Sovereignty and Security for Tribal Data

When it comes to adoption of technology, the Tribal community has often been slow to make new IT trends.  There are many reasons for this, such as such as restricted access to capital funds, limited staff, and a concern over user adoption.  As Gaming and Leisure magazine pointed out (, it is Tribal Gaming that often plowed the way to making use of new technology to positively impact the Tribe.  This trend has never been more evident than with tribal organizations adopting cloud technologies.

There are many reasons for Tribal organizations to make use of the cloud.  These include:

  • Operational Cost vs. Capital Cost – pay monthly subscription rather than capital outlay
  • Scalability – pay only for what you need and use
  • Speed of implementations
  • Availability of information – access key information from any device and location
  • Shared Resources – Cost Savings

Many Tribal organizations, Tribal Governments in particular, are leery to adopt the cloud however.  This most often comes down to two main concerns:

1)      Security of data and applications in the cloud

2)      Data sovereignty in the cloud


From the beginning of cloud computing and storage, there has been an assumption and stigma that keeping applications and data on premise is more secure.  This was hilariously showcased in a 2010 satire on YouTube:  (

As cloud computing and providers grow larger in scale and sophistication, this is just no longer the case.  Companies like Microsoft, Amazon Web Services, and others staff industry-leading regulatory compliance experts and keep up-to-date with the latest regulations and rules, such as HIPAA and Sarbanes-Oxley, Federal Information Security Management Act (FISMA), and more.


These cloud providers implement the most stringent of security controls and are routinely proving to be more secure than on premise networks.  “It’s becoming increasingly clear that your on-premise systems aren’t inherently more secure than they’d be in the cloud,” says Mark Anderson, founder of the INVNT/IP Global Consortium, a group of governments and security experts solving the growing cyber theft problem. “Many companies are routinely hacked and don’t know it,” says Anderson.

Data Sovereignty

Sovereignty is always an important topic for Tribes and Tribal Governments.  And boiled down, “the cloud” really is simply storing your data or using applications stored on someone else’s computer.   Therefore, the common fear and myth is that tribal data in the cloud is out of the tribe’s control and that cyber thieves and governments will have access to data stored in the cloud.

The truth is that data sovereignty is not just an issue for Tribes, it’s an issue for everyone.  Everyone using an iPhone, Gmail, OneDrive, etc. is already using the cloud. These cloud providers aren’t giving access to your data to anyone, including the Federal Government.  This was displayed very clearly when the FBI filed suit against Apple to try and get access to a recovered iPhone belonging to a terrorist.  Apple refused and the courts held it up (

Cloud provider agreements always need to be reviewed carefully, but time and time again, cloud providers are not backing down and the courts are upholding their right to keep your data only yours.

Understanding the desire for Tribes to keep their data on sovereign land however, the Forest County Potawatomi Community of Wisconsin, recently opened the first cloud data center on sovereign tribal lands.  You can read more about on their site here (


Industry-wide, Tribal Gaming organizations are starting to make greater and greater use of the cloud.  With the ability to grow and adapt quickly, it is only a matter of time and more and more Tribal Governments will follow suit.

By Matt Borkowski, Arctic IT.







1 thought on “Sovereignty and Security for Tribal Data”

  1. Great post. As cloud-based solutions become more and more accessible to companies, businesses need to adapt and consider concepts such as data sovereignty and data residency when choosing cloud-based services, or risk compromising data security. This is particularly true for choosing a Unified Communications solution, as this type of system handles potentially sensitive data.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.