Covering Disruptive Technology Powering Business in The Digital Age

A New Reality: How the Sovereign Cloud Lets Companies Maximise the Cloud and Ensure Compliance
February 5, 2024 Blog Cloud Data Protection


In the face of the still-ongoing cloud revolution, players in the Banking, Financial Services, and Insurance (BFSI) sector are confronted with a conundrum: How can they maximise being in the cloud while complying with data requirements and regulations of the country they are operating in?

All companies and institutions in Malaysia, for instance, must stringently adhere to the Personal Data Protection Act 2010, the Personal Data Protection Regulations 2013, and the Personal Data Protection Standard 2015—all of which specify that “no personal data shall be transferred to a place outside Malaysia unless to such place as specified by the minister charged with the responsibility for the protection of personal data.”

This is a global trend, with statistics by UNCTAD revealing how 71% of countries now have laws specifically aimed at securing data protection and privacy and another 9% drafting the same kinds of legislation. In fact, only 15% of countries have no such laws in place and another 5% struggling with any kind of data governance.

Malaysia, of course, is part of that 71% that mandate strict data requirements, including that of sovereignty. Compliance, therefore, is a must as failure to do so has considerable consequences, including fines of up to MYR 300,000, imprisonment, and other related penalties. In addition, the Risk Management in Technology (RMiT) policy document released by Bank Negara Malaysia (BNM) is now requiring financial institutions in the country to consult the central bank before utilising the public cloud for critical systems and to notify it if the cloud will be used for non-critical systems.

Said compliance requirement complicates any cloud initiative, so much that many financial institutions struggle to roll out cloud projects—in part because hyperscalers and major public cloud providers are mostly US-based (or foreign). This is a problem because it runs contrary to Data Sovereignty requirements, which mandate that data must be stored locally by a company operating in the same locality with locals running operations.

Even so, the very concept of Data Sovereignty is fraught with challenges, the most obvious of which is the complexity and cost that comes with complying with data-related regulations. This is particularly problematic for financial institutions that operate in multiple countries, as compliance requirements generally differ from country to country. That is not to mention the increased cybersecurity risk that comes with storing data in a single location or jurisdiction only, as cybercriminals can specifically target it.

Adapting to Changing Needs with the Sovereign Cloud

But technology evolves. It adapts—so much so that there is now a way for financial institutions and companies, in general, to maximise cloud computing while complying even with the most stringent data protection and data privacy mandates, as well as strict Data Sovereignty requirements.

That is now possible with the Sovereign Cloud, which enables enterprises to continue reaping the benefits of the cloud from availability to accessibility, and better security to scalability—all while complying with strict requirements on jurisdiction and control and without compromising the ability to deploy sensitive and regulated workloads to the right cloud.

However, the concept of the Sovereign Cloud is relatively nascent—and it might even be unfamiliar to some institutions.

That is why we have prepared an e-book just for you, so you can learn all about the Sovereign Cloud, exploring its core principles and how it translates into organisational benefits. Download it HERE.

Sovereign cloud