This is Part One of the True Canadian Sovereign Cloud series. In Part One, we discuss the requirements for a Canadian-made solution to data storage. In Part Two, we explore the impact of data management in a sovereign cloud for Canadian businesses and public services.
By Craig McLellan, CEO and Founder, ThinkOn
There’s a lot of talk about Sovereign Cloud among cloud service providers in Canada, but do you really know if your CSP has a real sovereign cloud offering, or is it all just that—talk?
In a complex digital landscape where the rules seem to change daily, how can you be sure that your sovereign cloud provider is delivering what they promise?
Full compliance and data security depend on your approach to data management, and that starts with choosing a sovereign cloud provider who can deliver the infrastructure and service you need in a true Canadian sovereign cloud.
Here are some of the top questions you should be asking your CSP about their sovereign cloud:
Is your CSP approved by the federal government as a sovereign cloud?
The Government of Canada has stringent guidelines for data management and privacy controls. Their Pro-B certified accreditation holds the cloud provider to the highest standards in data sovereignty. To achieve a PBMM Framework Agreement with the Government of Canada, a cloud provider must comply with all data-oriented legislation, including Canada’s Digital Privacy Act.
ThinkOn is proud to be the only Pro-B certified Canadian CSP capable of offering data sovereignty to the Government of Canada.
Is Your CSP VMware certified?
ThinkOn is the First VMware Sovereign Cloud Partner in Canada. This constitutes a double layer of compliance with sovereignty guidelines because ThinkOn has achieved the stringent requirements of providing 100 percent sovereign data services that adhere to Canadian guidelines with both the Federal Government and VMware.
This distinction makes ThinkOn part of a small group of in-country leaders worldwide selected to be part of the VMware Sovereign Cloud initiative, a designation reserved for companies that can address sovereignty requirements across the data journey—from where data resides to how it is stored, serviced, and shared.
Greg Chappell, Vice President, Global Sales and Partner Success at ThinkOn puts it best when he says, “Meeting the VMware and Government of Canada standards as the only Protected-B provider in Canada puts ThinkOn in the best position to deliver seamless migrations of virtualized workloads with full data security, both in transit and at rest, for public service clients in Canada. We’re immensely proud of this achievement, both as a 100 percent homegrown technology provider and as Canadians.”[1]
What’s the difference between data residency and data sovereignty?
To remain sovereign, data must be stored within the borders of the country where the data originated. This means that data centres storing Canadian data must be located in Canada. It sounds fundamental, but do you really know where your data is being stored? Can your CSP tell you exactly where their data centres are located and who is managing them?
Andrew Zola of TechTarget warns subscribers of the pitfalls of working with foreign-owned cloud providers, “Often, cloud computing customers are unaware of their data’s physical location. So, as cloud providers store data globally across different data center locations, users need to be aware of their data’s local residency laws and regulations.”[2]
Data residency and data sovereignty are cousins, not twins. Your data may reside in Canada, but if your infrastructure provider is a foreign-owned company, your data is subject to foreign data laws, including the Cloud Act, and it will be available to cross borders. Once it does, your data is no longer sovereign.
If you want to be sure that the US Cloud Act won’t impact your data security, ThinkOn has the capacity to offer sovereign cloud in geographic locations outside of the Cloud Act, so you can be assured that your data has full sovereignty in the country where the data originated.
Is your cloud provider truly Canadian?
Is your CSP headquartered in Canada? Is it Canadian-owned and -operated? Ask your sovereign cloud provider who owns and manages their company. Were they founded in Canada by Canadians? Do they remain under Canadian control or do foreign entities hold a portion of the ownership?
Who are their top executives, and do they have loyalties or interests subject to laws outside of Canada? Who will have access to your data, and who could be influencing their decisions?
“Canadian-based” may not cut it. If your CSP is based in Canada, that doesn’t mean owned and operated in Canada. Some cloud companies have been acquired by foreign interests; others have foreign parent companies, boards of directors, foreign CEOs and executives, or foreign owners. That’s not Canadian sovereignty; it means your provider may be subject to foreign privacy laws that do not protect Canadian data.
ThinkOn is a Canadian-owned and Canadian-operated company with a vested interest in protecting Canadian data. We have the best talent, resources, and services right here in Canada to ensure that you get what you’re promised—a true Canadian Sovereign Cloud.
Learn more about protecting your data in Canada with ThinkOn Canadian Sovereign Cloud.
In Part Two of this series, we explore more critical questions to ask your CSP about data management to ensure you’re getting a true Canadian Sovereign Cloud.
[1] ThinkOn. Greg Chappell. 2023. “Part 4: The National Data Economy: Expand Your Business with a Sovereign Cloud.” https://thinkon.com/blogs/expand-your-business-with-sovereign-cloud/
[2] Andrew Zola. TechTarget. 2023. “Data Residency.” https://www.techtarget.com/searchcloudcomputing/definition/data-residency