Rik Tamm-Daniels, Vice President, Strategic Ecosystems and Technology at Informatica, talks about cross border data flows with Enterprise IT News.
EITN: How often do cross-border data flows happen? Can you share some examples of when cross-border data flows happen?
Rik: The ability to move, store and process data across borders is foundational to the modern digital economy, and has long been a necessity for internet-based services since the beginning of digital banking and e-commerce where transactions are done online across servers housed in different countries.
These days, cross-border data flows happen at every moment in time, with innumerable personal and business data being transferred online. This is even more true for businesses looking to implement and fully harness the power and efficiency of cloud solutions for data transfers.
From e-commerce companies, logistics service providers, to hotels and manufacturers, leveraging AI and Machine Learning (AI/ML) solutions to drive data analytics allows them to discover transformative insights faster, helping them better serve their customers.
EITN: How do your solutions address this data flow? How do your solutions help organisations comply with different data privacy laws in different countries?
Rik: As the volume of data grows exponentially – something that has accelerated during the pandemic as businesses adopt cloud services to enable continuity, organisations find themselves contending with an increased need to share data across infrastructures, environments and locations. Essentially, data management has become more complicated and daunting.
As more data moves into the cloud, new privacy regulations are also coming into effect to safeguard cross-border data flows – ultimately affecting how organisations share sensitive information beyond their corporate IT environments. Knowing where sensitive data resides, how it’s being used, and who is using it, is criticalfor businesses to protect both their customers and themselves.
As data proliferates, becomes fragmented and is decentralised across multi-clouds and hybrid environments, Informatica’s Intelligent Data Management Cloud™ (IDMC) is designed to help businesses innovate with their data on any platform, any cloud, for all types of users across the enterprise. The cloud platform, powered by our CLAIRE AI/ML engine, carries more than 200 cloud-native intelligent data services, where businesses can catalog, ingest, integrate, prep, cleanse, master, and share all of their data, wherever it is, process it in any way they want, with security and trust by design that helps them democratise trusted data on the foundation of governance, to protect mission-critical data, minimise privacy risks and manage regulatory compliance.
Informatica partners with global leading hyperscalers to make IDMC available to customers and partners, giving them the choice of data location and the ability to innovate with data while complying with the local data residency and sovereignty regulations.
EITN: Is data privacy the same as data sovereignty? What about data residency?
Rik: While data privacy, sovereignty, and residency all concern the management of data, there are key differences between the three aspects.
Data sovereignty and data residency have been used interchangeably due to the close relationship between these concepts. However, data residency refers simply to the geographical location that organisations choose to store their data in – for reasons such as a more favourable tax structure than its own country of origin. Data sovereignty, on the other hand, requires data stored in that designated location to also adhere to the laws of the country where it resides (i.e., the host country).
Meanwhile, the focus of data privacy goes one step further than just accessibility, addressing issues such as utilisation, and how businesses should limit the exposure of data to avoid the abuse or misuse of data – ensuring compliance with internal and external data management policies and regulations. While consumers may consent to their data being collected and stored by the businesses they interact with – what permissions do they grant to the same businesses when it comes to using or sharing their data with others? With a myriad of data privacy mandates globally, from the GDPR to PDPA (and everything in between), companies must ensure they implement policies and systems that consider context and circumstances, ensuring they leverage their wealth of data appropriately to meet both regulations and consumer expectations.
While data security tools like encryption can help with protecting data privacy, intelligent decision making to determine whether exposures are appropriate or not requires proper data privacy and data policy governance upfront. This type of proactive approach to data governance enables organisations to effectively enforce data use policies, classify and determine sensitivities of various data sets, enable remediation like security controls if data risk exposure is misaligned, and provide a holistic view of not just where data resides, but how it moves, how it is consumed and where it poses risk to an organisation.
While data security tools like encryption can help with protecting data privacy, intelligent decision making to determine whether exposures are appropriate or not requires proper data privacy and data policy governance upfront.
For example, as organisations move to adopt cloud quickly, they can prioritise what data to move into cloud, what data to cleanse and enrich, catalogue according to high potential risk, mask, encrypt and meet cross-border data transfer requirements, and thus better understand data movement and exposure, empowering organisations to leverage the power of data-driven insights and the agility and scale of the cloud to rapidly and responsibly transform their businesses.
EITN: Who are your target audience/industries? Where does Microsoft come in? Why is this solution only for APAC? Is it possible to keep data flows within the APAC region only? What happens when it has to go beyond APAC?
Rik: IDMC was launched globally in April of this year and was made available in July in this region as part of expanding our global partnership with Microsoft Azure and in response to the overall acceleration in demand for cloud-native data management solutions in APAC. Microsoft and Informatica have been helping customers accelerate and scale major digital transformations in APAC across all sectors from BFSI and public sector to those undergoing massive transformation such as healthcare and education.
Organisations will need to think beyond just the management of data, but also ensure they abide by the various data protection laws in each country.
As organisations move to adopt cloud, this partnership brings together two companies’ cloud solutions that cater to the local market needs of the customers and regulatory requirements as they continue to innovate with data to stay ahead of competition. In fact, to help lower the barrier and help customers that are just embarking on their cloud migration or launching a new data analytics initiative, companies can subscribe to our free service for cloud data integration and get up-and-running quickly with the Azure data and analytics initiatives.
With cross-border data flows only set to grow as the global economy turns digital, data will definitely flow beyond APAC. Organisations will need to think beyond just the management of data, but also ensure they abide by the various data protection laws in each country.
Hence, it is not really a question of what if data flows go beyond APAC, but rather how can we empower compliant and secure cross-border data flows beyond APAC. IDMC is designed for managing distributed data processing across on-premises, multi-cloud and multi-geography, ensuring isolation of data assets and data processing that provides optimal security, data protection and performance while providing a single global view of all data management activities.
Organisations must continue to sharpen their focus on managing data well in this digital age.
EITN: Can you share some trends when it comes to cross-border data flows? Is it increasing? If yes or no, why? What do you foresee for the next 3 to 5 years?
Rik: With the increasing complexity that cloud adoption has brought, a big trend the industry will continue to face in the near future will be heightened scrutiny on data compliance and protection. With the birth of regulatory frameworks such as GDPR, and discussions to create a similar Digital Economy Framework Agreement in ASEAN by 2025, it’s very clear that cross-border data flows are not only increasing, but that governments and regulators see this as a key issue for their economies.
In many ways, this is a real positive – agreements made between nations will outline trade rules and facilitate interoperability between the digital systems of two or more economies, thus making cross-border data flow seamless, and much easier to manage.
But with clearer rules and expectations comes an understanding that enforcement will also increase, so it’s crucial businesses don’t stick their head in the sand and accept ‘good enough’. Organisations must continue to sharpen their focus on managing data well in this digital age as data will continue to grow in volume and types and is an invaluable asset that would fuel greater innovation and economic growth with more digital trades being established across regions and globally.
