Can data sovereignty help your business achieve both data protection and valorization?
The value of data is growing because of the huge advantages that businesses can obtain from its usage and processing. Analyzing data means understanding the past for optimizing the future and the more data is available the better the results are. At the same time, data often represents very sensitive information about people, habits, industries or business practices for example and needs to be protected.
Lots of reports are obtained thanks to the use of personal data without the possibility for users to even access them. People produce data they don’t even own. And this is a well known situation. In fact, many regulations are growing up lately with the goal of protecting citizens and customers from unfair data collection, such as the European GDPR. These laws aim to protect and grant control over personal data, which would otherwise be a privilege for just IT service providers. This is as difficult as important, especially when addressing global wide companies that transfer data across borders. The lack of sovereignty both for the users over their data and for the jurisdictions over the regulations data is subject to because of the rapidly increasing cross-country transfers represents a big challenge to address.
What about business data?
Businesses have worked hard in data protection since always, but most of the time this leads to halting every possibility of real data usage and valorization. Would you ever share your industry knowledge with some partner, not knowing where it will go and for what purpose it will be used? While for IoT individual users it seems impossible to prevent data collection, companies just feel safe (they probably are!) denying any valuable usage of their data.
Businesses and services are made of companies and partnerships, and value chains are the key of the industrial production and service providing processes. There are plenty of performance improvements that would require some analysis on different steps of the chain.
There’s more: the collection and sharing of data across supply chains enables the creation of new business models based on innovative services. Data is not only to be analyzed and can be very valuable also for customers, data sovereignty turns out to be a key enabler for many different data centric scenarios.
Data sovereignty strategies to increase market competitiveness
Data sovereignty is not something to achieve just for being legally compliant and protected, it’s something valuable. Which are the benefits of such a concept in terms of interesting business results? First of all, the ability to analyze knowledge that is now laying unused in some data lake because of the fear of sharing. We like to talk about coopetition, a scenario where companies are both partners and competitors. In such an environment most of the companies would not share anything, losing some important measurements and reports that could improve companies’ results. This is probably going to be the biggest impact on your activity. In addition, data sovereignty technologies can be a great opportunity for cutting down data management costs that are getting higher and higher as new laws protecting data come out.
Exploring what effective data sovereignty and data management enable:
- Coopetition. The two sides of sharing. The advantage of data access and usage for analytics and processing on one side and the necessity of protecting business secrets from competitors on the other. Many times the data provider is also a competitor. Thus the necessity of business laws that can regulate the coopetition: everyone should benefit, no one should risk. This of course also requires appropriate IT tools.
- Automatic out-of-the-box law compliance. Compliance brings high setup and maintenance costs due to the huge amount of work that is necessary. Platforms and services enabling automatic compliance would lighten these difficulties. Law compliance gets even harder because of their changes. Adopting a certified solution would guarantee an out-of-the-box always updated compliance.
Technological certifications. Companies need to prove their compliance when requested. They need to be able to demonstrate proper documentation about data managing technologies with no worries about what’s going on behind the scenes. Softwares providing law compliance need to provide all necessary documentation.
How to achieve data sovereignty between organizations?
In this coopetiting data sharing scenario staying out of the new technologies and networks means losing important business opportunities, then how to get in? The key is control, or better to say: usage control. Being able to enforce business agreements over shared data is the only way for becoming sovereign. Usage control enables data sovereignty because it provides a continuous enforcement of data usage policies to data owners.
What can these usage controls offer in terms of functionalities? The main difference with access controls is that they are able to monitor the usage of shared data also after the first access. This means that a permission can be revoked at any time, no matter what, and any usage gets instantly interrupted. The system keeps its eyes on it in real time.
Imagine you just bought a new supercar and you want to show it to your friends. We all agree you’d never let them drive alone. Instead, you would jump in with them to be sure nothing goes wrong. Of course it can still go wrong even with you on board, but at least you know it and you can intervene as much as possible.
Another interesting idea is the one of preprocessing data before sharing: depending on who wants to access I would like to decide how much can be seen and used. This becomes particularly important considering that a delivered information can always be extracted out of the context, with or without usage control. Even if I’m able to interrupt the use of my own data someone could still have extracted knowledge from them and stored screenshots, reports and similar before being kicked out. For example, streaming platforms of course protect digital rights, but nothing stops you from recording the screen with your smartphone. If I were able to anonymize my data, such a breach would be much less impactful. This means that sometimes it’s better to omit some details in shared data, even after hard work in data security. Guarda platform, for example, introduces data sharing based on analytics, so that end users can only access analysis results. Furthermore, since analytics are 3rd party developed, data adapters can be set to run before sharing, so that the execution itself is secured.
Unlocking the power of data sovereignty
In summary, data sovereignty has emerged as a critical issue in today’s digital landscape, as organizations seek to maintain control over their data resources while exploiting the benefits of sharing and analyzing their information. The complex legal and technological challenges associated with data sovereignty require a multifaceted approach that includes cooperation between competitors, compliance with regulatory frameworks and the adoption of secure data management technologies. Since data sovereignty is a key criterion for success in today’s business environment, organizations must strive to demonstrate their commitment to responsible data practices and start leveraging data as a strategic asset to drive innovation and growth. New technologies of usage control and secure data sharing can help organizations overcome this challenge and revolutionize the market.
These are just some aspects around data sovereignty. Do you want to learn more?
Contact guarda@security-forge.com or visit our product description at security-forge.com/guarda.
I’m a Computer Engineering student at Università di Pisa. Since early 2022 I work as a software developer in Security Forge, learning a lot and doing my best to provide a meaningful contribution to the project. I am very passionate about computer science, always trying to develop new skills in fields that are still unexplored for me.