Data residency requirements will impede Government progress on cloud, says expert
The Government of Canada should shift its cloud policy away from data sovereignty to focus more on security, says Mario Meroni, area vice-president for Oracle Canada.
Meroni was speaking at a recent ITAC conference as part of a panel discussion on how the government can leverage the cloud to deliver public services. However, not all of the participants agreed with him.
The Government of Canada’s Strategic IT Plan 2017-2021 states that “to ensure Canada’s sovereign control over its data”, all data under government control and classified as sensitive must be stored in an approved facility located within the geographic boundaries of Canada.
Meroni says this requirement will prevent the government from moving forward and achieving the full benefits of cloud adoption.
Data knows no borders
All of the panel members talked about the advantages of moving government applications to the cloud. The costs savings are dramatic,” says John Cousens, vice president, public sector Canada, with Salesforce. He notes that analysts estimate savings of 38 per cent on average from a move to the cloud. As well, Cousens says that using the cloud improves agility and innovation and lessens the impact on the environment.
Cloud provides unprecedented ability to take meaningful steps toward genuine business transformation, says Meroni.
However, he says data residency requirements do not protect the data and may hold back Government progress. “It’s a false premise that if you keep it in country, it’s protected,” says Meroni. “Data is already out there. This stuff knows no borders.” Instead, the game changer is security, says Meroni. Security, encryption, and staff training are the keys to securing information. “This has to be the focus more than sovereignty,” he says.
A participant in a separate panel on artificial intelligence says he also worries about the impact of contractual conditions on the government’s digital transformation. “We need to get our heads around things like data residency,” says Dave McCann, Canadian cognitive consulting leader with IBM Global Business Services.
Another panelist appeared to support data residency requirements. “Sovereignty matters to ensure you control what happens in the data cloud,” says Bob Osborn, chief technology officer – federal with Service Now. “You need to ensure your data stays your data.” Osborn also stressed the importance of service availability. “Organizations have to provide always-on cloud. Availability really matters for mission-critical applications.”
Faster procurement is needed
Advancements in cloud technology are moving quickly, with providers issuing at least two new releases per year. That means the government needs to find ways to move faster to enable cloud applications, say two of the panelists.
“You can’t have a two-year decision-making process because you’re already behind,” says Osborn.
“Cloud is definitely a way to accomplish objectives inside an electoral term,” says Meroni. But, he says, by the time a request for proposal is completed, “the whole world has changed.” He recommends that the government think about experimenting with cloud applications. “The idea is to have seven or eight projects going and have two or three go really right.”