One of the great powers of the internet has long been its ability to transcend national boundaries. The free flow of information between countries and increasingly speedy networks allow consumers and companies to access technology and services that physically reside thousands of miles away.
Many in the political class looked to the internet as a tool that would make national boundaries “disappear.” At the same time, companies large and small saw global networks as providing immediate access to new markets and talent. In fact, the rise of companies like BairesDev would have been difficult, if not impossible, without the ability for companies to connect quickly over the global internet.
The Balkanization of the Internet?
Of course, some countries built digital “walls” to separate their citizens from the internet to varying degrees. Countries like North Korea broadly restricted internet access, while others created elaborate firewalls and gateways. However, as the internet matured, the trend seemed toward more interconnectivity rather than less.
That trend appears to be changing. Most prominent service providers like Amazon, Google, and Microsoft are US-based companies with a significant amount of their technology assets in the United States. This has begun to raise concerns in many countries, initially stemming from worries about citizens’ data that reside in other countries.
For example, if someone lives in the UK, but their data for a cloud-based application are stored in the US, which country’s laws apply to that data? If the UK mandates certain protections around personal information, is another country obliged to follow those laws?
Concerns have also grown as large tech companies enter new markets. For example, with billions of potential consumers, China holds obvious interest for outside companies. Still, these companies may be required to comply with laws allowing access to technology or limiting certain content.
The recent conflict in Ukraine has further exacerbated these difficult questions. Russia was quickly cut off from Western networks and digital tools, prompting concern from other nations. If your data and critical applications reside in another country, could these services be “unplugged” in the case of a conflict or strained relationship?
The response to these concerns has come in the form of what are generally called data sovereignty laws, regulations that mandate how data must be stored and, in some cases, that it must be held in-country and subject to the jurisdiction and oversight of that country.
These laws are generally easy to comply with if you want to serve customers in large European or Asian countries. But what happens when you’re looking to build a cloud-based application in the Middle East, Africa, or another region where you may be restricted in which providers or platforms you can use?
The Legal and Geopolitical Side of Cloud Architecture
When designing your cloud architecture for a new or updated application, it’s now essential to consider the legal and geopolitical aspects of the design in addition to the technical ones. This can be a challenging activity for tech leaders more accustomed to concerns about bandwidth than borders, especially as many of these regulations are evolving quickly in response to privacy concerns and shifting diplomatic relationships.
Hybrid clouds or other architectures that combine cloud services with local infrastructure may become necessary as your company enters a new regional market or seeks to expand. Emerging and growth markets may be particularly challenging, as their laws will likely evolve more quickly. There’s also the conundrum that a local office or partner company may suggest the law is merely a “suggestion” and is not currently enforced. While that may or may not be the case, you need to carefully consider the risks of ignoring local laws that may be unenforced one day but then subject you to fines or even criminal penalties the next day, based on shifting political winds or the prerogative of a government official.
Even in familiar, “mature” geographies, regulations are complex and trending away from globalized data and computing and more toward local data storage and computing. What was acceptable six months ago may now violate local laws. If you haven’t had a conversation with your company’s legal team or external counsel about these issues, it’s time to do so if you have any current or planned international expansion.
Design for Flexibility
The most significant benefit of cloud computing is that it provides great technical flexibility. The advent of the cloud broke architecture free from specific hardware and operating systems and allowed for generalized applications that could quickly ramp their capacity up or down as demand dictated.
Geographic flexibility is still a challenge at even the large cloud providers, particularly when it comes to emerging markets. When designing new applications, focus on building flexibility into where and how they’re hosting and storing their data. If your application is designed from the ground up to support data storage in different geographies, or to be hosted on several different cloud providers as geographic demands dictate, you’ll be in far better shape than assuming your app will forever be on AWS US-East.
Similarly, build time into your planning and design to address these legal concerns. What might seem like bureaucratic red tape can have significant legal teeth, including jail time in many countries. This is one of the rare cases where bad technical design can risk life and limb and deserves appropriate attention and expertise.
Furthermore, understanding and accommodating these issues might even give your company a leg up in a competitive market. If you know how to do business in a particular region and deploy a scalable, compliant cloud app, you’ll be one more step ahead of the competition.