By: Greg Chappell, Vice President, Global Sales & Partner Success at ThinkOn
This is the fourth and final article in our series on data sovereignty. Each article, authored by a different ThinkOn Thinker, takes a deep dive into a specific topic that underlies data sovereignty: mobility, governance and compliance, public and private sector data requirements, and value to partners and customers. If you missed the first article, “Canadian Sovereign Cloud: Data Security Begins at Home,” by ThinkOn CEO, Craig McLellan, you can find it here. The second article, by Paul West, Director, Global Public Sector, focusses on the value to government and public sector. The third article, by Chief Security Officer John Slater, examines security and compliance.
Data creates opportunity in every sector of our economy, from finance and manufacturing to transportation, education, and healthcare. In a global economy, cross-border data mobility is a crucial component of modern business collaboration, but protecting data while providing access to authorized users is an increasing challenge. We need solutions that protect data sovereignty without restricting global business transactions. Working with a sovereign cloud provider is the most secure solution.
Sovereign clouds protect the national data economy
Ownership of data means sensitive information should be subject to the sovereignty laws of the country where that data originated. To meet that challenge head-on, we need to understand the difference between data residency and data sovereignty.
When an organization collects data from citizens in the country where they do business, they have an obligation to protect that data according to local laws and regulations. As Canadians, our sensitive information is subject to strict privacy regulations under Canadian law—while that information resides in Canada. Once data is moved beyond our borders, it is no longer protected from access by foreign governments or offshore companies.
That’s where data sovereignty comes in. With a Canadian Sovereign Cloud certified by our federal government, data resides in Canada and is protected by Canadian law because it is managed right here, within our borders. Sovereign clouds fuel business growth by giving companies the confidence to operate within and across national borders—without worrying about security, compliance, or escalating costs.
Sovereign cloud to the rescue
The massive opportunities provided by the data economy have prompted countries to establish privacy regulations that encourage the facilitation of national business value without compromising data security. VMware, a global player in the cloud computing space, recognizes the need to protect data within the borders of the countries where they do business, including Canada.
This imperative is fundamental but also crucial: All foreign-owned cloud providers use third-party off-shore resources to manage data, so once you store information in their cloud, it can be subject to foreign privacy laws, including the U.S. CLOUD Act1, and consequently accessed by foreign interests.
Sovereign cloud expert Stan Kwong sums up the peril to Canadian organizations working with foreign-owned cloud service providers (CSPs). “The 2018 U.S. CLOUD Act allows U.S. federal law enforcement to compel U.S.-based technology companies to provide requested data stored on company servers, regardless of whether the data is stored in the U.S. or on foreign soil.”2
For Canadian organizations with an obligation to protect the information of Canadian citizens, Knowing that a foreign actor can access their data is a dangerous prospect for Canadian organizations obligated to protect Canadian citizens’ information.
“When a foreign-owned cloud service provider claims that data will reside in Canada, that can be misleading, because they are referring to servers and software and digital components, while their supply chain management is a different story.” Says Craig McLellan, CEO of ThinkOn.3
The government of Canada acknowledges the dangers of foreign access and control of our data in their Data Sovereignty and Public Cloud White Paper: “As long as a CSP that operates in Canada is subject to the laws of a foreign country, Canada will not have full sovereignty over its data.”4
So, paying attention to the supply chains of the big hyperscalers is important, because when we do business with them, we are doing business with all the companies and contractors they work with as well. Do we know who these foreign operators are, how often they change, and if they are subject to Canadian law? Would we hire them to manage our sensitive data? If the answers aren’t clear, we need to move to a more secure solution.
Sovereignty certification: A global data protection initiative
VMware understands the importance of protecting the organizations that trust them with their data, so they launched a certification program to ensure that each country has its own approved cloud provider to preserve data sovereignty under local laws and regulations. ThinkOn is proud to be Canada’s certified VMware CSP.
ThinkOn’s VMware Sovereign Cloud Certification means that we’ve met the following stringent criteria:
- All data is managed within Canadian jurisdiction, with all data, including metadata and backups, stored, and processed locally.
- Other jurisdictions are unable to assert authority over data stored beyond our borders.
- ThinkOn exercises increased governance over data and supports corporate and national environmental, social, and corporate governance (ESG) strategies.
- Customers benefit from data classification and controls that are not available in foreign and commercial public clouds.
Meeting VMware and Government of Canada standards as the only Protected-B provider in Canada puts ThinkOn head and shoulders above other cloud service providers when it comes to the management of virtualized workloads with full data security, both in transit and at rest, for private sector and public service clients in Canada.
Another qualification that sets us apart is that ThinkOn is a 100 per cent Canadian-owned company with a full understanding of data sovereignty. As a global provider, ThinkOn has operations on three continents, and we service many customers outside of Canada. We have their best interests at heart too. We protect their sovereignty as we do our own because that’s the Canadian way: to look after our neighbors and safeguard their interests.
Value for partners and resellers: Global growth, local support
A CSP dedicated to data sovereignty should provide their partners with support from trusted experts in their own countries. And, as a partner, when you have a question or concern, you should be able to reach your cloud provider quickly and easily, and not have to suffer through a complex series of chatbots and voicemail commands, only to be shifted off into a generic recording or AI-generated response.
Getting support from an expert who resides in your own country is one of the major benefits of working with a sovereign cloud provider, and for ThinkOn, that’s a solemn promise with a maple leaf seal. We built our company on the belief that cloud computing services should be easy to understand and simple to deliver, transparently priced with no hidden fees or charges—ever—and always secure and well-supported.
At ThinkOn, we know that IT doesn’t come from a vending machine; it’s custom order all the way, to serve your specific business needs. We love people, and, if you’re like us, you enjoy talking to people, not machines and chatbots. We’re available—and eager—to solve any problem or answer question at tier 1, 2, and 3, live and in person, around the clock. If your CSP can’t do that, they might not be as dedicated to your growth as they claim.
Winning is a team sport: The strategic data advantage
Success goes beyond solution capabilities. A true partner won’t eat at your table and then leave when the cheque arrives. At ThinkOn, we create wins together, provide consistent support, accelerate your business development, and offer predictable pricing with competitive incentives.
You deserve a partner who will help you expand your service portfolio, increase gross margins, and build long-term customer relationships with high-quality infrastructure (IaaS), data protection (BaaS), data archiving, business continuity (DRaaS), and object storage services. That’s what we’re here to deliver, because we’re not just fair-weather friends—we want to help you thrive so we can grow together as lifelong partners.
Our partner organizations gain the competitive advantages of working with a global company that understands the needs of Canadian businesses. We help our partners to:
- Define a go-to-market strategy
- Streamline operations
- Tackle complex customer needs
- Build and protect customer relationships
For us, acting as a trusted partner means your customers remain yours. We don’t try to muscle in and take advantage of your hard work by cutting you out of the transaction. With our optional white label service, we work quietly in the background, providing the complete support, technology, and fully protected sovereign cloud that you and your customers need to make data thrive.
Sovereign Cloud: To serve and protect
Collaboration is one of the biggest advantages of hybrid and multicloud computing, because you can make changes, be flexible, and use cloud applications that make sense for evolving needs. That means you can store your most sensitive data on-premises, while other data may be more suited to the cloud or multiple clouds. It’s smart to use a sovereign cloud to create a seamless hybrid/multicloud environment because it provides flexibility, data mobility, and future-proof applications, helping you evolve as your business grows.
It’s a sad fact that when you have a contract with one of the big three hyperscalers, they make it very difficult for you to leave. You may suddenly find yourself locked into a framework that doesn’t serve your needs, held hostage by ingress and egress fees and other costs you can’t control. So, even if your business requirements have changed, your data is expanding, and your exposure to cyber-attack is increasing, your ability to migrate data to a safer or more cost-efficient solution is limited.
“When you use a set of tools that are only available in one hyperscaler cloud,” says McLellan, “you not only lose the ability to leave, you lose the ability to collaborate. Multicloud computing is part of a smart strategy that provides organizations with options for where to move workloads to help them manage security, capacity, and accessibility. With the big three hyperscalers, you lose that flexibility and mobility.”5
A sovereign cloud is a secure cloud
Data sovereignty laws place restrictions on data movement, and sharing can limit where a company can do business. Sovereign clouds keep sensitive data compliant while operating as part of a broader multicloud ecosystem, with portability and interoperability that supports migration and upgrades.
The challenge with foreign-owned CSPs is that some data may have encryption keys or metadata stored in offshore markets. If a non-Canadian is managing infrastructure or has access to encryption keys or another tool that limits the ability to apply Canadian privacy policies or data control policies to operations, then the data is not sovereign.
That can open the door to cyberbreaches, data corruption, or ransom attack—the evil lurking around the corner in every digital landscape. A sovereign cloud eliminates the risk that a cloud provider will simply hand over the keys to Canadian data to a foreign interest.
A recent Cybercrime Report published by Cybersecurity Ventures predicts that global cybercrime damages will expand by 15 per cent every year for the next three years, reaching a disturbing $10.5 trillion by 2025.6
Concerns over the impact of security breaches continue to grow. According to national business law firm Miller Thomson, “Cybercrime is an increasing threat facing Canada. The digitization of business and the growth of the ‘Internet of Things’ creates new business opportunities but also new vulnerabilities, including cyber attacks.”7
ThinkOn Sovereign Cloud protects organizations from cyber breach by controlling data mobility and access under strict Canadian laws and regulations. Data residency and governance stay within Canadian borders, ensuring data sovereignty, traceability, and supply chain management are in full compliance with Canadian regulations.
The sovereign cloud business advantage
Building a sovereign cloud that protects customer information and maintains compliance offers many business benefits. By improving data control, enhancing cloud security, strengthening compliance, providing business insight through data analytics, facilitating portability, and opening new markets, organizations are expanding their global reach. Businesses in many sectors are seizing the opportunities a sovereign cloud provides, especially in highly regulated industries such as financial services, insurance, healthcare, and telecommunications.
Partners helping partners: An ecosystem that accelerates growth
ThinkOn’s cloud back-end is powered by VMware technology, and we combine strategic vendor relationships with proven technology partners such as Commvault, Dell, Hewlett Packard Enterprise, Hitachi, Lenovo, Veeam, VMware, and many others to ensure high-quality solutions and services for customers.
It’s a symbiotic ecosystem that delivers value, innovation, custom solutions, and the best in secure global technology. No two organizations are the same: each has its own goals and needs. We help strip out the clutter and provide clients with the cloud applications they need to deliver the solution that’s right for them—a big win for customers—and our partners form long-standing relationships that help them grow.
We can do secure things together. Learn more about what it means to grow your business as you partner with us.
1 U.S. Department of Justice, “The Purpose and Impact of the Cloud Act,” https://www.justice.gov/criminal-oia/page/file/1153466/download
2 VMware, Stan Kwong, “How Data Privacy and Sovereignty Impact Business,” https://blogs.vmware.com/cloud/2022/08/04/how-data-privacy-and-sovereignty-impact-business/
3 Canadian Sovereign Cloud: Data Security Begins at Home, “Part 1: Canadian Sovereign Cloud: Data Security Begins at Home”
4 Government of Canada White Paper, “Data Sovereignty and Public Cloud,” https://www.canada.ca/en/government/system/digital-government/digital-government-innovations/cloud-services/gc-white-paper-data-sovereignty-public-cloud.html
5 Canadian Sovereign Cloud: Data Security Begins at Home, “Part 1: Canadian Sovereign Cloud: Data Security Begins at Home”
6 Cybersecurity ventures, Newswires, “Cybercrime Damages To Cost The World $8 Trillion USD in 2023”, https://www.einnews.com/pr_news/606505844/cybercrime-damages-to-cost-the-world-8-trillion-usd-in-2023
7 Miller Thomson Lawyers, Domenic Presta, “Cybersecurity for Canada’s financial institutions,” https://www.millerthomson.com/en/blog/mt-cybersecurity-blog/cybersecurity-canada-financial-institutions/