Borderless data: Acting locally, thinking globally
Around the world, data borders and regulations are being strengthened in a drive to protect customer privacy and fight cybercrime. As a result, multinational businesses are contending with a complex regulatory landscape. For business, data, and technology leaders, today’s challenge is to comply with local regulations while respecting customer expectations and managing complex global supply chains. To meet these macro and micro-economic challenges, organizations are looking for borderless data systems that enable global business operations but meet local demands.
The European Union’s General Data Protection Regulation (GDPR) has given rise to similar laws across the world, and the United Nations Conference on Trade and Development (UNCTAD) reports that 71 percent of countries have data protection regulations in place and 9 percent have legislation in development. Data governance professionals have increased their focus on data and cloud sovereignty in response, as some of these regulations restrict how data can be shared across physical national borders. In many cases, these regulations are positive and protect organizations and nations from criminals and aggressive states. However, today’s supply chains require data to be shared. A further complication is that cloud computing enables data sharing and business efficiency, yet the major cloud computing providers are firms from the USA. These businesses must comply with the US Cloud Act, which gives the US government access to data stored by these firms, even when hosting takes place outside of the USA.
Meeting new data demands
Not only must data and technology leaders meet new compliance demands, but also rising expectations from the organization to use data to meet business goals. Across all vertical markets, organizations are striving to become data-centric, using data to drive innovation, find efficiencies, increase profit margins, and lower the environmental impact of the business. New data technologies such as Large Language Models (LLM), artificial intelligence (AI) and machine learning (ML) are becoming available from, typically, the cloud providers. This means that organizations will have to extend data protection so that they can do full anonymization and use synthetic data to ensure the data is ready for AI usage.
At the end of the day, data sovereignty regulations should not be seen as an inhibitor or an end to global data. International data sharing is vital to individuals, businesses, and nations. For example, the know your customer (KYC) regulations that the financial services sector adopted following the September 11 attacks on New York and Washington DC in 2001 are critical, and it is important for data and technology leaders to understand that data globalization and data sovereignty reside within a spectrum of needs for both the customer and the organization.
Within this spectrum, data leaders often find they cannot meet the demands of the business due to data being locked in silos or governance processes, such as data sovereignty. If organizations don’t have a data strategy and solution in place, data silos will proliferate and prevent insight from being derived from the data. Data governance will also become a blockage, especially if governance relies on manual processes. Likewise, as soon as you involve a human in the process, the timelines to access data go from days to weeks and months. For organizations to meet the needs of customers and benefit from the analytical power of the new wave of data technologies, data governance must be automated with software. Having spent seven years as a data leader with international bank, HSBC, I know from first-hand experience how challenging this is. For example, at HSBC, we had 20,000 Oracle databases; clearly, it’s not practical to protect one database at a time. In addition, technology sprawl has been amplified by cloud computing in most large organizations.
Reaping the benefits of globalization
Understanding the data sovereignty challenge that HSBC and others faced, Protegrity developed our Borderless Data Solution, a set of capabilities that protect different data types using tokenization technology. Our solution brings together a suite of data security tools designed to help the world’s largest banks, retailers and health insurers continue to reap the benefits of their investments in globalization in an increasingly unstable and fragmented global privacy regulatory landscape. We are allowing organizations to be adaptive to local and global regulations. The software uses restful APIs to work with local services and local regulations, enabling data governance policy enforcement. So, a team in China, for example, can run on our services with full local control.
Borderless data solutions enable organizations to be both local and global. This is essential not only for compliance purposes but also to deliver on the expectations of customers, whether they be in Europe, Asia or the Americas. A global analysis of data ensures that organizations are delivering the same standards to customers across all markets. In addition, borderless data solutions provide data and technology leaders with speed, agility, and the ability to access information in real-time, which you can only do if your governance policy can be enforced and you can ensure data transfer without a human in the loop.
Having a 360° view of the customer
Speed and adaptability are vital to organizations in the digital economy, which relies on the business having a 360-degree view of the customer regardless of which part of the business they engage with, and wherever they are in the world. A global data solution provides this insight, helping the business make better decisions and deliver a more competitive customer experience.
Global data solutions also benefit organizations internally, increasing collaboration between data, technology and cybersecurity teams, and ultimately making the CISOs popular. Today, the CISO role is transitioning from a "department that says no" to an individual who is now closely aligned to business outcomes. As a result, CISOs are looking for systems that protect the business and its data but also enable access and support the desired business outcomes.
Data sovereignty need not be a barrier to global data analytics and operating across borders. When good governance is automated, it will respect local laws and deliver international business growth and innovation, both now and in the future.
Image credit: stori/depositphotos.com
Alasdair Anderson is VP EMEA, Protegrity.