18 / Canadian Government Executive // SPRING 2024 Foreign owned = Foreign controlled The Government of Canada white paper on Data Sovereignty and Public Cloud states, “As long as a CSP that operates in Canada is subject to the laws of a foreign country, Canada will not have full sovereignty over its data.”2 A CSP with offshore operations could be required to provide Canada’s sensitive data to a foreign government, exposing public service clients to a framework that doesn’t guarantee security and compliance. When major US players like Amazon, Microsoft, and Google dominate 61 percent of Canada’s cloud market, users face the very real possibility that their data supply chain is subject to foreign laws because their CSP operates outside Canadian jurisdiction. By Paul West PERSPECTIVE Sponsored Content Our economic stability depends on the strength of our supply chains. As world politics and offshore trade routes become increasingly unstable, so does our supply of essential goods and services, making it a matter of national importance to foster and support homegrown solutions. Our government has invested billions to repatriate our supply chains, most recently, a $2.6 million investment under the National Trade Corridors Fund: “The digital project and study selected for investment intend to harness data and technological solutions to generate supply chain efficiencies along key Canadian trade corridors.”1 As we prioritize a national data supply chain strategy, it’s crucial that we not lose focus on the risks that data may face. Protecting our data from foreign access must be paramount. Data sovereignty and the data supply chain In a digital world, data supply chains play a crucial role in protecting sovereignty. We don’t allow foreign interests to own or control Canadian utilities, municipalities, national defense, or other critical infrastructure because we can’t risk letting a foreign power control the systems we need to function as a sovereign nation. Data is part of our critical infrastructure, and whoever governs the cloud where it’s stored controls the data. Repatriating our data supply chain is an imperative—especially when it comes to sensitive government and citizen information. Canadian data requires a Canadian-controlled sovereign cloud. Paul West, Director, Global Public Sector, ThinkOn The true meaning of compliance While the hyperscalers will tell you that they store your data locally, the truth is, their supply chain includes third-party contractors who have access to your data and can be forced by foreign governments to hand it over. And since the winds of politics can change direction at any time, you never know when your data could be at risk of foreign seizure. The Government of Canada white paper on data sovereignty and public cloud states that, “Lack of full data sovereignty has the potential to damage the GC and third parties. Sensitive GC data could be subject to foreign laws and be disclosed to another government.”3 For example, while your US-based CSP may have local offices in each country where they provide cloud services, as AN INVESTMENT IN DOMESTIC DATA: Repatriating the Data Supply Chain with a Sovereign Cloud
RkJQdWJsaXNoZXIy NDI0Mzg=