Sign up to save your podcasts
Or
Share Rick Goud: Navigating Europe’s Data Sovereignty Challenges
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Rick Goud: Navigating Europe’s Data Sovereignty Challenges
Dr. Rick Goud brings a unique perspective to the data sovereignty conversation, combining medical informatics expertise with entrepreneurial technology innovation. As co-founder and Chief Innovation Officer of Zivver, a secure digital communications platform acquired by Kiteworks in 2024, Goud's journey began with an unexpected twist – missing out on medical school in the Netherlands' lottery system led him to medical informatics, where he discovered his passion for solving healthcare's data security challenges. His background as a strategy consultant in healthcare, where he witnessed firsthand the alarming frequency of sensitive patient data being shared through insecure channels, sparked his mission to create solutions that balance robust security with user-friendly functionality.
The podcast reveals a fundamental tension in European data sovereignty: While Europe boasts the world's strongest data protection laws like GDPR and the upcoming EU Data Act, organizations remain heavily dependent on foreign cloud infrastructure. Goud explains that the challenge extends beyond mere infrastructure – it's the absence of true European alternatives for essential software services that creates vulnerability. He highlights recent incidents, including a French Microsoft executive's court admission that Microsoft cannot prevent U.S. government access to data without customer notification, and the shocking case of a Dutch criminal court judge whose email was blocked by Microsoft at the behest of American authorities. These examples underscore how data sovereignty encompasses not just data protection, but also continuity of service and freedom from foreign interference.
When addressing the economic realities of data sovereignty, Goud advocates for a pragmatic, risk-based approach rather than wholesale abandonment of U.S. cloud services. He emphasizes that organizations should start by identifying their specific risks – whether it's human error (the leading cause of data breaches), email interception, weak passwords, or phishing attacks. The solution often lies in implementing encryption layers where organizations maintain control of their own keys, effectively rendering data unreadable even if accessed by unauthorized parties. This approach allows organizations to continue using familiar tools like Microsoft 365 and Gmail while adding crucial security layers for sensitive information, avoiding the massive costs and behavioral changes required by complete infrastructure migration.
The conversation concludes with practical advice for organizations beginning their data sovereignty journey. Goud recommends starting with "low-hanging fruit" – simple security measures that can be implemented quickly, such as activating DANE (DNS-based Authentication of Named Entities) for email encryption, which despite being available for a decade, sees adoption rates of only 15% to 20%. He stresses the importance of email and file security as the primary risk points where data leaves organizational boundaries. Rather than embarking on multi-year infrastructure overhauls, organizations should focus on immediate, achievable improvements while building partnerships with trusted vendors and peer organizations facing similar challenges. This collaborative approach ensures organizations aren't navigating the complex data sovereignty landscape alone.
LinkedIn: https://www.linkedin.com/in/rickgoud/
Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.
View all episodes
By Tim Freestone and Patrick SpencerDr. Rick Goud brings a unique perspective to the data sovereignty conversation, combining medical informatics expertise with entrepreneurial technology innovation. As co-founder and Chief Innovation Officer of Zivver, a secure digital communications platform acquired by Kiteworks in 2024, Goud's journey began with an unexpected twist – missing out on medical school in the Netherlands' lottery system led him to medical informatics, where he discovered his passion for solving healthcare's data security challenges. His background as a strategy consultant in healthcare, where he witnessed firsthand the alarming frequency of sensitive patient data being shared through insecure channels, sparked his mission to create solutions that balance robust security with user-friendly functionality.
The podcast reveals a fundamental tension in European data sovereignty: While Europe boasts the world's strongest data protection laws like GDPR and the upcoming EU Data Act, organizations remain heavily dependent on foreign cloud infrastructure. Goud explains that the challenge extends beyond mere infrastructure – it's the absence of true European alternatives for essential software services that creates vulnerability. He highlights recent incidents, including a French Microsoft executive's court admission that Microsoft cannot prevent U.S. government access to data without customer notification, and the shocking case of a Dutch criminal court judge whose email was blocked by Microsoft at the behest of American authorities. These examples underscore how data sovereignty encompasses not just data protection, but also continuity of service and freedom from foreign interference.
When addressing the economic realities of data sovereignty, Goud advocates for a pragmatic, risk-based approach rather than wholesale abandonment of U.S. cloud services. He emphasizes that organizations should start by identifying their specific risks – whether it's human error (the leading cause of data breaches), email interception, weak passwords, or phishing attacks. The solution often lies in implementing encryption layers where organizations maintain control of their own keys, effectively rendering data unreadable even if accessed by unauthorized parties. This approach allows organizations to continue using familiar tools like Microsoft 365 and Gmail while adding crucial security layers for sensitive information, avoiding the massive costs and behavioral changes required by complete infrastructure migration.
The conversation concludes with practical advice for organizations beginning their data sovereignty journey. Goud recommends starting with "low-hanging fruit" – simple security measures that can be implemented quickly, such as activating DANE (DNS-based Authentication of Named Entities) for email encryption, which despite being available for a decade, sees adoption rates of only 15% to 20%. He stresses the importance of email and file security as the primary risk points where data leaves organizational boundaries. Rather than embarking on multi-year infrastructure overhauls, organizations should focus on immediate, achievable improvements while building partnerships with trusted vendors and peer organizations facing similar challenges. This collaborative approach ensures organizations aren't navigating the complex data sovereignty landscape alone.
LinkedIn: https://www.linkedin.com/in/rickgoud/
Check out video versions of Kitecast episodes at https://www.kiteworks.com/kitecast or on YouTube at https://www.youtube.com/c/KiteworksCGCP.