Exposure of Data in the Cloud Induces Greater Risk of Data Corruption and Data Theft

Public cloud has become an indispensable tool for enterprises to scale efficiently and store data. Because of globalization, however, enterprise data can be stored in datacenters situated in other geographic regions. This means data is not only governed by different regional laws, but it is also susceptible to cybersecurity attacks depending on the vulnerability of the datacenter.

In 2016, the European Union adopted the General Data Protection Regulation (GDPR), which later became enforceable in 2018. As it is a regulation and not a directive, the GDPR is malleable with each member state of the union having a different version of the directive. The GDPR was an important steppingstone that guaranteed data privacy to EU citizens; since its enforcement, regional governments across the EU have collected fines of over €1 Billion. It has also served as a framework to nations outside the EU to guarantee data privacy and security. The sovereign cloud builds on GDPR by enhancing the sovereignty of data originating from inside the region.

On July 16, 2020, the Court of Justice of the European Union (ECJ), in its Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”), invalidated the EU-U.S. Privacy Shield with immediate effect. In March 2022, both regions agreed with the court’s decision about new principles for "Privacy Shield 2" with the adoption of proportionate surveillance activities and an independent adjustment mechanism. However, many organizations based in Europe and the U.S. lacked a legal basis for their transfers of personal data.

The ISG white paper Exposure of Data in the Cloud Induces Greater Risk of Data Corruption and Data Theft explores the idea of a sovereign cloud and what enterprises, public institutions and service providers can do to protect themselves and their data in the cloud-first era.

Download this white paper.

About the authors

Antoine Viale

Antoine’s background includes more than twenty-five years of progressively responsible positions in Business and High-Technology services companies. He is a talented and accomplished senior management professional, highly skilled in complex IT Strategy engagements and large transformational deals. He has established and directed highly successfully, multi-million dollar Information Technology programs for large fortune 500 companies (Alstom, AXA, AXA Technology Services, BNPP Corporate Investment Banking, Bridgestone, Carrefour, Crédit Agricole, DassaultAviation, EDF, Givaudan, HSBC, Alcatel-Lucent and Nokia, Renault-Nissan, Sanofi, TEVA Pharmaceuticals, Total…). He has negotiated more than $4 billion in proposals and contracts. read moreread less

Michael Maicher

Michael advises his clients on the development and implementation of business-oriented IT strategies, comprehensive IT sourcing strategies as well as ramp-up and operation of transformation programs. He supports medium-sized and large companies in organizing and carrying out tendering and negotiation processes for IT services (ADM and IT infrastructure). In addition, Michael advises CIOs and IT managers on the strategic realignment and redesign of IT organizations (role of IT, target operating model, structural organization, IT governance and IT processes and roles). In addition, he has concrete experience in change management as well as in coaching IT executives. Michael has developed 360-degree assessments for selected IT management functions and successfully applied them in customer projects, e.g., project and application portfolio, enterprise architecture management as well as sourcing and change readiness assessments. read moreread less

Rohan Thomas

Rohan Thomas has nearly a decade’s worth of knowledge expertise in the realms of ICT, which include telecommunications, data centers, and networks and application performance management. At ISG, Rohan is the lead analyst for ISG Provider Lens™, leading research activities and benchmarking exercises pertaining to the regional adoption of digital infrastructure such as private/hybrid cloud. He has a Bachelor’s degree in Mechanical Engineering from Visveswaraya Technological University and a Master’s degree in Computer Aided Design and Manufacturing from Vellore Institute of Technology.
read moreread less