Concerns immediately arise around the location of the court that might adjudicate any issues as well as which country’s legal and regulatory framework might be relevant in determining the particulars of the dispute. Adult A likes the idea that the local boutique hotel has clear lines of accountability within its organization and is also wholly subject to local jurisdiction for all contested issues.įor both the other accommodation choices, the lines of accountability and escalation are far less clear, given the nature of their local organization’s relationship with their international parent and partner entities. With Child S, however, any issue that arises needs to face immediate arbitrage and there needs to be clear lines of local accountability, given the potentially serious impact of any issues on the child and the regulations governing that child, any legal recourse would need to be adjudicated locally. In the event there is an issue with Child NS, given the likely lack of seriousness of the infraction and its impact on the child, an escalation to the individuals coordinating the specific activity or possibly the leisure center management to lodge a generic complaint, which might be dealt with eventually from a central service located within the wider international group, should suffice. In the context of the analogy, this is around accountability and routes to legal recourse. The second assessment criteria applied to the choice of accommodation is ‘access’ and who mandates and regulates that access. Part of the journey to assessing the type of sovereign cloud a business needs is understanding the type of individuals that should have access to the different classifications of data for which the data guardians are responsible.
Partners currently serving the local public sector, defence, intelligence, or specific verticals such as health and finance will have this knowledge and experience and will employ the correctly qualified and vetted people to manage the different tiers of customer data securely and in line with prevailing regulations. The types of individuals one might consider for managing different data classifications is captured in the diagram below. In terms of the sovereign cloud framework, we are highlighting that data guardians should be aware that certain tiers of data should ideally only be managed by certain types of individuals. Child S (sensitive), on the other hand, needs specialist handling by trained individuals and there could be quite negative consequences if Child S is exposed to people lacking the relevant training and awareness of Child S’s specific needs. There is little in the way of regulation governing that access and little could result from diverse types of people interacting with Child NS. In terms of the sovereign cloud framework this equates to a relative lack of concern from data guardians about who has access to the non-sensitive data represented by Child NS.
Child NS (not sensitive) is quite capable of being put in a group with other children and left to enjoy most activities with minimal supervision by individuals with minimal training and specialist experience. In the context of the analogy this is looking at the types of people that have access to the children and what that means for the children’s experiences, enjoyment, and safety while on holiday. The first of these assessment criteria applied to the accommodation choices is ‘ people’. In my first blog, I talked about how selecting a sovereign cloud is not just aligned to a technology stack or a solution offering but is more about proposing a framework of assessment that people responsible for safeguarding corporate or public data, (data guardians), can use to evaluate whether a specific sovereign cloud offering is right for them.
The Family Holiday – The Assessment CriteriaĪlex Tanner, Senior Staff Cloud Solutions Architect, VMware Partner Connect Cloud Provider partners, UK&I
0 kommentar(er)
