How cloud providers are fighting the data sovereignty fight for European customers


For many US-centric cloud providers, Europe is quickly becoming a fierce battleground for their business. Earlier this week, Oracle announced plans to recruit up to 1400 cloudy salespeople across EMEA, while data centres are popping up all over the continent, from Microsoft’s commitment to the UK by the end of 2016 to IBM SoftLayer opening a data centre in Italy last year.

With two UK data centres, in London and Manchester respectively, infrastructure as a service (IaaS) provider iland is acutely aware of the issues European customers want to get solved in terms of latency and, more importantly, data sovereignty. Monica Brink, who has recently taken up the post of EMEA marketing director at the Houston-based firm, tells CloudTech of the issues underlying the data sovereignty scares.

“It’s obviously very important for European customers, that whole data sovereignty issue, and that’s where we noticed a real difference between our European and North American customer database,” she explains. “With all of the hacking attacks we’ve seen, and natural disasters over the last year, there is a very keen focus on advanced security, things like vulnerability scanning, encryption, intrusion detection, and the cloud provider being able to prove they are meeting all of those regulations for the customer.”

The problem is, however, that the customer is sometimes hard to please. Research conducted by iland back in June found that, in two in five cases, customers argued their cloud provider “doesn’t know [them] or [their] company.” Brink argues that many of the larger scale IaaS public cloud vendors are ‘high on functionality but low on support, transparency and visibility’, but with data sovereignty and compliance, the issue is far more complex.

“It’s making sure they’re protecting their own customers’ data, they’re following all those rules on opting in and opting out, they know exactly where their customers’ data is at any point in time, and that they have assurance from their cloud providers that it’s not across different data centre borders,” says Brink.

As a result, iland has invested significantly in a compliance professional services arm, headed by director of compliance Frank Krieger. Writing for this publication in January on changes to the Safe Harbour ruling, Krieger noted: “Data sovereignty is ever-changing and new rules are being implemented constantly. This is a disruptor but not a destroyer for business. If you make sure your business is staying on top of the regulations, you’ll not get caught out when new laws come into play in the near future.”

Brink argues the two key issues for companies are data privacy and data security, and in particular putting the intrusion detection and vulnerability scanning within the cloud infrastructure. “It is complex for customers to navigate this post-Safe Harbour world – they need help,” she says. Overall, it represents another potential pain point for customers – and as ever, due diligence is its own reward.