ThinkOn is in the process of migrating our phone system to Teams. During this transition, please continue to use the phone numbers on our website to contact the sales and support teams in your region. We don’t expect an outage during the move, but if you have trouble reaching us by phone, please reach out at requests@thinkon.com.

Special note, the Australia office (sales) number will change to +61 8 6146 3060 on Friday, 14 March.

Sovereign Cloud for Canadians by ThinkOn

Buy Canadian to Build Canada.

Secure, compliant, 100% Canadian data solutions

For Canadian businesses handling sensitive data, knowing where your data resides and who has access to it is critical. Did you know that foreign cloud service providers are subject to the data regulations that govern their home country? Even if their data centres are located in Canada, they can be forced to turn your data over to a foreign government.

A Canadian sovereign cloud, owned and operated by Canadians, protects you from regulatory breaches, loss of data control, and other vulnerabilities while keeping your data secure and compliant. We make data thrive, with the built-in flexibility and scalability you need to grow.

data sovereignty

In our modern, technology-driven world, data is part of our critical infrastructure, and whoever governs the cloud it’s stored in ultimately controls that data.

Hyperscale clouds advertise sovereign cloud solutions

Organizations often believe the misconception that their trusted cloud providers manage and secure client data in a sovereign way. However, all hyperscale clouds rely on offshore resources for some tasks—even when the data remains at a domestic location. For that reason, their claims of sovereignty are not only misleading, but outright wrong. Lack of full data sovereignty means that sensitive Canadian data could be divulged to another government without the knowledge or approval of the Canadian customer.

Sovereign cloud goes beyond government

Sovereign cloud isn’t just for the public sector. It benefits virtually any enterprise, across every vertical concerned with maintaining the privacy of their Canadian clients’ data. There is a significant advantage to customers in regulated industries, such as financial services, healthcare, retail, energy, defense, intelligence, research, regional telecom, and government services.

We like to say that ThinkOn is “Where Data Thrives.” And that’s more than a marketing message, it’s what we aspire to every day—especially when it comes to our Canadian service delivery infrastructure.

Data sovereignty is the key to protecting your data and your future

In his TEDx talk, Craig McLellan, Founder and CEO of ThinkOn, stresses the importance of data sovereignty—keeping data under national control to protect privacy, security, and fuel local innovation. His message: control your data or risk losing control of your future.

A Canadian approach to data sovereignty

Go a step beyond data residency

We don’t rely on employees or contractors that reside outside of Canada to support our infrastructure. Working with a truly Canadian company like ThinkOn ensures that data sovereignty, traceability, and supply chain management are in full compliance with Canadian regulations—in storage, during access, and in transit. So foreign governments and bad actors can’t get their hands on your data.

Federal government seal of approval

ThinkOn is an approved CSP under the Shared Services Canada Framework Agreement for Secure Workloads. Our infrastructure is continually reviewed against internal compliance controls and regularly audited by third parties to ensure our security measures align with best practices for reporting and control. You don’t need to be a government department to benefit from our enhanced data protection controls.

Avoid all cross-border data transfers

Did you know that the moment your data crosses the border, it’s subject to foreign regulations such as the US CLOUD Act? Even though your data may be travelling from one Canadian data centre to another, there’s no guarantee with a foreign-owned CSP that it may bounce across the border while in transit. Stopovers like this can put your data at risk. You don’t have to worry about that with ThinkOn Sovereign Cloud.

Don’t sacrifice privacy for flexibility and scalability

A sovereign cloud service provider protects your business with robust data security and strict compliance while leveraging ThinkOn’s flexible and secure cloud infrastructure. Our digital tools and resources make it easy for you to automate, innovate, and streamline operations and data backups while keeping your data where it belongs—in its country of origin. We make data thrive, so you can scale your business with ease.

Future-proof your infrastructure

Deployment is only the start of your journey. Your CSP should support you at every step on the digital journey. That means staying with you for the long-haul, not just lining up at the starting gate. We help you respond quickly to changing data privacy regulations, security threats and geopolitics, and avoid vendor lock-in with workload, application and data portability, and no hidden fees.

ThinkOn is a VMware by Broadcom Sovereign Cloud partner

ThinkOn is the first Canadian VMware Sovereign Cloud partner and the only 100 percent channel-only provider. That means you get the “home and native land” benefits of a Canadian cloud computing solution with the strict data sovereignty controls and compliance standards of the VMware Sovereign Cloud initiative.

VMware Cloud Providers that are qualified sovereign cloud providers have extensive expertise and deep industry insight in regulated industries, including

Data Access & Integrity

To make data thrive, you need easy access without compromising security—and while keeping your data complete and accurate. ThinkOn VMware Sovereign Cloud secures data access and integrity to help fuel innovation while remaining compliant with local data privacy laws.

Independence & Mobility

Future-proof your data against technological and geopolitical changes. ThinkOn provides secure data portability with a flexible and interoperable platform, so workloads can be moved as needed to support upgrades and avoid vendor lock-in—without costly fees.

Security & Compliance

ThinkOn Sovereign Cloud experts have security clearances and expertise to ensure secure data access and integrity without compromising security. Compliance laws change rapidly, and you need to quickly adapt how you operate in impacted regions. ThinkOn helps you securely keep pace with a changing legislative landscape.

Sovereignty & Control

ThinkOn prevents foreign access by storing all data locally, including metadata and data backups—and with no foreign contractors lurking in our data supply chain. You retain control of your data while maintaining compliance with data privacy and sovereignty laws.

ThinkOn Sovereign Cloud—your data, your sector

Government & Public Sector

Protected B data, safe and secure under sovereign control, meets strict government, defence, privacy, and cybersecurity guidelines.

Learn more

Healthcare

Secure access to sensitive data enables research and enhanced patient care with privacy controls to protect sensitive patient data.

Financial Services

Continuous compliance while enabling secure data sharing to uncover insights and offer new services that enhance customer experience.

Legal

Client confidentiality under the Personal Information Protection and Electronic Documents Act (PIPEDA Canada) with control and data insights to maximize efficiency.

FAQ:

What is the difference between data sovereignty and data residency?

Data residency refers to the geographical location of the data—where the data actually resides.
Data sovereignty refers to the ownership and operational supply change locations all along the data chain as it is stored, accessed, and in transit.

In the case of foreign-owned CSPs, data is often deployed on assets in Canada (residency) that are owned by a foreign entity and/or are operated by non-residents that lack Canadian security clearance. These vendors may misrepresent a non-sovereign service by positioning residency as an equivalent. But data residency alone does NOT ensure data sovereignty.

If my data is in my country of residence, do I have to worry about who manages the infrastructure?

Storing your data in Canada is only one component of data sovereignty, and it is not enough to protect you from data exposure under foreign regulations. If your data is managed by foreign contractors or employees at any point in the data supply chain, in storage or in transit, it is not protected under Canadian law. Non-resident individuals that manage the infrastructure, as is the case with all the foreign-owned hyperscalers, are not required to maintain compliance with our country’s privacy policies.

And while compliance may be a requirement of employment with these foreign-owned CSPs, they’re still governed by the laws and policies of their country of residence. That means that if a foreign contractor or bad actor illegally accesses your data, our laws may not be able to protect you or punish them.

It’s also true that foreign-owned CSPs may be forced to compromise your data, because they must comply with the laws of their own country, including the US CLOUD Act or China’s Article 7 that requires companies to release data to their government if requested. Once that happens, your data is not compliant, and you could face liabilities for failing to protect sensitive data.

Why do I need a Canadian sovereign cloud?

The hyperscalers will tell you that they store your data locally, but the truth is their supply chain includes third-party contractors who have access to your data and can be forced by foreign governments to hand it over. And since the winds of politics can change direction at any time, you never know when your data could be at risk of foreign seizure.

The Government of Canada states that, “Lack of full data sovereignty has the potential to damage the GC and third parties. Sensitive GC data could be subject to foreign laws and be disclosed to another government.”

For example, while your US-based CSP may have local offices in each country where they provide cloud services, as American companies they are subject to the US CLOUD Act.

In its Data Law blog, Microsoft states, “The CLOUD Act amends US law to make clear that law enforcement may compel US-based service providers to disclose data that is in their ‘possession, custody, or control’ regardless of where the data is located.”

This means that data stored on US platforms such as Azure, Google, and AWS can be subject to a warrant or subpoena by the US federal government.

That puts Canadian data—your data—at risk.