South Africa’s data is South Africa’s – unless for some reason it’s not
The adoption of ‘cloud first’ as a public sector policy could see a variety of organisations improve their way of working in a more effective and efficient way.
However, we know it’s not all plain sailing, of course.
As the sector unpacks the policy, data challenges become increasingly complex, contributing to the evolution of public sector cloud strategies.
Data is growing exponentially and we’re seeing an emerging trend in hoarding it.
It begs the question, how much data needs storing, where should you store it, how can it be accessed and analysed in a way that derives the most value.
There’s another vital discussion. This one relates to where an organisation’s data is physically stored and how it retains control and access rights to that data – whether it be with one provider by contractual choice, or in a geolocation known – or perhaps unknown.
‘Data and digital sovereignty’ is the term most commonly used, and it needs some defining.
What is ‘digital and data’ sovereignty?
Put simply, it’s the ability for organisations to set their own digital destiny by having unimpeded and unhindered access and control over their data.
‘Impeded’ could – however unlikely – mean a provider making policy decisions to ramp up costs prohibitively, or simply restrict access through dispute.
‘Hindered’ – equally unlikely – could be a nation state refusing access to data stored within its borders. Global events could also play a part.
As theoretical as these scenarios may be, there are no guarantees.
South Africa is no exception when it comes to the complexity of the data challenge.
In 2023, we’re seeing a cloud adoption boom in South Africa, with the data centre market projected to reach US$1.10bn at the end of the year.
Some of the biggest hyperscalers are already planting their data centres, or creating cloud regions in the area.
South Africa houses more than 50 data centres, with foreign-owned or foreign-invested companies marking their piece of the cloud market.
It proves a risk in terms of digital sovereignty, meaning foreign-owned data centres could be crossing borders and storing South African data, with back ups, in other foreign locations all over the world.
How does this effect South Africa’s public sector?
With the advent of the South African government’s recently introduced ‘Public Services Cloud Computing Determination and Directive Awareness’ notice (2022) – effectively a cloud-first policy – the country’s public sector organisations are on a journey to address a number of IT challenges, including the lack of clear strategies for data and hybrid cloud, skills shortages, the growing costs of public cloud, overcoming citizen mistrust, and importantly where data is best stored.
The directive states that public sector Heads of Department must ensure that cloud environments are ‘explored’ as the first option, before any investment in on-premise investment is made.
But in an apparent confusion, the directive also states that Heads of Department must ensure that, where practically possible, data always resides within the borders of South Africa.
Emirates & Africa Technology and Business Development Lead at HPE, Michael Langveld, gives his experience on supporting South Africa’s cloud first policy, lamenting on the value of data.
“When we were drafting or thinking through and contributing to our country’s cloud first policy the whole idea of digital transformation was happening, the whole idea around the fourth industrial revolution happening and this idea that data will be the new gold.”
The intent to keep data within South Africa’s border is arguably smart and conscious.
It acknowledges the fear of the possibility of nation states imposing limitations or embargoes on other nations and their commercial communities from accessing their stored data.
And what can recent global events tell us about other threats?
It’s fanciful perhaps, but do the recent Nord Stream II unexplained blasts teach us anything about the vulnerability of telecommunications cabling for example?
Could international events or conflicts in Southern Africa escalate and/or spill out in a contagious way to affect the flows of data between nations?
Could a country housing hyperscale data centres, either through policy decisions or internal strife, look to monetise or weaponise other nations most valuable and sensitive data?
Would it be possible for national law enforcement agencies to access and analyse data held within centres located in their jurisdiction? And what would happen if the next pandemic forged an even more destructive path than Covid-19 undoubtedly did?
When questioning how connected we already are, especially in a physical and technical sense, it becomes quite a complex affair.
South Africa holds eight international subsea cables, leading the region to be one of the most well connected in the African continent and, simultaneously, becoming a vital resource with the need to be protected – mostly if there is a threat to national security and a potential risk of data lost under a scenario, like a cyber attack.
Could exploring cloud adoption options be the key to answering the ‘digital and data’ sovereignty conundrum?
The key here is ‘options’, there is no one size fits all solution when it comes to the public cloud. A conscious hybrid cloud approach to the cloud helps to eliminate concerns around data sovereignty.
Critical and sensitive workloads and data can remain on premise, providing organisations with peace of mind and control.
A hybrid approach encourages organisations to make reasoned and informed decisions about what data is of critical importance, what should be kept or deleted and what ultimately will provide value for better citizen outcomes.
This could include data related to Intellectual Property for example, critical to business-as-usual operational data, sensitive citizen details, financial data, any data sitting within the realms of legal, regulatory, compliance and governance.
Whilst there’s no reason to doubt the security and sanctity of public cloud – there are no hard and fast guarantees about future lock-ins, enforced price increases, or any unwelcome access to data.
We believe conscious cloud and data decision-making is required to succeed in the path to data modernisation and transformation.
Loading ...