Organizations should stay informed, choose cloud providers carefully, implement risk management strategies, and maintain flexibility in their migration approach.

Rajesh Ganesan, President, ManageEngine

August 13, 2023

4 Min Read
 Laws and regulations with padlock on cloud icons on laptop computer, blue tone.
Techa Tungateja via Alamy Stock

In today's globalized and interconnected world, moving data to the cloud is critical for organizations seeking agility, scalability, and cost-efficiency in their IT operations. However, a staggering 68% of small- and medium-sized enterprises expressed intentions to scale back or halt their cloud migration initiatives due to geopolitical situations and legal/regulatory challenges.

Heightened Focus on Data Protection

The realization that an overwhelming percentage of the Western world's data resides within the United States has thrust data sovereignty and privacy laws into the spotlight, especially within the European Union (EU). Globally, over 140 countries and independently governed jurisdictions have responded by implementing legal frameworks to better control the data collected or generated within their geographic territory, with pending bills or initiatives in countries such as India, Mongolia, Nigeria, Iran, and Indonesia.

Data protection laws and the pursuit of digital independence have significant political implications, empowering countries to assert sovereignty, protect citizens' data, and reduce dependence on external entities for data storage and processing. For instance, the 2018 US CLOUD Act enables US federal law enforcement to compel US-based technology companies to provide requested data stored on their servers, regardless of its location. This can present legal challenges or incompatibilities with local jurisdictional requirements when utilizing a US-based public cloud provider for sensitive data.

The seismic shifts in geopolitics and rise of data sovereignty impacts cloud migration, highlighting the need for frameworks that facilitate successful migration while ensuring compliance with regional policies.

To navigate these challenges, organizations should take a strategic and well-informed approach, including:

  1. Keep a pulse on global actions, laws, and regulations: Stay updated on geopolitical situations, government sanctions, and evolving IT laws, while seeking specialized legal professionals and compliance experts who are familiar with data protection, privacy regulations, and international laws. This will help ensure strict adherence to applicable requirements in relevant regions and industries, enabling informed decision-making regarding cloud migration. Furthermore, industries handling sensitive or regulated data encounter additional legal and compliance hurdles. For example, the financial services, healthcare, and government sectors face stringent regulatory requirements such as the Sarbanes-Oxley Act (SOX), PCI DSS, HIPAA, FedRAMP, and ISO 27001. It is crucial to diligently address these requirements throughout the migration process to avoid adverse consequences.

  2. Find the right cloud provider: Evaluate cloud service providers (CSPs) based on their ability to comply with relevant regulations, offer data sovereignty options, and transparently communicate their infrastructure and disaster recovery capabilities. For instance, organizations should closely monitor initiatives that demonstrate a continuous commitment to enhancing services for customers, such as Microsoft's EU Data Boundary initiative. This initiative enables customers to fulfill their data sovereignty needs by storing and processing customer data within the EU and EFTA for Microsoft 365, Azure, Power Platform, and Dynamics 365 services. There are also additional technical nuances to consider, as not all availability zones and regions offer equal service levels or capacities. But, by staying informed about such initiatives and technical dissimilarities, organizations can make sound decisions regarding cloud migration.

  3. Double down on necessary risk management strategies: Develop comprehensive risk management frameworks that encompass political risks, sanctions, and legal challenges. This involves assessing potential disruptions, implementing robust security measures, and establishing foolproof disaster recovery and business continuity plans. A case that underscores the ramifications of inadequate risk management and compliance measures is the 2019 data breach at Capital One, which exposed personal and financial information of millions of customers, resulting in an $80 million fine. This incident emphasizes the importance of establishing effective risk assessment processes and internal controls in cloud operations, as mandated by SOX. In addition, managing risks effectively also requires stringent compliance measures from CSPs.

  4. Be flexible, adaptable, and agile: Anticipate changes in geo-political landscapes, regulations, and sanctions, and incorporate flexibility into cloud migration strategies. For instance, India is planning to roll out its own data protection law. Organizations cannot afford to put their plans on hold due to uncertainty and risk losing their competitive edge. Instead, they should rely on flexibility and adaptability right from the decision-making level within their organization. Regular reviews and updated plans, coupled with a culture of change and innovation, can enable organizations to navigate their cloud migration journey with agility while adapting to shifting circumstances and regulatory changes. 

Time and tide wait for none, and technology is no exception. Every day, organizations strive to emerge above the competition in a world where demand is volatile. Cloud offers a host of benefits for organizations to be agile and elastic while meeting end-user demands with exceptional services. Slowing migration in the face of geopolitical uncertainties could be the one mistake that jeopardizes the future of an organization in the cut-throat world of business.

Organizations should embrace a comprehensive strategy that encompasses crucial elements: thorough risk assessment, meticulous vendor evaluation, robust compliance frameworks, stringent data protection measures, and effective cloud management solutions. By weaving these vital components into a unified approach, they can confidently navigate the challenges of cloud migration and unlock the rewards that await.

Read more about:

Regulation

About the Author(s)

Rajesh Ganesan

President, ManageEngine, ManageEngine

Rajesh Ganesan is the President at ManageEngine, the IT management division of Zoho Corporation. Rajesh has been with Zoho Corp for over two decades, developing software products in various domains, including telecommunications, network management, and enterprise IT security.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights