As enterprise AI adoption becomes more widespread, the issue of data sovereignty and residence becomes increasingly complex. Verdict talks to Artin Avanes, director of product management at data cloud platform Snowflake, about how enterprises can navigate the challenges of data management as they integrate AI into their business processes.
Lara Williams (LW): Are there any common regulatory challenges that enterprises should address, regardless of jurisdiction?
Artin Avnes (AA): When we talk about data residency there is always one common requirement, which is that data should not leave the boundary. The boundary can be defined as country borders, but it is probably more granular than that.
Before we even consider AI, there is no great AI technology without a solid and secure data foundation store. So, it really starts with the data part and where the data is stored. From day one, Snowflake had the ability to store customer data within the boundary. So the answer is centred around, where does my data live? And where does my live data go? And we are doing more to have this data never leave the defined boundary. Not just customer data, which we always had within the boundaries, but that now includes, service and usage data.
LW: Your customers rely on Snowflake’s expertise, but how much in-house data sovereignty expertise do your customers need?
AA: It depends on the size of a company. Smaller start-ups won’t necessarily have in-house expertise; they might reach out to external parties like Snowflake and really rely on us. Oftentimes, globally operating customers are the ones with in-house expertise, but there is always a very transparent dialogue, on a regular basis – for example, on a quarterly basis – with customers about compliance needs and how we can meet them together. We are always comparing notes because regulations are never static, they are changing and evolving. So, it requires a constant discussion and an open dialogue.
For larger companies, the scale and complexity increases with a larger footprint distributed across different geographies. There is much more cost involved and much more effort to meet regulations. Data accessibility, AI and storing data to enable building all kinds of AI applications – that is where Snowflake can really help customers to take away the burden. To some extent, data sovereignty is always a shared responsibility, but we can play a very critical role to help solve and meet those very diverse, heterogeneous, complex requirements across the world. Modernising your data and AI story should be done together – because if you don’t get that right, forget any AI governance or AI applications that you want to build on top. You will have a challenge If you don’t get that layer right.
LW: What is the biggest challenge in the next five years in the realm of data sovereignty?
AA: If you start building AI applications, you have to think about a solid, secure and compliant data foundation and data layer. I think the challenge in the years to come is how you can avoid getting into the weeds of trying to run after each and every single compliance control that comes out. Because if you don’t think about a strategy that allows you to scale as these compliance requirements change, you will have a hard time innovating and focusing on what really matters to you. So I think that is a non-trivial piece of strategy that you have to grow.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataIf you don’t have the right technology partner, I think you will fail. So broadly speaking, you need to think about a strategy that allows you to scale with the compliance needs that come up. That means, is there a way you can push the responsibility, to a degree, down to the technologies that you are leveraging: for example, Snowflake. Also, have the peace of mind, the transparency and the auditing capabilities that ensure you are meeting regulations, wherever you might be, whatever the nuances.
LW: Which industry verticals are doing better at managing data sovereignty and residency?
AA: The usual suspects are really at the forefront of managing regulation: financial services and healthcare. This isn’t very surprising because these sectors are usually very heavily regulated. Also, these verticals are oftentimes dealing with regulations that are not well defined or were defined during a time before the cloud existed. So how do you then translate those requirements to the cloud world, right? Forget the AI part of it, just the cloud paradigm is very different.
What we are building is not unique to a particular customer or a particular vertical. Moving forward, regulations and compliance needs will only increase in the next few years – not level off or disappear. I think it will be top of mind for everybody, specifically with the AI revolution, fuelling concerns about how to handle, protect and secure data that feeds AI models driving AI applications.
LW: What kind of added complexity does AI bring to the problem of data sovereignty?
AA: It is critical in the years to come to have a very good understanding of the data that feeds into AI models. How can we manage that? How can we protect certain sensitive information? So there is a category of very valid concerns in the next few years that has nothing to do with data sovereignty, per se.
Everyone talks about open source, large language models fed by open datasets, but I think as enterprises adopt AI applications and build new AI applications and apply their models, those will be more proprietary to them. So, I can see a world where you have hundreds, thousands or tens of thousands of smaller models that are very tailored to the particular enterprises that are using them. So, the challenge is obviously, first and foremost, protecting the data that is proprietary to those enterprises and are feeding into it – something which I think Snowflake is well positioned in with what we do.
However, then it becomes even more important as we think about a world where enterprises are collaborating across regions. Enterprises might not just use internal data but also external data, or collaborate with each other. Understanding the origin of data to how it gets transformed as well as the final version of the data will all become an important topic – and that is a very hard problem to solve.