VARs and SIs MUST Offer Expertise in Data Privacy, Data Localization and Data Sovereignty

With Cisco now joining Apple, Microsoft and other tech giants in calling for a US version of the EU’s General Data Protection (GDPR), online privacy and the management/handling of customer data continues to be a massive issue  when doing business in the cloud worldwide.

Combined, the data management issues surrounding online privacy, data localization, and data sovereignty regulations threaten nearly every company’s online business model. At the same time, VARs and SIs are facing a bleak future if they do not figure out their cloud plays, and it looks like data management in the face of rampant regulations should be a top cloud play for VARs and SIs.

This post explains why VARs and SIs should seize upon compliance-focused data management in the cloud and the ways they can focus their offers.

The Tech Giants Will Not Solve Resolve Data Regulation Issues for Your Customers

Even if Cisco and the other tech giants succeed in gaining a federalize data protection policy in the U.S., that will only alleviate a small portion of the data compliance and data management burden now being forced onto companies that operate across borders. In fact, 80 Percent of Companies were still not GDPR-Compliant following the May 25, 2018 deadline, and that is a set of regulations that is very reasonable and simple to understand.[i]

“If the overwhelming majority of companies have failed to properly address GDPR, which is clearly defined, imagine how many will drag their feet on the more nebulous laws and regulations being mandated by other nations,” said Jeff Kim, CEO of Kmesh. When one considers China’s Cybersecurity Law (CSL), Brazil’s General Data Privacy Law (LGPD) and India’s draft Data Protection Bill, there are a slew of data management requirements companies must address now to gain compliance in critical business regions.

The Market Opportunity for VARs and SIs

Why are companies so slow to comply with data privacy and data sovereignty/localization regulations? The answer is fear of the unknown. Most organizations do not know where to begin in responding to these regulations, and very few VARs and SIs have offered to help.

Yet, helping clients work through data compliance strategies is exactly what VARs and SIs need to survive. The traditional VAR/SI business models will no longer work. According to Mark Hurd, CEO of Oracle, the transition to the cloud could kill the system integration industry, which has been designed around customization. “They need a new business model,” Mr. Hurd stated, “the current model is unsustainable.”[ii] At the same time, Rick Jewell, a Senior Vice President at Oracle, says that VARs and SIs need to evolve into trusted advisors, saying, “They need to move to a business value consulting role.”

These sentiments are shared by Informatica which appealed to VARs and SIs in 2017 to start turning regulation into revenue. In its appeal, Informatica highlighted how its partners should develop data governance practices that companies can leverage to manage legal issues related to data.

Elements of a Cloud Data Compliance Offering

VARs and SIs could dramatically improve revenue simply by tapping into their current knowledge base to develop a cloud data compliance advisory service. We suggest the advisory offering has the following elements:

  1. Data Compliance Strategy Development. Based on the legal advice a client has received for the data it handles in the cloud, you as a VAR/SI should help the client define which data can be stored in the cloud, which host countries it will use, and how to ensure data movement and storage will comply with regulations in both the local and host nations.
  2. Data Security Mapping. This service should help a client work through their preferred security methods, such as encryption and tokenization. Then, using your VAR/SI knowledge of cloud service providers (CSPs), you should help the client identify the best CSPs for the job.
  3. Data Governance Framework Creation. In this case, you the VAR/SI can act as the critical intermediary to making everything work for your client organization in the cloud. Working between the CSP and your client, you will document the data that can and cannot leave a country as well as agreed upon ways to report on data movements and breaches (in the event a breach occurs).
  4. This service should also include, at a minimum, mapping of disaster recovery procedures, disaster recovery & backup technologies and locations, and encryption technologies used in conjunction with the data governance, including ongoing updates as new technologies are adopted.
  5. CSP Evaluation and Selection. As a VAR/SI, you know the CSP market better than most clients ever will. They will rely on you to advise around which CSPs deliver the optimal data compliance as well as which CSPs offer the best value in terms of trading off costs for capabilities. (Some clients will not budget for the best). This service becomes increasingly important the more you help clients that operate or collect data in markets with regulations that are open to interpretation, such as the evolving ones in India and China.


Want to know more about data governance in the cloud for your VAR/SI company? Contact Kmesh today at




WordPress Image Lightbox Plugin