Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

DORA and its impact on data sovereignty

According to the European Commission, no less, ‘data is immensely valuable to all organisations, a significant resource for the digital economy and the ‘cornerstone of our EU industrial competitiveness’.

Hardly surprising when you consider the data economy is projected to deliver more than €829b and nearly 11m jobs to the region by 2025. Capitalising on and nurturing numbers of that scale are precisely what is behind evolving EU strategies and regulations coming into play. The latest of which is the Digital Operational Resilience Act (DORA) while updates to the Cybersecurity Act and the Data Act are likely to follow soon (relatively) afterwards. The key difference with DORA is that it extends its scope to encompass your financial business as well as all supply chain businesses and services integrated with your company. DORA aligns with the EU Cybersecurity framework (EUCS) and could become mandatory for sectors classified as highly critical under the EU Networks and Information Systems Directive (NIS2) from 2024 onwards.

Regional ‘protectionism’

To give some context to the extent to which Europe is looking to take back control of its own data, there has been investment by the EU in research and innovation with regulations, policies and standards to the tune of €1.8 trillion. DORA is particularly crucial legislation because it addresses the notion of ownership and control head-on, initially for financial organisations, but expanding to a broader scope. Fundamental to its being is that businesses must ensure alignment with the latest regulations as local auditors will be introduced to ensure compliance, which subsequent legislations will reinforce – the Cybersecurity Act (EUCS) will eventually protect EU data, out of reach of a foreign jurisdiction, for instance.

These, and other global data privacy regulations, such as EUCS, the AI Act and the Data Act are creating an environment of regional ‘protectionism’ and concerns regarding data ownership and privacy. According to this paper, globally 145 countries have data privacy laws, up from 132 in 2018. These laws vary by country and region, requiring local experts and multiple clouds meaning businesses are feeling the pinch in resourcing and skills.

Recent research we conducted with IDC, more than 70% of businesses believe financial and environmental regulations will become more of a threat, while source suggests 88% of boards regard cybersecurity as a business risk. Moreover, companies are grappling with macro issues such as global economic pressures, like inflation and ongoing geopolitical uncertainties. All of this is compounded with the UN triple crisis of climate change, pollution, and biodiversity changes.

The upshot being that digital operational resilience and a business’s ability to control and manage its sovereign data under any circumstances has been catapulted to the top of the boardroom agenda.

Driving the need for data sovereignty

Yet the challenges of managing and storing sensitive and critical data are growing. The volume of highly sensitive data now hosted in the cloud is on an upward trajectory. 64% percent of EMEA organisations have actually increased their volume of sensitive data, and 63% have already stored confidential and secret data in the public cloud, according to the IDC report previously cited. At the same time, 95% of businesses cite the need to manage unstructured data as a problem for their business and 42% of business leaders are very or extremely concerned about critical data managed by U.S. cloud providers – Statista found that 66% of the European cloud market is controlled by US-based providers, who are subject to external jurisdictional controls like the US Cloud Act.

Managing this exposure of highly sensitive classified data is driving the need for data sovereignty – where this intelligence is bound by the privacy laws and governance structures within a nation, industry sector or organisation. Maintaining stability within a sovereign scope requires businesses to utilise a cloud endpoint that offers the same sovereign protections as the original location, yet many multinational cloud companies cannot guarantee this.

A ‘cloud smart’ strategy

This is why businesses need to adopt a Cloud Smart strategy. One that ensures flexibility, allowing business-critical systems to be seamlessly moved from one cloud provider to another to ensure continuity. The recent political agreement of the Data Act (as of the 27th June 2023), seeks to remove legal, financial (egrees fees) and technical barriers to enable easier cloud switching between cloud service providers. Taking this approach means comprehensively addressing all aspects of a business, including sovereign supply chain (in the case of DORA) and will require audits to check all components meet the same standards of operational resilience. It is unsuitable to have a strategy that involves copying data out of a sovereign zone or that could lead to extended outages due to the absence of a secondary site or instance. The EUCS recent updates to the draft proposal now include a High+ category whereby no entity outside the EU would have effective control on cloud data.

Additionally, relying on a single cloud vendor is not recommended for achieving true resilience. Instead, a resilient service should leverage multi-cloud and hybrid solutions to efficiently shift workloads and data as needed to avoid downtime and outages.

Foundations of a future Europe

Ultimately, the reason why sovereignty is so important, is that it enables organisations to be innovative with their data and deliver new digital services. The upcoming legislations may be cloaked with the objective of protection but, long-term they are being brought in to meet and exceed the numbers projected around data by the European Commission – you don’t invest €1.8 trillion if you don’t expect it to pay back big.

These legislations are the building blocks for the foundations of a future Sovereign Europe. One where we’re not only in charge of own own data, but our own destiny as a result.

Cloud Computing, Data and Information Security
Read More from This Article: DORA and its impact on data sovereignty
Source: News

Category: NewsSeptember 13, 2023
Tags: art

Post navigation

PreviousPrevious post:CIO Brett Lansing’s five-point approach to building followershipNextNext post:Why your CEO needs to watch a coding video

Related posts

휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
May 9, 2025
Epicor expands AI offerings, launches new green initiative
May 9, 2025
MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
May 9, 2025
오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
May 9, 2025
SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Recent Posts
  • 휴먼컨설팅그룹, HR 솔루션 ‘휴넬’ 업그레이드 발표
  • Epicor expands AI offerings, launches new green initiative
  • MS도 합류··· 구글의 A2A 프로토콜, AI 에이전트 분야의 공용어 될까?
  • 오픈AI, 아시아 4국에 데이터 레지던시 도입··· 한국 기업 데이터는 한국 서버에 저장
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.