Data Sovereignty
Possession is nine tenths of the law
In a little over a decade, software as a service, otherwise known as the Cloud, has mushroomed. For a number of very good reasons, a hosted service, sold by subscription, is rapidly becoming the de facto method of providing business and professional software. However:
- Some data will always be too sensitive to share outside the four walls of the organization,
- Some operations over an organization's data, sensitive or otherwise, will always be too idiosyncratic to be accommodated efficiently by any platform.
While terrifically convenient and easy to get into, Cloud software companies only offer a rigid menu of features which are supplemented with wildly varying degrees of cost and difficulty. They are conspicuous hacking targets; they are liable to outages, bankruptcy, or acquisition by (your) competitors; they are profligate data miners, and on average they are—often by design—difficult to sever relations with.
The idea of data sovereignty is, for customers of these services, to establish strategies for improving one's bargaining position, where the extreme solution is running the service yourself. For providers, it's about designing products and services where privacy, customizability, and exportability are principal differentiators. A growing number of organizations fit both of these descriptions at the same time.
Origin Story
This theme is grounded in a comprehensive digital transformation project. The client had been finding itself replacing its information infrastructure every three years since 1996, with increasing expense and complexity. Each new system also inevitably meant trading away at least one piece that worked, for at least one piece that ultimately didn't.
At the start of the project, the organization was at the mercy of a boutique
SaaS vendor who handled everything from the website to the back-office, and did it badly. Over the course of this herculean project—among many other things—we came up with techniques for:
- Extracting the client's data from the vendor where the export feature was missing (which ended up being most of it),
- Creating a Web
scaffold
so that the vendor could be kept online while its functionality was being replaced incrementally, - Establishing a permanent inventory within the organization, to document the business processes that need to happen, and how they need to happen, in detail, so that future vendors could be thoroughly evaluated.
The Program
The program of this theme, in addition to refining these aforementioned techniques, is to come up with a set of methods for grading both the sensitivity of an organization's data, and the peculiarity of the necessary operations over it: costing alternatives to the Cloud, as well as alternatives within the Cloud. The goal is for a user of the resulting technique to make more prudent decisions regarding their relationships with vendors, and ultimately figure out the right mix of information infrastructure that is leased, and infrastructure that is owned outright. The same process can be applied to vendors, to anticipate the inevitable: a more sophisticated clientele.