

Ian Lim

"Data sovereignty laws are a bit of a double-edged sword because there needs to be deep consideration in terms of prioritising what to localise and what not to localise. This is so that you don't inhibit growth in the region."

Ian Lim

China has a very strict data protection law. We do have countries like Singapore, that are also considering laws for government-based data. Vietnam is putting sovereignty protection at the forefront of its data laws.

Countries like Malaysia and Indonesia are thinking about it and planning for it. Thailand and the Philippines are looking at it from a perspective of more data privacy, versus localisation.

What is driving some countries and some governments to implement data sovereignty?

I think a lot of it has to do with the idea that if I entrust my country's data into the hands of a different country's data centre, I'm subject to subpoenas that could essentially compromise my security.

Countries that are ultra-sensitive, and concerned about that level of infringement, are moving more closely towards data localisation and data sovereignty policies.

That said, I think some capabilities are built within these cloud service providers, like the idea of bringing your encryption key into a public cloud, which can enable you to essentially protect your data.

What would be the top challenges that organisations in Asia as regulators focus on data privacy and data protection?

Bar none is the diversity of these data localisation laws. When you're trying to implement something in different countries, that creates huge administrative costs and huge technology costs, and ultimately, the cost will be translated back to the consumers who are using them.

There should be a movement to harmonise some of the requirements here. This is so that you can fulfil an ADM 2025 Plan. I think that is one of the biggest challenges that corporations and companies will face when it comes to various laws.

Do you see low data literacy levels in Asia as a challenge?

If your question is about data sovereignty and localisation versus data literacy, the localisation laws impact multinational companies more than anyone else, versus your common consumer. They won't know where that data is stored, nor do they care.

This burden falls back on the chief data officer, the chief legal counsel, etc, to understand what it means, and then the CIO and the COO to understand how much this is going to cost, and how complicated this is.

We are seeing a shift to multi-cloud or hybrid in some cases, does this complicate compliance for organisations as far as data localisation?

Let's say, for example, Singapore’s index data localisation, or data sovereignty law. Singapore isn’t very big. Why would you want to do a multi-cloud or public cloud? One of the key reasons is resiliency. If anything happens in one region, your system is not down.

There are huge technical implications to these laws. That's why I don't believe that Singapore has outlined a strict data sovereignty law. But multinational companies have to consider how to do business continuity in certain aspects, with the use of multi-cloud and hybrid cloud when you're subjected to these laws.

Will Hong Kong face the same?

That's just one of many aspects, such as administrative overhead, the ability for you to now establish your commerce freely in the ASEAN region. For example, Indonesia, wants to do something with Thailand, wants to do something with Malaysia, and they want to have a credit card transaction or customer database that flows so that they have a seamless experience, whether they're in Thailand, Bangkok, or Indonesia. It just makes things more complicated. How do you balance this double-edged sword that we were talking about in that we want an advanced, seamless, digitised region?

As more organisations rely on business applications running in the cloud, some are observing that operating costs are exceeding expectations. How do you see this impacting data sovereignty efforts?

The problem with regulation at large is that if you don't comply, you're going to get into heart aches with your regulator, which might impact you in fines and in terms of your ability to operate, licensing, suspension, etc.

The burden falls on the CEO, the CIO and the CTO to say, these are your regulations. It comes to what the law is and how they interpret it, and how they can cost-effectively implement their technology to reduce FinOps costs as best as they can while complying with the law.

Do you see green initiatives impacting the local data or data sovereignty issues?

Instead of consolidating your infrastructure and your technology in the most cost-effective and ESG-compliant way, data sovereignty and data localisation law will say, no, I want you to stand up with the smaller data centre. So yes, consolidation helps reduce the environmental impact. They will have some impact on your ESG.

How do you see compliance and risk officers working with CIOs and CTOs to ensure that innovations are pursued while remaining compliant with evolving regulations?

One of the key areas that CIOs and CTOs can do is evolve your monolithic applications into more of a cloud-native architecture. It's almost looking at it from a macro versus micro perspective. Application-wise, you can now have the ideal situation, to be able to leverage the public cloud at large, to be able to do business continuity at large in multiple regions and to enhance protection.

When you start looking at multi-regional innovation, that whole idea of, for example, an app in Malaysia that can be used anywhere I want. That level of innovation can be hindered by data sovereignty.

For an organisation to have some level of success in complying with data sovereignty issues? What is your advice to the executives responsible for this effort?

"We need to get together and enhance the public-private dialogue. We must go back to this idea of harmonising requirements that meet the needs of the countries that we're doing business in, as well as balance it against the needs of the enterprises that must do business with."

Ian Lim

Let's reach out and collaborate, for a common interest, to talk to governments about harmonising these laws so that they are usable and easy to implement while protecting the requirements that are set forth to fulfil.

Related:  PodChats for FutureCIO: Relevance of ARM in the digital economy
Tags: data sovereigntyIDCPalo Alto Networks
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe