The cloud industry is continuing to grow every year. According to Gartner, the total market revenue was $260bn in 2017, and it’s expected to grow to over $410bn by 2020. Still dominated by some of the larger players, 2017 concluded with AWS holding 62% of the cloud industry’s total market share, Azure 20%, and GCP 12%. While there is obviously much at stake for these big three, smaller service providers are taking advantage of the growth by finding niches. The desire for more personalized, multilingual support as well as consideration around the appropriate private, hybrid, and multi-cloud strategies have specific demands that require specialized cloud providers. Such demands are made all the more urgent by the growing complexity of data sovereignty worldwide. There are many reasons why customers may choose to work with regional cloud providers - here are some key ones.
The European General Data Protection Regulation, or GDPR, came into effect in May promising fines for non-compliance of €20m or 4% of annual worldwide revenue. Many organizations scrambled to decipher how their application could be impacted by GDPR and what they could do to ensure compliance. A few months later not much has changed. Precedents have still to be set. Nonetheless, questions of sovereignty remain relevant as the dynamic nature of data storage and processing entails a fair amount of ambiguity. To that end, I’ve compiled a quick summary of how GDPR describes data sovereignty and what that means for Canadian businesses.
The slippery slope of data sovereignty was brought into the limelight again recently with the news that certain Canadian government agencies were entertaining discussions to store secret Canadian data on US-based hyperscale clouds - forbidden by current Canadian Federal policy. These discussions centered around the use of encryption to ensure that this data remained secret - with the premise being that as long as Canada held the keys to the encryption, the data would be safe. Encryption has also been front and center in many discussions concerning readiness for the EU General Data Protection Regulation (GDPR), already approved, and due to be enforced beginning in May 2018.