Traditionally, the cloud’s promise has been to go beyond infrastructural and geographical constraints, enabling seamless data storage and processing anywhere in the world to deliver the best experience at an optimal cost to end users. However, as a CxO, whether you are a CEO, CTO, CFO, or CDO, you now may need to revisit your cloud strategy in response to emerging geopolitical demands if your market is global. The “end of globalization” as stated by different analysts following Covid-19 and the resurgence of stronger geopolitical divides is bringing impacts on how global companies may design their information systems.
Recent geopolitical trends have led to an increased emphasis on data localization. Many countries are now mandating that some data generated within their borders be stored domestically (data residency). Depending on the case, data may need to be processed in country also or not, and may be allowed to be transferred out of the country or not. Most of the time, the data are related to personal data and confidential data, which definition will vary from an industry to the other (financial, health…). But the scope of data impacted can also be sometimes broader, labeled as “sensitive data” bringing companies in a grey zone from a compliance perspective. This shift poses a significant challenge to the foundational principle of cloud computing – the ability to store and manage data without geographical limitations.
In light of these developments, the design of digital architecture must evolve. Beyond considerations of cost, performance, and scalability, Tech leaders must now incorporate geopolitical considerations into their strategies. This includes complying with diverse international data storage regulations, which adds complexity to technological decision-making. From my point of view, Cloud strategy and high level design need to take into account the considerations below in this new era.
1. A mono-cloud approach… as much as possible: for the vast majority of companies which do not have the capacity to have large strong internal tech teams, I consider the best approach is to push towards a mono-cloud approach as much as possible so that the tech teams can develop their expertise and leverage as much as possible on the power of a unique cloud such as managed services, rather than diluting their expertise and delivering less value. This mono-cloud approach may be questioned if too many countries put in place stringent geographical rules on data that a single cloud provider may not be able to cover through its presence. This is for example the case of US cloud providers in China or for Chinese cloud providers in the US, which do not have the same structure and coverage there compared to the rest of the world due to the geopolitical context between the US and China.
2. Personal / Confidential Data and Application Design: Applications handling personal and confidential data require a fresh approach in design. They should become adaptable to operate for example with customer databases across different geographies, such as utilizing various availability zones in cloud services like AWS or the equivalent on other clouds. This geographical flexibility is crucial to ensure compliance and operational efficiency.
3. Implementing Geopolitically-Aware Data APIs: A possible solution could be the development of data API layers that are geopolitically aware. These APIs would intelligently route data to the appropriate geographical database, integrating geopolitical compliance directly into the data management process.
4. The Evolution of Datalakes: The concept of datalakes will also undergo transformation. The future might see datalakes distributed across multiple geographies, adhering to local data storage regulations. The free flow of even anonymized personal or confidential data across borders may become restricted, impacting data aggregation strategies.
5. Impact on Machine Learning and Advanced Analytics: A major question revolves around the potential limitation on data availability for machine learning and analytics, particularly for large language models (LLMs). With data becoming increasingly geo-restricted, the datasets for training and analysis might become smaller and geographically siloed, posing challenges to the development of globally competent AI models for companies.
Balancing the innovative capabilities of cloud technology with rising and volatile geopolitical compliance demands is a new exercise not easy to grasp. While tech leaders and tech teams should work on designing and building adaptive geographical solutions, we may also hopefully expect cloud providers to add this geopolitical dimension into their service offering, guiding cloud customers through “Well Compliant Framework” such as they offer today guidance on cost optimization or architecture design.
Leave a Reply