By Craig McLellan, CEO and Founder, ThinkOn
Canadian organizations are increasingly realizing that data sovereignty is about more than just legal requirements—it’s essential for our national security and economic independence. Recent tensions with the United States have shown just how important it is to keep Canadian data within our own borders. With growing concerns about foreign influence on vital digital infrastructure, the need for a Canadian sovereign cloud solution has moved from a distant idea to an immediate priority.
But with all the talk about sovereign cloud among cloud service providers in Canada, the real question is: how can you be sure your CSP is genuinely offering a sovereign cloud?
Questions you should be asking your service provider about their Canadian sovereign cloud:
1. Is your CSP approved by the federal government as a sovereign cloud provider?
The Government of Canada has stringent guidelines for data management and privacy controls. Their sensitive government data compliance requirements hold the cloud provider to the highest standards in data sovereignty. To achieve a partnership agreement with the Government of Canada, a cloud provider must comply with all data-oriented legislation, including Canada’s Digital Privacy Act.
As the only Canadian-owned cloud provider authorized to handle data requiring enhanced protection measures, ThinkOn remains at the forefront of delivering secure, compliant, and innovative solutions for the public sector.
2. Is Your CSP VMware certified?
ThinkOn is the First VMware Sovereign Cloud Partner in Canada. This means a double layer of compliance with sovereignty guidelines because ThinkOn has met the stringent requirements to provide 100 percent sovereign data services that adhere to both the Federal Government and VMware guidelines.
This distinction makes ThinkOn part of a small group of in-country leaders worldwide selected to be part of the VMware Sovereign Cloud initiative, a designation reserved for companies that can address sovereignty requirements across the data journey—from where data resides to how it is stored, serviced, and shared.
Greg Chappell, Vice President, Global Sales and Partner Success at ThinkOn puts it best when he says, “Meeting the VMware and Government of Canada standards as the only Protected-B provider in Canada puts ThinkOn in the best position to deliver seamless migrations of virtualized workloads with full data security, both in transit and at rest, for public service clients in Canada. We’re immensely proud of this achievement, both as a 100 percent homegrown technology provider and as Canadians.” [1]
3. What’s the difference between data residency and data sovereignty?
To remain sovereign, data must be stored within the borders of the country where the data originated. This means that data centres storing Canadian data must be located in Canada. It sounds fundamental, but do you really know where your data is being stored? Can your CSP tell you exactly where their data centres are located and who is managing them?
Andrew Zola of TechTarget warns subscribers of the pitfalls of working with foreign-owned cloud providers, “Often, cloud computing customers are unaware of their data’s physical location. So, as cloud providers store data globally across different data centre locations, users need to be aware of their data’s local residency laws and regulations.” [2]
Data residency and data sovereignty are cousins, not twins. Your data may reside in Canada, but if your infrastructure provider is a foreign-owned company, like the United States, your data is subject to foreign data laws, including the CLOUD Act, and it will be available to cross borders. Once it does, your data is no longer sovereign.
4. Is your cloud provider truly Canadian?
Is your CSP headquartered in Canada? Is it Canadian-owned and -operated? Ask your sovereign cloud provider who owns and manages their company. Were they founded in Canada by Canadians? Do they remain under Canadian control or do foreign entities hold a portion of the ownership?
U.S.-based cloud providers can access Canadian data without notice or consent, creating a significant vulnerability for businesses. The reality is, U.S. providers must turn over data to governing bodies if subpoenaed, and while some international companies claim to keep data out of the U.S., there’s still a lot of uncertainty when your data’s out of your control.
While other providers may claim they won’t transfer data to the U.S., the fact is, if the data’s not under your control, there’s always a risk. That’s where ThinkOn stands apart. As a fully Canadian-owned and -operated provider, we ensure that your data stays under Canadian law, with no cross-border risks and no surprises.
Learn more about protecting your data in Canada with ThinkOn Canadian Sovereign Cloud.
[1] ThinkOn. Greg Chappell. 2023. “Part 4: The National Data Economy: Expand Your Business with a Sovereign Cloud.” https://thinkon.com/blogs/expand-your-business-with-sovereign-cloud/
[2] Andrew Zola. TechTarget. 2023. “Data Residency.” https://www.techtarget.com/searchcloudcomputing/definition/data-residency