Data sovereignty: a prerequisite for startups?

Nowadays, the dominance of digital giants like Google, Amazon, or Microsoft heavily impacts businesses’ ability to protect their data from the outside world.

“Europe is waking up after 30 years of sleep and gullibility where sovereignty is concerned” Hugues Foulon, Executive Director of Strategy and Cybersecurity - Orange explains at the seventh Start-up & Innovation Summit (March 2022).

Have you ever wondered what it means strategy-wise to host your end users’ data in Europe or in the United States? Have you ever considered that choosing a specific location over another can jeopardize your whole business? Well, it can. Data sovereignty is a burning topic for all leaders, CTOs, and company stakeholders, from startups to multinational corporations.

What is data sovereignty?

Data sovereignty means having power over the digital data that transits or is stored within a country. At the moment, there are no international laws regulating private data protection –each country makes their own rules. And, following the massive adoption of cloud technologies by companies, concern from end users has grown, as they worry about the confidentiality and accessibility of their data.

Companies used to select their cloud providers based on the commercial and technical advantages they offered rather than their ethical values. However, this is starting to evolve as end users become increasingly demanding.

A study conducted by KPMG in April 2021 revealed that, in three years, 49% of people questioned would prefer to use a European cloud provider for legal or commercial reasons.

Sovereignty – a new priority for your clients

A growing mistrust towards American superpowers

In Europe, GDPR was a partial answer to the concerns of end users. However, American regulation states that data hosted on (or transiting through) the American territory is subject to the PATRIOT Act and the CLOUD Act. Both laws give the American government the right to access personal data under certain circumstances, even if the company in question is located outside of the US.

Data storage is now a matter of sovereignty, and the application of American and Asian extraterritorial laws are a major strategic concern.

Sovereignty – a new requirement, and a challenge for startups

More and more startups, such as Familink and LockSelf, have decided to migrate to European cloud providers in order to meet their end users’ requirements.

Familink develops and offers smart photo frames, connected via Wifi/4G, targeting non tech-savvy older users. As of early 2022, Familink manages 40,000 photo frames and 200,000 users all over the world, and 10 million pictures and messages have been sent since the launch. All these photos transit through the cloud.

Familink had been hosting its data with AWS since 2015. But depending on an American cloud provider turned out to be an issue for some French users, and even more so for German customers. This brought them to migrate towards Scaleway, a European cloud provider.

Founded in 2014, LockSelf is a French software editor and cybersecurity expert. What sets LockSelf apart from its competitors is its flexibility regarding hosting, from an on-premise approach, to a sovereign cloud offer with Outscale, to the public cloud with AWS.

However, due to the increasing demand for sovereignty from VSBs and SMBs, LockSelf decided to migrate its infrastructure from its previous hosting provider (AWS) to a second French provider – Scaleway.

Testimonials such as these are becoming more and more common.

Sovereignty on several continents thanks to the multi cloud

Tackling the problem of the single cloud

The trap of free cloud credits is no longer a secret. In 2019, Bertrand Masson (Co-founder and Chief Strategy Officer at Moskitos) wrote an article about the dangers of depending on a single cloud provider: “Driven by increasingly critical and time-sensitive business challenges, many companies have blindly entangled themselves in the nets of a single public cloud provider. Now, they are backtracking as they realize that the best defense against some of the GAFAM’s hegemonic practices is to adopt a multi-cloud approach.”

The multi-cloud trend has developed these past few years, as 76% of all companies have already migrated towards a multi-cloud strategy. Why is this the case? At the end of the day, we use the same logic for business strategy as we do for our everyday decisions: don’t put all your eggs in one basket. This is also true for your architecture.

The multi cloud – a solution with many benefits

A single cloud provider cannot meet all your needs in terms of products and services, developer experience and, of course, data sovereignty and security. The objective is to combine the advantages of each cloud provider according to your needs.

This is why adopting a multi-cloud strategy makes it possible to rely on French as well as American providers, thereby allowing you to guarantee data privacy and security to your end users, no matter their geographical location.

Among many other advantages, you will also be able to build redundant architectures, enjoy the freedom to choose the right products and services, limit infrastructure-related costs, and reduce your dependency on a single provider.

The road towards a multi-cloud strategy is not that long. Your teams are already following a multi-cloud approach, though they aren’t necessarily aware of it. By using tools such as Gitlab, Terraform, Ansible, Docker or Kubernetes, your developers build, deploy, and scale with a cloud-agnostic mindset. At the end of the day, the only thing not yet in the multi cloud is your architecture!