Navigating Data Sovereignty in Edge to Cloud Systems with Domain Driven Design

“My opinions are my own and do not represent the views of my employer”

Network disaggregation has paved the way for new network architectures, enabling the development of horizontal and vertical ecosystems with a richer mix of vendors. The future will offer ubiquitous connectivity, one where available compute resources are treated as a fabric that can be utilised as needed.

In this dynamic landscape, enterprise workloads can move fluidly (technically) between the edge and the cloud, much like a pendulum. However, resistance to this fluidity comes in the form of data sovereignty requirements. Data sovereignty and privacy are multi-faceted, influencing both how a system operates (functional) and the qualities it must possess (non-functional). The specific requirements will depend on the legal, regulatory, and business context in which the system is being developed and operated.

In this post I’ll provide some perspective on how Domain-Driven Design (DDD) principles can address these challenges by creating clear, enforceable boundaries in infrastructure design, ensuring compliance with data sovereignty requirements while supporting multi-stakeholder ecosystems.

Understanding Data Sovereignty

Data sovereignty is a concept that data is subjected to the laws and governance structures of the country/nation where it is collected or resides. Data sovereignty encompasses two primary aspects:

1. Data Residency: This refers to the geographical location where data is stored and processed.
2. Data Localization: This mandates that certain types of data must be processed and stored within specific geographical boundaries.

This source further explains the term sovereignty. These requirements can impose constraints on architectures, limiting the flexibility and scalability of solutions.

Regulatory Complexities

Laws like GDPR in the EU and the Personal Data Protection Act (PDPA) impose strict rules on how data is processed, stored, and shared. For multinational organizations, compliance becomes particularly challenging when:

• Cross-border transfers are restricted, complicating global operations.
• Localization mandates require data to remain within national boundaries.

Impact on the Global Enterprises (OEM/ISV) and Ecosystems

Consider a multinational retailer collecting customer data across multiple countries. To remain compliant, the retailer must ensure that customer data originating in the EU adheres to GDPR while managing different regulations for data collected in APAC regions. These requirements add layers of complexity to IT/OT system architectures, especially those relying on global providers for storage and compute (viz., public cloud services) services.

AI/ML development tools are another common source of ambiguity. Often, the development tools for internal and external AI/ML use-cases are combined leading to additional complexities (fragmentation i.e., scaling challenges).

The infrastructure design choices are an architectural constraint and impacts the ecosystem development.

Applying Domain-Driven Design to Infrastructure Design

Domain-Driven Design (DDD) is a software development approach that focuses on modelling a software system around a specific domain. By applying DDD principles to infrastructure design, we can create systems that are more resilient to data sovereignty challenges.

Key DDD Principles for Data Sovereignty:

1. Bounded Contexts: By dividing the system into bounded contexts, we can isolate data and processes according to specific regulatory and compliance requirements. This helps to ensure that data is stored and processed in the correct geographical location.
2. Ubiquitous Language: A shared language between technical, legal, business stakeholders is crucial for ensuring that everyone understands the data sovereignty requirements. This language can be used to define data flows, access controls, and other security measures.

Identify the core domains of a system and define their boundaries. ?Use DDD to align technical and legal and operational boundaries. For example, data flow rules can be encapsulated in policies tied to specific domains. This is very much applicable for systems that involves multiple-domains.

Domain Driven Design Principles for Infrastructure Design & Management:

• Geo-Distributed Architectures:

In a fragmented ecosystem, infrastructure design choices by the various stakeholders (Telcos, OEM/ISV) have a significant impact on the ecosystem development. Vendor solutions simplifies deployment by integrated design and potentially blurring the domain boundaries (i.e., multi-stakeholder/cross-domain boundaries). This introduces additional system management complexity.

By using bounded contexts, we can create geo-distributed architectures that comply with data localization requirements. For example, we can deploy specific services in different regions to ensure that data is processed and stored within the appropriate jurisdiction.

• Data Encryption: DDD can be used to implement robust data protection mechanisms, such as encryption. By encrypting sensitive data, we can reduce the risk of data breaches and ensure compliance with data privacy regulations. As I have mentioned in the earlier post, Telco-Native solutions provide built-in security services. However, for customers who prefer to have more control implement their own security solutions. Balancing control vs cost is an architectural constraint.
• Dynamic Data Routing: DDD can help create dynamic data routing mechanisms that can automatically route data to the appropriate geographical location based on real-time factors such as user location, data sensitivity, and regulatory requirements ensuring the multi-stakeholder domain boundaries are intact. There are specialised platforms that offers solution to handle the sovereignty requirements viz., Data-Residency-As-A-Service.

Ensuring compliance while maintaining operational efficiency often necessitates a patchwork of region-specific infrastructure which impacts all the stakeholders (CSP/MNO/OEM/ISV) and the Enterprise Customer leading to higher costs and management overhead.

Domain-Driven Design offers a structured approach to develop software for complex domain spanning multiple stakeholders and help navigate sovereignty requirements without compromising operational agility.