- With GDPR earning companies fines in recent years and PoPIA active in South Africa, the location of data remains a priority for cloud customers and operators.
- To that end, AWS has announced a new Data Sovereignty Pledge on the eve of its re:Invent event in Las Vegas.
- The Pledge is a nod to the future, as AWS wants to build more features and tools that give its customers full control on where data is located.
Data sovereignty appears to be a pressing concern for Amazon Web Services (AWS) as the cloud hyperscaler announced a new Pledge in this regard earlier this week. The Pledge does not have any actionable components to it yet, but serves as a goal that AWS will be focusing on in the coming years.
This as the location of data, and access thereof, has become an important element for cloud providers and customers alike.
While the Protection of Personal Information Act (PoPIA) has not shown its teeth in South Africa yet, it is currently being enforced, which means data sovereignty will need to be a consideration given the number of operators and hyperscalers that there are locally, using SA as a springboard into the rest of the African continent.
As we wait to see how PoPIA evolves in SA, abroad, GDPR is having a more profound impact, particularly when it comes to improper handling of data by big tech companies, earning massive fines in the process.
As such, the ability to fully control where data is located will prove critical for cloud providers and customers, especially as regulation and legislation around data sovereignty evolves at a rapid pace.
“AWS already offers a range of data protection features, accreditations, and contractual commitments that give customers control over where they locate their data, who can access it, and how it is used. We pledge to expand on these capabilities to allow customers around the world to meet their digital sovereignty requirements without compromising on the capabilities, performance, innovation, and scale of the AWS Cloud,” noted Matt Garman, SVP of AWS Sales, Marketing and Global Services in a security blog post.
“At the same time, we will continue to work to deeply understand the evolving needs and requirements of both customers and regulators, and rapidly adapt and innovate to meet them,” he added.
As Garman points out, AWS already has a handful of solutions in place with data sovereignty in mind, but more are on the way. Precisely when these will arrive or be announced, remains to be seen, but hopefully more information is on the cards at the company’s annual re:Invent conference, which is currently underway in Las Vegas.
“As customers’ requirements evolve, we evolve and expand the AWS Cloud. A couple of recent examples include the data residency guardrails we added to AWS Control Tower (a service for governing AWS environments) late last year, which give customers even more control over the physical location of where customer data is stored and processed,” highlighted the SVP.
“In February 2022, we announced AWS services that adhere to the Cloud Infrastructure Service Providers in Europe (CISPE) Data Protection Code of Conduct, giving customers an independent verification and an added level of assurance that our services can be used in compliance with the General Data Protection Regulation (GDPR). These capabilities and assurances are available to all AWS customers,” he continued.
With AWS, and by extension Amazon, increasing its presence in the Southern Africa region, PoPIA could soon become a more important factor for companies to consider should they wish to move more workloads and data to the cloud. As such, data sovereignty features designed to offer greater control will prove critical down the line. The only question now is, when AWS plans to bring them to the fore.
“We are committed to helping our customers meet digital sovereignty requirements. We will continue to innovate sovereignty features, controls, and assurances within the global AWS Cloud and deliver them without compromise to the full power of AWS,” Garman concluded.
