As Winston Churchill said, “Those who fail to learn from history are condemned to repeat it.” The pandemic shone a spotlight on our capacity, or lack thereof, to produce vaccines within our borders and maintain undisrupted supply chains for critical items. Light shone through the cracks, highlighting our vulnerabilities, like an over-reliance on trading partners and the out-sourcing of critical manufacturing. But we are now acting to repair those fractures, filling the gaps to become a stronger, more self-reliant nation.
In the spring, the Government of Canada announced investments of more than $1.8 billion in biomanufacturing, vaccine, and therapeutics ecosystem projects. The investment was seen as necessary to strengthen domestic pandemic response capabilities and life science innovation, and to ensure that Canada has the talent, research, and development pipeline to care for its citizens.
At the same time, in response to the global microchip shortage, the Government of Canada announced an investment of some $240 million to help the country expand its presence in photonics and the manufacturing of semiconductors.
“Our government wants Canada to be a strategic global leader in the semiconductor industry,” said Francois-Phillippe Champagne, Canada’s Minster of Innovation, Science, and Industry. “That’s why we’re investing $240 million today to strengthen our semiconductor ecosystem, which will allow us to build a more innovative and resilient economy. By investing in Canada’s semiconductor industry, we are making a firm commitment to businesses looking to invest in Canada.”
Historically, we don’t let foreign interests own or control Canadian hydroelectric systems, air carriers, or other critical infrastructure. Why? Because we can’t risk having a foreign power control the structures we need to function as a country, leaving Canadian citizens vulnerable.
In our technology-driven world, data is part of our critical infrastructure and whoever governs the cloud where it’s stored ultimately controls the data. We need to ensure the inviolability of our data supply chain—especially when it comes to sensitive Canadian government and citizen data. We can’t let foreign interests control our data; it would leave us all too vulnerable. Canadian data requires a Canadian-controlled sovereign cloud.
A Homegrown Sovereign Strategy
Sovereign clouds are purpose-built for protection. As VMware explains, “Sovereign clouds are architected and built to deliver security and data access that meets strict requirements of regulated industries and local jurisdiction laws on data privacy, access and control.”
A recent study found that 98 percent of organizations already have sovereign cloud policies in place or plans to implement them. I take great relief in knowing that organizations worldwide are taking data sovereignty seriously.
However, what is of great concern to me are hyper-scale cloud solution providers (CSPs) that offer “sovereign cloud solutions” but can’t guarantee the sanctity of the data supply chain. Too often, data centre geographic locations are seen as synonymous with data sovereignty. Let’s be clear: A data centre being in the same country as the company whose data they are storing doesn’t mean that the data supply chain is sovereign. Where the CSP is headquartered and the jurisdiction under which it falls are critical considerations—and become especially important during times of political upheaval.
As the Government of Canada reports: “As long as a CSP that operates in Canada is subject to the laws of a foreign country, Canada will not have full sovereignty over its data.”
Lack of full data sovereignty can seriously impact the Government of Canada (GC), Canadian citizens and third parties. Even when stored in a hyper-scale cloud provider’s data centre located on Canadian soil and marketed as a “sovereign cloud,” sensitive government data is subject to foreign laws and could be disclosed to a foreign government without notice.
“Regardless of where the cloud resources are physically located, when data is stored in a cloud environment, the stored data may be subject to the laws of other countries. As previously mentioned, CSPs are hyper-scale providers that have global deployment. A CSP with foreign operations could be required to comply with a warrant, court order or subpoena request from a foreign law enforcement agency seeking to obtain GC data.”
Government administrations change. What may not seem like a significant concern under one leadership, suddenly becomes dangerous a few years later when a new leader steps into power. By then, it could be too late. A rise in nationalistic populism in governments around the world mean a swing toward “country first” attitudes. As economic factors shift and trade tensions rise, even the seemingly friendliest leadership may seek out ways to gain an upper hand for the advancement of their country or agenda.
For sensitive data, a false sense of sovereignty presents a very dangerous and slippery slope one that no one wants to slide down. That slope can become an avalanche under the weight of shifting politics.
ThinkOn understands the critical nature of data supply chain protection for Canada’s future and is investing in research, development, and the education of skilled talent required to ensure our nation’s sensitive data stays safe.
Making the Necessary Investment for Domestic Data
To achieve true data sovereignty, 49 percent of IT decision-makers are using hybrid cloud or regional cloud service providers as an alternative to the public cloud. Every country needs its own sovereign cloud provider—ThinkOn is proud to be Canada’s. ThinkOn is the Canadian VMware Sovereign Cloud partner and an innovator in Canadian cloud and data security standards.
We are a Canadian-owned and operated company; therefore, we have a vested interest in protecting Canadian data. ThinkOn is the only Canadian supplier with the contractual capability to sell cloud-based data management services to support both Federal Government Sensitive (PBMM) workloads as well as workloads from all other levels of public sector entities in Canada.
To tackle growing data security concerns, advance research and development (R&D), and contribute to Canada’s tech talent pipeline, ThinkOn recently opened a highly secure, state-of-the-art Global Security Event Operations Centre (SOC) run by an elite research and response team in partnership with Canadore College in North Bay, Ontario.
Our association with Canadore is an investment in “growing our own talent,” allowing ThinkOn to offer practicum opportunities to some of the most skilled Canadian cybersecurity students—opportunities that will directly contribute to the future of the Canadian technology industry.
ThinkOn has also created a Digital Evidence Management (DEM) archive and established a new Digital Public Safety (DPS) R&D team for video storage and analytics—one of the fastest growing data markets. The DEM archive will provide secure hosting of vendor-neutral digital evidence content management and long-term digital evidence storage for public safety organizations across Canada.
We refuse wait for another global crisis to highlight our vulnerabilities. We’re building a self-reliant and secure Canadian sovereign cloud now, to ensure a secure and innovative future for Canada.