0:03

The idea of digital sovereignty is really about

0:05

questions of control. Who is able to control that

0:07

data and on what terms? Data spaces

0:09

are a systemic approach to

0:11

increase trust and sovereignty in

0:14

sharing data. And no matter how much there is

0:16

a desire for increased control, in

0:18

reality, cooperation is absolutely essential. Hello

0:25

and welcome to Insight Story, Tech Trends

0:27

Unpacked for Business Leaders, the podcast that

0:29

gives you the insight you need to

0:31

make the right decisions about how to

0:33

use tech to benefit your organisation. I'm

0:37

Susie O'Neill and this is brought to

0:39

you by Kaspersky, the cybersecurity specialists. This

0:42

time we're asking, what

0:44

is digital sovereignty and why does it

0:46

matter to your business? In

0:53

our increasingly interconnected world, the concept of

0:55

digital sovereignty has become more and

0:57

more important. It's about a nation's

1:00

ability to govern and control its digital

1:02

assets, data and technologies. Yet

1:04

it's also a concept that has significant

1:06

implications for businesses as they navigate a

1:08

landscape where data is essentially the fuel

1:10

that drives everything they do. It

1:13

poses important questions. Who owns

1:16

and manages data? How do

1:18

national regulations affect data flowing across borders?

1:20

And what does that mean for data

1:22

security, compliance and market access? It's

1:25

about making strategic decisions on how you

1:27

handle and use data that could affect

1:29

future business value. So

1:31

how do management teams get the info they need

1:33

to make the right decisions? I'm

1:35

going to be joined by two people who can give us

1:37

some insights into all of this. Professor

1:40

Ben Farand is an academic whose work

1:42

focuses on the intersection of policy and

1:44

emerging technologies. And then Silas

1:46

Sepp is Director of Operations for MyDataGlobal,

1:49

an organisation helping to solve some of

1:51

the commercial world's digital sovereignty challenges with

1:53

the concept of data spaces. But

1:56

let's get a bit clearer on the issues we're

1:58

talking about. Dolly,

2:00

you're inside assistant. Dolly, just the

2:02

help I need. We're talking

2:04

about digital sovereignty and how it affects

2:06

businesses. Can you start with the definition?

2:09

Digital sovereignty is a country's jurisdiction

2:11

over its digital world and its

2:14

power to control its data, technology,

2:16

and online space. For

2:18

businesses, it means having the authority to

2:20

manage their data, decide where it's kept,

2:23

and who gets to use it. Why

2:25

is that so important? Data is

2:27

essential to businesses. A

2:29

recent McKinsey Global Institute survey says

2:32

data-driven organizations are 23 times more

2:34

likely to acquire customers and

2:36

19 times more likely to

2:39

be profitable. So I can see the importance

2:41

of control, but we live in a global economy.

2:43

How does that affect digital sovereignty? Different

2:45

countries have different rules about

2:47

data. Businesses must follow these

2:49

regulations, decide where to keep

2:51

data, deal with security, and

2:54

pick technology partners who respect

2:56

these rules. So for businesses,

2:58

is this particularly about data control?

3:01

Data control is significant. Businesses want

3:03

to decide who can see, use, and

3:06

store their data. With digital sovereignty, they

3:08

have more say in this. They

3:10

might need to keep data in specific

3:13

places or use certain tech to meet

3:15

a country's rules. Think of it

3:17

as having a lock on a box. Only certain

3:19

people should have the key. Okay,

3:21

thank you. Is this within your data regulations

3:23

to be sharing this info, your virtual key

3:26

with me here? Of course. We

3:29

operate by the same rules. I

3:31

have confirmed that. Nice

3:33

one. Thanks, Billy. So

3:35

let's find out more about exactly what

3:37

digital sovereignty means to companies operating in

3:39

this increasingly digital world. Professor

3:42

Ben Farand is a professor in

3:44

law and emerging technologies at Newcastle

3:46

University. His particular area of

3:48

research is lawmaking and political processes

3:50

concerning new and emerging technologies, including

3:53

in the field of intellectual property.

3:55

He joins me now. Hello, Ben.

3:57

Aye, thank you very much for having me. So then just building.

4:00

Moving on to some of the definitions we

4:02

heard there from Dolly, and again as a

4:04

way of helping people to understand, let me

4:06

pose a hypothetical. If a French company's data

4:08

is stored on services in America, which country's

4:10

regulations would that be subject to? Well,

4:13

that's an interesting question. Under the general

4:16

data protection regulation implemented

4:18

by the European Union, the general

4:20

principle is that if that data

4:23

is about European Union citizens and

4:25

there's any potentially identifying information there

4:27

that could be considered as either

4:29

personal data or sensitive personal data,

4:31

which is an item category of

4:33

protection, that data should be

4:35

governed by the EU's laws and policies

4:38

so long as that American company has

4:40

some sort of activity in the European

4:42

Union. Now there have

4:44

been measures and some of your

4:46

listeners may be familiar with things such as

4:48

the Shrem's decisions, where there have been discussions

4:51

about the extent to which the United States

4:53

is compliant with these principles and

4:55

whether there can actually be any sharing of data with the

4:57

United States on that basis. The

5:00

European Union has become increasingly concerned

5:02

with what happens with its data

5:04

outflows. This means that

5:06

if the data concerns European citizens,

5:09

then the European Union's position is

5:11

that that law is applicable to that data

5:13

regardless of where it's being sent to. Right.

5:16

Now, in sight story, we're aimed at businesses

5:18

trying to make those strategic decisions and they

5:20

don't always have the same priorities as those

5:22

nations. So what do you think are the

5:24

challenges for companies when it comes to operating

5:26

within these frameworks? The

5:29

challenge really more than anything else

5:31

is that digital sovereignty

5:33

is really a question of contemporary geopolitics.

5:36

So we're seeing that there are increasing tensions

5:38

between states, but there is

5:40

also a level of concern over the

5:42

power of big corporations as well. So

5:44

if you look at the origins of

5:47

the EU's digital sovereignty agenda, a

5:49

lot of this is based around the concerns

5:51

over the power of very big market players,

5:54

particularly in the United States, which they refer

5:56

to as GAFAM, which covers Google, Amazon, Facebook,

5:58

Microsoft. soft apple, but

6:02

also in terms of Chinese

6:04

companies as well. So companies

6:06

such as Baidu, Alibaba, Tencent,

6:08

etc. Now it may not always be

6:10

the case that the state actors and

6:12

the private actors are aligned, but

6:15

nevertheless the concern is that if data

6:17

is being transferred to other places for example,

6:19

regardless of the relationships that the European Union

6:22

or private sector actors may have in the

6:24

European Union, there may

6:26

nevertheless be the impact of

6:28

geopolitics and sort of national

6:30

regimes, regulations, or even just

6:32

policies that could have a

6:35

potential detrimental impact on those European Union

6:37

interests. So the idea of digital

6:39

sovereignty when applied to data is

6:41

really about questions of control. Who is able to

6:43

control that data and on what terms? So

6:46

corporations particularly operating within the European Union

6:48

need to be thinking very carefully about

6:51

who it is they're interacting with in other states, but

6:54

also having an eye to international politics as

6:56

much as just corporate reality. What is happening

6:58

in the world at this point in time

7:00

that could potentially shape the responses to particular

7:02

countries and the companies based within them at

7:05

some point in the immediate future? Companies

7:07

that are really thinking internationally. So

7:09

for example, if I am running a

7:12

tech firm in India, I want to

7:14

start doing more trade internationally. Within

7:16

the business, do you think it's important,

7:19

Ben, that there are people specifically dedicated

7:21

to looking at data security and involved

7:23

in the digital sovereignty discussion? Yes, very

7:26

definitely. Generally, they need to have somebody

7:28

that is aware of the general data protection

7:30

regulation, its requirements, and what it requires for

7:32

that company to be compliant. So

7:34

within the European Union and the UK,

7:36

because of the implementation of the GDPR

7:38

before the UK left the European Union,

7:41

we have data protection officers whose positions are

7:43

essentially one of data controller where they

7:45

have an idea of how exactly data should

7:48

be managed, what sort of security protocols that

7:50

should be over that data, the

7:52

purposes for which it should and should not be used. And

7:55

having somebody that is an equivalent of a data protection

7:57

officer within those companies that's able to provide that sort

7:59

of a oversight definitely makes

8:01

it easier for those companies to engage with the

8:03

European Union and the companies operating

8:05

inside it. And you said in

8:07

the past that the sovereignty agenda is much

8:10

about international trade, it is about the technology.

8:12

Can you talk a bit more about that

8:14

and what that could mean for business? The

8:17

issue with digital sovereignty, it goes

8:19

far beyond just the purely digital.

8:21

Digital sovereignty really covers the entire

8:23

supply chain from the critical raw

8:25

materials as a use for producing

8:27

semiconductors all the way through to

8:29

the provision of cyber security services

8:31

to end users. What

8:34

this means is that because there is increasing

8:36

geopolitical concern over things such as control

8:38

and access to these natural resources and

8:41

a good example of this is the

8:43

way that supply chains for semiconductors largely

8:45

seem to collapse at during certain points

8:47

during the lockdown where particular

8:50

German manufacturers found they were not able

8:52

to get the semiconductors required for the

8:54

automobile industry. As a result

8:56

there's been an increasing focus on the part

8:58

of the European Union but also increasingly China

9:00

and the US as well to

9:02

ensure control over these resources and to

9:04

ensure that in the event of more

9:06

supply chain shocks they are

9:08

able to still provide their companies and their

9:10

citizens with the technologies that are required. Interdependence

9:14

is just the nature of 21st century

9:16

life and no matter how much there

9:18

is a desire for increased control and

9:20

this idea of demonstrating the sovereignty of

9:22

different regional actors. In

9:24

reality the supply chains have become so

9:27

global, they've become so independent that cooperation

9:29

is absolutely essential. There is no way

9:31

that we can replace cooperation, trade

9:34

agreements, relationships with other states, other

9:36

companies within those states with

9:39

some system of what they call pure

9:41

strategic autonomy where you are completely self-sufficient.

9:44

In terms of how a lot of the supply chains

9:46

work this is just not feasible in the long term

9:48

which means there is always going to be an element

9:50

of trying to cooperate even if there is this idea

9:53

of digital sovereignty in the background. Yes, so

9:55

digital sovereignty isn't just about compliance is

9:57

it? It's about strategic planning and ethics.

10:00

So how can organizations make sure they're doing the right

10:02

thing and where can they get the info they need

10:04

to keep up with development? It's important

10:06

to bear in mind that digital sovereignty is essentially

10:08

still something that's happening very much at the level

10:11

of states. It's something that states are thinking about

10:13

rather than necessarily transferring in

10:15

all cases to specific concrete obligations

10:17

on individual companies. This will often

10:19

come downstream in the form of

10:21

particular regulatory requirements, for example. Also,

10:24

not only the sort of the stick of

10:26

regulation, but also carrots as well. So thinking about

10:28

the Chipps Act, for example, there

10:30

is a lot in this legislation

10:33

about investment, how companies can actually

10:35

cooperate and then seek funding

10:38

essentially for diversification of

10:40

supply chains, for

10:42

improving trade relations with third parties in

10:44

such a way that it actually helps

10:46

to build up general resilience at the

10:48

international level. Increased cooperation

10:50

there is really sort of central to

10:52

what's happening, but it is actually being

10:54

underscored by actions at the state level

10:56

to try and facilitate some of this

10:58

interstate trade. And let's

11:00

talk about something. Everyone seems to have an opinion

11:03

on social media. And nearly

11:05

every company in the world is using

11:07

one of those social media platforms to

11:09

communicate to their customers or prospects. How

11:12

do you actually affect what happens on platforms that

11:14

you don't have any control over? That's

11:17

a really, really good question. So

11:19

the European Union has recently passed something

11:21

called the Digital Services Act. The

11:24

Digital Services Act essentially is a set

11:26

of requirements placed on platforms

11:28

and search engines. The European Union

11:30

has made it relatively clear that

11:32

this legislation applies

11:34

to content on these platforms

11:37

that may be considered illegal. What

11:39

is required of the platforms is not that they're

11:41

able to deal with every single instance. But

11:43

what it is requiring is that

11:45

they have systems, again, of transparency, accountability,

11:48

and oversight, where they perform

11:50

risk assessments and are able to demonstrate how

11:52

exactly they are approaching these issues at a

11:54

broad level. Now, how this is relevant to

11:56

companies is that in terms of

11:59

brand reputation, it's not management.

12:02

There's a desire not to be legal

12:05

or in other words unconscionable. One

12:08

way that companies have been managing

12:10

this is to just pull advertising

12:12

completely and saying that until there is

12:14

some guarantees that they can trust that

12:16

there is content moderation they're not really

12:18

willing to compromise on this brand integrity

12:20

and will withdraw altogether.

12:24

In other instances we've seen that

12:26

fairly large corporations have moved off

12:28

certain social media platforms and other

12:30

to new platforms that

12:32

have started. So again

12:34

this means that the effect

12:37

of digital sovereignty are necessarily coming

12:40

from the regulatory side. It's actually

12:42

about the fact that they

12:44

do not necessarily agree with the content that's being

12:46

provided full stop. And so they're

12:48

actually making a decision that is much more

12:50

market-based rather than necessarily a regulatory compliance based.

12:53

And in the context of social

12:55

media regulation trust is absolutely essential.

12:58

If you lose the trust of your users they

13:00

will go elsewhere. If you lose the trust of

13:02

regulators they'll be much more interested

13:05

in providing slightly more top-down

13:07

oversight of what you are doing on that particular

13:09

platform. Yeah I see. And another hot

13:11

topic that we like to talk about a

13:13

lot in Insight Story is AI and the

13:16

explosion of these new AI systems has made

13:18

it even more important for organizations to be

13:20

really clear about safety and data ownership of

13:22

data coming in and out of different tools.

13:25

So what are the key things you think businesses should

13:27

be thinking about here? Businesses

13:29

will need to be keeping an eye on

13:31

what's happening internationally in terms of regulation

13:34

in this field. So the European Union

13:36

again is as part of a digital

13:38

sovereignty agenda trying to really be setting

13:40

the global standards on AI governance. And

13:43

one of the things they're talking about is

13:45

regulation of high-risk systems where they say that

13:47

there are certain things that AI should just

13:49

not be involved in doing and these sort

13:51

of products and services should not be made

13:54

available in the European Union full

13:56

stop with the idea of being that if they

13:58

have a sort of first-mover advantage from a regular

14:00

perspective, that can increasingly become the

14:02

international standard. So the recent

14:05

AI summit that was held in Bletchley

14:07

Park in the UK called the Frontier

14:09

AI Summit that was hosted by Prime

14:11

Minister Sunak, where there has

14:14

actually been an agreement over particular

14:16

uses of AI between 28 different

14:18

states, but including all the big

14:20

players in the digital sovereignty debate

14:22

such as the EU, US, China,

14:25

UK, that there are certain uses of

14:27

AI that require global systemic responses.

14:29

And so despite the digital sovereignty

14:31

agenda and the amount of competition

14:33

between different states as to who

14:35

sets the rules. So

14:37

we are seeing that again, despite the discussion of

14:39

digital sovereignty, there are some issues where the big

14:42

players are relatively on the same page when it

14:44

comes to the things where they think that the

14:47

risks of non-intervention can actually be greater

14:49

than losing some sort of

14:51

competitive advantage against other states. In

14:54

terms of individual companies, and particularly in

14:56

the field of data sovereignty, something

14:58

that's increasingly developing is an approach to something

15:00

called Stedterated Computing, with the idea being that

15:02

if you were involved in trying to train

15:06

AI on different datasets, you

15:09

can actually minimise the data privacy implications

15:12

by having that done remotely, and then

15:14

by communicating essentially the outcomes of that

15:16

data at the central level. So everything

15:18

stays relatively at arm's length. So

15:20

there are new technologies that are also

15:23

arising as a result of these regulatory

15:25

interventions that companies may

15:27

be interested in pursuing further. The generative

15:29

AI has all sorts of other potential

15:31

implications as well, increasing questions over intellectual

15:33

property and the potential for these systems

15:36

to be infringing copyright, for

15:38

example, through to, again,

15:40

potentially data protection and security issues

15:42

that arise from having massively open

15:45

datasets being trained on material online,

15:48

which may or may not be factually correct. Yeah,

15:50

absolutely. Great discussion. And

15:52

we like to conclude every episode of Insight's

15:54

story with a final nugget of insight if

15:56

they're taking the very first step on the

15:59

journey in any... project. So

16:01

for a business owner or leader

16:03

taking their first steps into digital

16:05

sovereignty, what would your advice be to

16:07

them? What's the first thing they should be thinking about? I

16:10

think the first thing they should really be thinking about

16:12

is in the context of the

16:14

business they operate, what sort of data are they

16:16

likely to be using? What sort of data are they

16:18

likely to be collecting and where is that data likely to

16:20

be going? Once they've got a fairly

16:22

good idea of what that is, even if it's just at

16:24

the level of writing on a piece of paper where

16:26

they think the flows could be coming and going, think

16:29

about the potential implications of that. Think

16:32

about what security provisions you may need to put

16:34

in to ensure that data is protected within your

16:36

company as well as outside, as

16:38

well as again, if you're

16:40

dealing with a large entity such as

16:42

the European Union, what sort of regulatory

16:44

compliance issues could arise? So think very

16:46

much first about why do I

16:48

need this data in the first place? And

16:51

this question will then help you to define every other

16:53

step of that particular process. We

16:59

know that using data successfully is an

17:01

exceptionally powerful tool for businesses. It

17:04

drives strategy, service, innovation, growth, pretty

17:06

much all aspects of doing business.

17:09

But using data securely, fairly and in

17:11

a way that customers can trust is

17:13

not always easy. Data

17:15

spaces are becoming an increasingly important way

17:17

of addressing the issues involved in using

17:20

customer data safely and ethically. Dolly,

17:22

are you still there? I am

17:24

Dolly, your insight assistant. Great. What is

17:27

a data space? A data

17:29

space is a data relationship

17:31

between trusted partners who use

17:33

the same standards and guidelines

17:35

for data storage and sharing

17:37

within one or many vertical

17:39

ecosystems. That means sectors like

17:41

agriculture, tourism, energy or finance.

17:44

Data is not stored centrally but is

17:47

also a part of the data space. These

17:49

might be data providers, users and

17:52

intermediaries. Data spaces

17:54

can be nested and overlapping. For

17:56

instance, a data provider can participate

17:58

in several data. data spaces at

18:00

once. And who's doing this? This

18:03

is happening all over the world, but

18:05

Europe is very active in promoting data

18:08

spaces. The International Data

18:10

Spaces Association was founded in Germany

18:12

in 2017 and regularly releases and

18:16

maintains a reference architecture model. That's

18:18

a software template for anyone wanting

18:20

to create a data space. Great,

18:23

thank you. That was quite a download. You can

18:25

head back to your own private data space to

18:27

rest. Sounds like this

18:29

could be a way of helping businesses navigate

18:31

the maze of digital rules and make sure

18:33

their data is safe and authenticated. So

18:36

to tell us more about data spaces, I'm

18:39

joined by Cilla Sepp, Director of Operations

18:41

for My Data Global, a nonprofit dedicated

18:43

to what they call a human-centric approach

18:45

to the use of personal data. Hello,

18:48

Cilla. Hello, thank you for having me.

18:51

So we heard from Ben all about

18:53

the importance of data sovereignty in the

18:55

use of data for businesses. Can you

18:57

tell us a bit more about what

18:59

your organization is doing in this area?

19:01

So I start always by reminding that

19:03

data spaces are a systemic approach to

19:05

increase trust and sovereignty in

19:08

sharing data and using data

19:10

across different organizations and even

19:12

across sectors. So it's not

19:14

simply a yet another technological

19:16

approach to provide infrastructure for

19:18

data sharing, but really a

19:20

combination of business, legal,

19:22

operational, functional, and technical layers

19:25

to really enable that trustworthy

19:27

data sharing. There

19:29

are a number of different data space

19:31

initiatives already existing. We know

19:34

many of those initiatives from the market,

19:36

like the Smart Connected Supplier Network

19:38

or Katena X in the mobility

19:41

sector, et cetera. And this

19:43

is also a historical context that

19:45

data spaces have spun out

19:47

of industrial developments. The European

19:49

data strategy and following funding

19:51

programs are now financing also

19:54

several database projects in various

19:56

sectors. And we at MyData

19:58

are particularly interested in involved

20:00

in the horizontal project called

20:02

Dataspace Support Center, as

20:05

well as in the preparatory action for the data

20:07

space for skills. In that

20:09

context, EU is also financing

20:12

several sectoral data spaces that

20:14

are preparing specifically for common

20:16

European data spaces that look

20:18

out for interoperability among different

20:20

initiatives in that space. Different

20:23

businesses and companies can, of

20:26

course, join existing projects and

20:28

initiatives to be one of

20:31

the participants there, either as a data

20:33

provider or a data user, maybe even

20:35

as a data space enabling service, or

20:38

then also start to explore opportunities

20:40

to create one data space with

20:42

its own collaborators, really depending on

20:44

the context, the business case that

20:47

they're involved in, et cetera. Brilliant.

20:50

So there's lots of different opportunities to get involved.

20:52

How could businesses find out where to go and

20:55

what would be the best starting point

20:57

to explore a participation in data space?

20:59

I mentioned the Project Dataspace Support Center.

21:02

As a partner in the project,

21:04

I actually also welcome and recommend

21:07

exploring the website and the repositories

21:09

of different initiatives available on the

21:11

website, as well as then partners

21:13

who are contributing to that support

21:15

center. There are really

21:17

great associations like the International

21:20

Data Spaces Support Center, the GAIAX Association,

21:22

Biware, et cetera, who has done a

21:24

lot of mapping and already work

21:26

in the data spaces domain for a

21:29

long time. And then, of

21:31

course, if there is interest, particularly in

21:33

the context of how to ensure also

21:36

the human-centric principles in the data spaces

21:38

to also explore the MyData members work,

21:40

as well as the organization. Great. So

21:43

lots of opportunities to get involved. Now,

21:45

is it just a European Union thing,

21:47

data spaces, or could businesses from other

21:49

parts of the world get involved in

21:52

some of these projects? So while the

21:54

European Data Strategy sets the course for

21:56

emerging data spaces, particularly in the European

21:59

context, I think It is

22:01

definitely not limited to Europe only.

22:03

We're already seeing significant developments also

22:05

in other regions such as Japan

22:07

or the US to deploy

22:09

the data spaces approach. And

22:12

this is important because, as mentioned,

22:14

data doesn't recognize national or regional

22:16

borders, especially in today's digital economy.

22:19

And it is important that data

22:21

space initiatives will be able to

22:24

mature enough to provide the infrastructure

22:26

and necessary governance for international data

22:28

sharing at scale. I'm thinking

22:30

about the future now. How do you think CELO

22:32

data spaces might evolve? And what role do you

22:34

think they will play? And what will that mean

22:36

for our business listeners? Well, data

22:39

spaces are in a developing

22:41

stage. But what is important is also

22:43

that those data space developments remain to

22:45

be open and collaborative with

22:47

other initiatives in order to

22:50

then really start to actually work towards

22:52

a duration of data spaces or

22:55

an ecosystem of data spaces. In

22:58

that context, the point of interoperability is

23:00

really key. What we are also looking

23:03

at is the convergence of different architectures

23:05

and decisions regarding those points. Lastly,

23:08

I want to also mention that the key

23:10

there is really how do we empower the

23:12

different users in the end to

23:15

actually make use of the data spaces,

23:17

both in terms of the different businesses

23:19

and companies, but also citizens

23:21

involved. So currently, when we

23:23

are developing the design principles and

23:26

the architectures for data spaces, we

23:28

really need to take into account

23:30

also how the principles

23:32

of human-centric approach, for example, is embedded

23:34

into the setup. So when you say

23:36

human-centric approach, does that mean that I

23:39

would be empowered about how my data

23:41

is used by a business and I

23:43

would have some say over it? Definitely.

23:46

And there are different levels how to introduce

23:48

that in the design choices. I

23:51

mentioned that one of the participants, let's

23:53

say roles that are carried by

23:55

different actors in data spaces is the enabling

23:57

service. One of those enabling services is the

23:59

enabling service. could be an

24:01

intermediary that actually serves the interest

24:03

of individuals and citizens and actually

24:06

helps to have an overview how data

24:08

is being used as well as manage

24:11

the permissions and actually getting the

24:13

value back to individuals. So in

24:15

different parts of the setup of

24:18

the data spaces the human-centric principles

24:20

could be embedded. Big

24:24

thank you to Professor Ben Farand and

24:26

Silas Zep for sharing their insights on

24:28

digital sovereignty and data spaces. If

24:32

you're enjoying these kinds of insights we

24:35

have so many great articles in Secure

24:37

Futures, Kaspersky's digital magazine

24:39

about innovative tech for innovative

24:41

leaders. We've got an

24:43

interview with a world-leading expert on

24:45

trust management, articles on the benefits

24:47

of digital trust and topics from

24:49

this season's insight story including making

24:51

the most of generative AI and

24:53

the industrial internet things. You

24:55

can find the link to Secure Futures in the insight story

24:58

show notes. Digital

25:02

sovereignty is very closely aligned to

25:04

Kaspersky's own area of focus, cyber

25:06

security. So to give

25:09

us some insight into what that means

25:11

I'm joined by Dr. Armin Hasbini, Head

25:13

of Research Center Middle East Turkey and

25:15

Africa for Kaspersky's global research and analysis

25:17

team, known as Great. They spend all

25:19

their time working to keep threats on

25:21

the outside of our networks. So

25:24

Armin, what are the key points that businesses should be

25:26

thinking about in this area? Going

25:28

back to basics, digital sovereignty encompasses

25:30

the idea that a country or

25:32

an organization should have the ability

25:34

to govern its own digital space

25:37

like a country governs

25:39

its borders. This means that corporations

25:41

especially multinationals operating in the digital

25:44

space need to provide the tools

25:46

that allow the compliance with

25:49

laws and regulations in every single

25:51

country where they operate. An example

25:53

of such is the transparency centers

25:55

for example that we have at

25:57

Kaspersky deployed in many countries around the

25:59

world. And these allow legal

26:01

entities to come, ask,

26:03

verify, check code, procedures,

26:05

in order to make sure that

26:07

operations are running in compliance with

26:09

the country's laws. And

26:11

in case they have any needs or requests, they

26:14

can submit them, of course, and they will be

26:16

dealt with. And for those who

26:18

are actually developing new softwares and different

26:20

types of technologies, are there

26:22

other ways that they can think about

26:24

building in that user trust that perhaps

26:26

regulation isn't there yet? Almost

26:28

all countries in the world

26:30

nowadays have at least a certain

26:32

level of compliance requirements from technology

26:34

vendors. And cooperation is

26:38

the way to go, asking questions,

26:40

like trying to engage with

26:42

the legal entities that

26:44

are responsible for such. On

26:46

our side, as an example, we start

26:48

with sharing some information or intelligence about

26:51

recent threats or attacks that are happening

26:53

in the region, for example, around the

26:55

country or in the country itself. And

26:58

this brings in discussions

27:00

into a better place. We

27:02

start cooperating on our side and then

27:04

others do the same. Is it

27:06

right that people can get for free and

27:09

also on subscription some of these threat reports,

27:11

which helps to enrich their own data? Well,

27:13

we do publish a lot of our

27:16

threat intelligence findings and investigations, and

27:18

that allows better visibility for everyone

27:21

around the threats that are targeting

27:23

users and organizations. But

27:25

also it allows the cybersecurity community to build

27:27

on these findings and try to find the

27:30

other angles for these attacks. Are

27:32

there any specific digital sovereignty projects the

27:34

research community is involved in that you've

27:36

heard about? There are multiple

27:38

initiatives that are trying to

27:41

establish some kind of international

27:43

conventions or agreements around the

27:45

cooperation between vendors and

27:48

countries and even between vendors themselves.

27:51

It's a tough challenge to have

27:53

everyone agree on something globally speaking,

27:55

and we hope to see that in

27:57

the future. It would allow us to be able to do that.

28:00

allow much better safety and much

28:02

better cooperation around dealing

28:04

with cyber attacks and cyber attackers. Sadly,

28:06

we see a lot of

28:08

attacks still happening from the same attackers. We

28:11

know where they are. We

28:13

know who they are sometimes.

28:15

And that information is shared

28:18

with law enforcement agencies. However,

28:21

these people are not reachable. So

28:24

if there were more global standards which

28:26

digital sovereignty is helping to build, would

28:29

it actually be easier to fight cyber

28:31

crime, do you think? Absolutely. It's

28:33

like nuclear global agreements where

28:35

countries agree on how to

28:37

use nuclear energy and nuclear

28:40

technology. Well, we need something

28:42

like that for the cybersecurity. Because as of

28:44

today, everyone has access to the internet. Everyone

28:46

has access to tools that could cause damage

28:49

on the internet. They can download them and

28:51

try them and test them. We call them

28:53

script kiddies. Without the right collaboration and cooperation

28:55

around the world, there is almost no way

28:58

to take down starting

29:00

from underground operations or

29:02

underground groups that cooperate together

29:04

to achieve hacking operations on

29:06

especially bigger targets. But

29:08

also on companies that operate in what

29:11

we call the gray area. The

29:13

gray area is a gray legal

29:15

area where legal matters are not

29:17

very clear. Is hacking in

29:20

some cases allowed? Or is

29:22

the use of certain technology or the

29:25

collection of certain data from this client

29:27

or this user allowed? And

29:29

this is what we call the hack

29:31

for hire groups that are

29:33

currently becoming very trendy. Thank

29:38

you very much to Amin. An

29:41

important way to secure data and increase

29:43

customer trust happens at the design stage.

29:46

Consider security at the core of your technology

29:48

to make it harder and less profitable

29:50

for criminals to attack. This

29:53

is security by design, also known

29:55

as cyber immunity. Kaspersky

29:57

has cyber immune solutions for protecting

29:59

connected. cars, industrial manufacturing, smart cities

30:01

and more. There's a handy video

30:04

explaining more about this new way

30:06

of thinking about security. We'll

30:08

drop the link in the show notes so you can watch it. That's

30:15

it for this edition of Insight Story,

30:17

Tech Trends Unpacked, brought to you by

30:19

Kaspersky. Search for us wherever you

30:21

get your podcasts and click follow so you

30:23

don't miss an episode. And you really don't

30:25

want to. In this series we're

30:28

diving into the ethics of AI, working out

30:30

how to get real returns on your technology

30:32

investments and gazing into the future of the

30:34

ones on computing. If you

30:37

like what you're hearing, please leave us a rating

30:39

and give us an excellent review. It

30:41

really helps people find us and get the benefits

30:44

of all this great insight. If

30:46

you want to get ahead, you really can't afford to

30:48

miss it. Till next time,

30:50

goodbye. Goodbye. Ask the dolly. You

30:53

said you're concerned to operate by the same data

30:55

rules. Of course. How did

30:57

you do that? Are we in the same

30:59

vertical ecosystem? No things that I...

31:11

Hi Insight Story listeners. Gillian Boddington

31:13

here. Are you ready for an immersive

31:23

journey through the past, present and

31:25

future of the technologies that shape

31:27

our world? Look no further

31:30

than the second season of the

31:32

award-winning podcast from Tomorrow Unlocked by

31:34

Kaspersky, where we bring together global

31:37

experts to delve into the latest

31:39

advancements and trends. Across

31:42

season two, we cover a range

31:44

of fascinating topics including women in

31:46

gaming, the ever-growing prevalence of data

31:49

in and out of the home

31:51

in telegram to telepresence, the

31:54

metaverse, the concepts of

31:56

extended self and digital health in

31:58

extended self and our future digital

32:01

twins and the world of cyborg

32:03

and embedded technologies in cyborg shifts.

32:06

We also celebrate the contributions of

32:08

women in STEM and discuss

32:11

the need for greater representation in

32:13

the field. Whether you're

32:15

interested in digital wellbeing or

32:17

the latest innovations, Fast

32:19

Forward has got you covered. So

32:21

why wait? Search Tomorrow

32:23

Unlocked Fast Forward on your

32:26

smart speaker or your favourite

32:28

podcast platform and join us

32:30

on this incredible journey.