Predominantly driven by the rise of AI, but also fuelled by increasing use of cloud-based software and data storage, demand for data centers continues unabated. Many estimates project global data center capacity will continue to grow at a rate of 15% year on year.1
Data centers, and the data contained within them, sit at the nexus of technology and geopolitics. It matters where a data center is located, both in terms of the national and regional jurisdictions in which it resides and in terms of its proximity to sufficient power, water and internet connectivity. It also matters what data is stored in a data center, to and from where that data flows, and which governments, companies and individuals have access to it.
It has long been necessary for business leaders to understand how their organisations store and transmit data. However, it is now more important than ever to have a comprehensive understanding of your data strategy, and there are six main reasons for this:
- AI’s prevalence is only going to increase. As AI finds its way into almost every business, it is becoming harder and harder to prevent sensitive data from being deliberately or accidentally ingested into AI models. It is impossible to ignore AI though and highly counterproductive to try to ban staff from using it. Instead, you need to ensure that your data is sufficiently protected and that you take a secure approach to deploying AI within your organisation.
- Partners are becoming more discerning. Clients and other business partners are becoming increasingly specific about how their data is handled when they share it with third parties, including restricting where it may be stored and how it may be transmitted. They expect to be able to trust and verify compliance with their requirements.
- Digital supply chains are becoming more complex. The days of data only being stored “on premise” are long gone. Software as a Service (SaaS), cloud storage and the use of AI have made digital supply chains extremely convoluted. It is becoming increasingly difficult to know where your suppliers, and indeed the suppliers of your suppliers, are storing your data.
- Digital sovereignty is on the rise. Countries continue to impose increasingly draconian data localisation and protection laws. This makes it much more difficult to ensure compliance, particularly if you operate in multiple regions. It also increases the likelihood of requirements in one jurisdiction conflicting with those in another.
- Cyber attacks remain a significant threat. The threat to data from cyber attacks has not gone away. In fact, it is harder than ever to be certain your data is secure, given the complexity of cloud environments and the partners you trust with your information. Third party and digital supply chain attacks continue to be a popular method for criminal and nation state cyber actors to steal data or to hold it to ransom.
- Costs associated with data are increasing. As global use of AI grows, so do the costs of powering data centers, particularly as demand for energy threatens to outstrip availability in some regions. And, in some jurisdictions, environmental regulation around power generation can limit where it is possible for data centers to be built. As such, how you and your trusted partners store and transmit data, and how you use AI, has potential to be a significant cost center for your business. You will need to be discerning about the providers you use and whether you build your own data centers or rely on third party providers.
For these reasons, it is the responsibility of every member of the C-suite to think about how their role is affected by data and how they should be contributing to decision making on data-related issues. It is no longer acceptable for just the CTO or CIO to have a good understanding of how their company handles data or to be the loudest voices in discussions on the company’s data strategy.
To help demystify your data strategy, here are four questions that you should discuss as a C-suite:
1. Where is our data stored?
You need to understand fully where your and your clients’ data is located. This is not just for data you hold, you also need to take into account the third parties that you have entrusted with your information (eg, SaaS and cloud providers). This will make it easier to demonstrate compliance with the storage requirements dictated by clients and other partners.
Further, you may need to take into account data resilience. Both you and the key partners in your digital supply chain need to be able to operate, even if an event in a particular region, such as a power cut or natural disaster, renders some data centers unavailable.
2. How is our data protected?
Digital supply chain complexity means you are no longer solely responsible for the security of your and your partners’ data. You need to ensure that all entities in your digital supply chain are held to account in terms of their approach to data security, and indeed cyber security more broadly, and you need to check on them regularly to ensure and enforce compliance.
You also need to make sure that data is protected from being ingested deliberately or inadvertently into AI models that could remove its confidentiality. As previously stated, this does not translate to a blanket ban on using AI, but it does mean you must find a secure approach to doing so.
3. How might geopolitics affect our data?
Governments are becoming increasingly protective of data relating to their citizens or that could be regarded as of national significance. Digital sovereignty initiatives have traditionally been driven by countries like China, but stringent regulation is appearing in other regions, including India and the EU, and this trend is likely to continue.
In the regions where you operate, you need to make sure that you have a good understanding of any regulations governing data you store and if and how it crosses into other jurisdictions. The same goes for any client data and, indeed, other data that you might not realise is regulated (eg, data used for cyber security monitoring purposes).
Depending on where you operate and the sensitivity of your industry, the threat from criminal and state-backed insiders may also be relevant. Sensitive IP is not just at risk from ingestion into rogue AI models, it could also be taken by someone acting against the interests of your organisation, either deliberately or inadvertently.
4. What does our data strategy cost?
Your data strategy has important economic considerations. These include costs, such as power, associated with renting or owning data centers for SaaS, data storage or AI use. Given such costs are only likely to rise, you need to understand if and how you going to be able to meet the ongoing data needs of your business, while also keeping within budget. You also need to take into account other cost factors, such as security and resilience, when preparing your data budget.
You should also be prepared for your data strategy to bring costs further down the line. It is likely that, at least in some countries, energy consumption associated with data center use will eventually bring ESG concerns and potentially even additional taxation. Taking a responsible approach to how you power your data center needs, for example by focusing on renewable or clean energy sources, could reduce longer-term expenses and mitigate potential reputational issues.
Tackling these questions requires engagement from the entirety of the C-suite. If you are unable to answer any of them, you need to get to a position where you can and do this as quickly as possible. Developing and maintaining an effective data strategy requires a holistic approach that involves all business leaders, not just those in charge of IT.
Reference
1 https://www.jll.com/en-belux/insights/market-outlook/global-data-centers