Data sovereignty issues are complex but critical

David McClure

Sovereignty issues have shifted into the spotlight across a number of sectors in Australia due to the supply chain challenges wrought by the COVID-19 pandemic.

This should raise important questions for local businesses not just about physical supply chains, but where and how critical data is stored.

Australian businesses and executives need a better understanding of data sovereignty and the issues around storing data through a foreign company. And the federal government has an important role to play in this mission, DekkoSecure chief executive officer Jacqui Nelson said.

According to Ms Nelson, more Australian companies need to consider these issues and to actively investigate and understand how their data is stored and what laws in other jurisdictions can be applied to it.

DekkoSecure chief executive officer Jacqui Nelson

“Organisations need to start thinking about sovereignty as a policy goal. The Big Tech players have a role to play but there also needs to be a focus on Australia’s own local capability,” Ms Nelson said.

“As an Australian company I comply with all laws, but once we host on a different server owned by a foreign country, that data is subject to that country’s laws as well. While I understand that, currently we’re seeing some organisations that don’t get it.”

DekkoSecure is an Australian cybersecurity firm founded in 2015. It offers technology that replaces high-risk electronic exchanges such as video conferencing, file sharing, email and chat with a new standard in privacy.

Its main products include DekkoVault, a secure document and file-sharing service, and DekkoLynx, a recently-launched service for confidential video meetings between government departments at the “protected” level, as well as for use by other organisations handling highly sensitive information, such as law firms.

Both of these Dekko products use end-to-end encryption.

Dekko currently stores its data in Australian-based data centres running Microsoft Azure. Ms Nelson said she wants to also utilise Australian providers such as Vault Cloud or AU Cloud, but this will become more practical when these offerings are more established, and there is more knowledge of data sovereignty among clients.

The government should work with local players and their clients to educate them on these issues, Ms Nelson said.

“With heightened focus on our national security posture, it makes sense for government to work with local companies to be able to provide those services,” she said.

“It’s about access to the right talent to help providers scale. Establishing local sovereignty that competes at scale is tough without very deep support from the government.”

“Starting at the bottom of the chain is always better than trying to fix it at the other end.”

The government also has a role to play in educating the private sector on the importance of these issues, she said.

“I don’t think enough people in the private sector actually know the right questions to ask in relation to where their data is being housed. There’s a huge education piece that needs to be worked on,” Ms Nelson said.

“For me the biggest challenge is getting the message out to organisations that they really need to up their questions of their providers. They need to not just accept they’ve got data centres here and that they’re secure, but they need to deeply understand which parts of the channel are secure and where the vulnerable points are.”

This discussion should start with understanding what data sovereignty actually means, she said.

“There are challenges around the word sovereignty – it’s a little bit like security, it means so many things to so many people,” Ms Nelson said. “The devil is always in the detail and there’s a challenge in communicating it with customers.”

“COVID and changes in the geopolitical landscape have pushed the conversation to a much broader audience, but in the private sector there is some confusion about what sovereignty means in this space.”

With the federal government preparing to pass new critical infrastructure laws which will expand security requirements to a range of new sectors, now is an important time for Australian businesses to consider their own data sovereignty.

“It captures places like education for example, where sovereignty hasn’t really ever played into their thinking. Now around vaccines and COVID, those conversations are starting to be elevated, we’re hearing a lot more noise from those industries,” Ms Nelson said

DekkoSecure, an Australian owned and operated technology company that provides industry-leading end-to-end encryption. This article was produced in partnership with DekkoSecure as part of the Connect with Confidence sponsored content series by DekkoSecure and InnovationAus.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories