Russia cloud services landscape
Russia was later to the game in embracing cloud services than other countries, but that may have worked to the nation’s advantage, as it is sitting on a massive cloud boom. Although Russia’s current share of the global cloud storage market is around just 1%, both pre- and post-Covid projections show the sector has room to grow, with earlier projections sitting around 23% year-over-year growth and a $3.4 billion evaluation by the end of 2022, per iKS-Consulting’s research.
Somewhat surprisingly, Covid did not slow those projections down, with the Russian cloud service market growing by 24% in 2020 to a total value of about $1.3 billion. Despite the pandemic, the demand for cloud PBXs, virtual call centers, and other office software to help transition organizations to a remote/hybrid format proved to be the main driver of this increase.
While the Russian government’s reputation is not sterling in the political sphere, business leaders see a lot of good there. Data privacy in Russia is taken quite seriously, and considering compliance is a major issue for international companies when expanding, entering a country with a clear set of legal requirements actually makes the process of moving into the country and using Russian cloud services comparatively easy.
Russian cloud providers
The market for Russian cloud services is already expansive and will grow further with companies angling to get in. Currently, the global clouds in Russia–Amazon, Microsoft, and Google–dominate the industry among name recognition and usage. However, Russia has its own cloud service providers, with Yandex and Mail.ru as the two biggest Russian cloud service providers. Yandex.Cloud, in particular, has the largest market share of any domestic Russian cloud provider.
While the current group is international-heavy, Russian cloud providers are gaining influence by the day. That is due to the inherent advantages they have in their home market, as well as the fact that most started crafting their cloud offering much later than the international giants like Amazon and Microsoft did. This game of catch-up has been borne out in the statistics, with Russian cloud providers getting more users over time, particularly in 2020. On their current trajectory, for example, Yandex.Cloud will even have expansion opportunities outside of Russia in the very near future.
Demand for cloud services in Russia
Demand for cloud services is through the roof, as could be expected from an industry with yearly growth rates of over 20%. PWC’s extensive research report from October 2020 documented the exact type of demand and usage of cloud services in Russia. Per the survey, most respondents use hybrid or private clouds (30% and 29% respectively), a reflection of the maturity of the Russian cloud market, especially factoring in the country’s data protection laws.
Among the corporations surveyed, 66% have already adopted cloud solutions, and only 7% said they would not be using cloud technology in the near future. 27% either had developed a cloud technology strategy or implemented a cloud solution within the past year. This group is a major reason for confidence in the growth of cloud services in Russia, with roughly a quarter of businesses big and small just beginning to embrace the technology.
Russian data protection laws
As mentioned before, Russia has a clear enforcement of its data protection laws. The main laws regulating the sphere include:
- Constitution of the Russian Federation (Articles 23 and 24).
- Federal Law No. 149-FZ of July 27, 20,6 on Information, Informational Technologies, and the Protection of Information (Information Law).
- Federal Law No. 152-FZ of July 27, 2006 on Personal Data (Personal Data Law).
- Federal Law No. 242-FZ of July 21, 2014 (Data Localization Law).
While all have their appropriate usage, the primary legislation is the Personal Data Law FZ-152, which was passed back in 2006 and has been amended multiple times since. The Russian government has also been adamant that tech companies establish presences within the country, which was included in an official ruling in 2015 referred to as the Yarovaya data storage law. Failure to comply with this caused LinkedIn to be blocked in Russia, a sign of how seriously Russia takes the issue of data protection and residency.
Originally under this law, international companies didn’t necessarily have to physically store data on servers at data centers within Russia. Compliance could have been achieved by simply signing an agreement with a local company providing cloud storage services. And while there has not been a law to completely overturn this since, Russia has been aggressively targeting Big Tech to more firmly open offices and store data with Russia, making that the best practice at this time.
The Russia government could be taking this hardline stance for several reasons, but some international companies have been more than willing to comply. For example, foreign video services like YouTube and Netflix have been taking advantage of Russian cloud services for several years, having created content delivery networks (CDNs) within the country to save time and money on content delivery to Russian users.
InCountry’s solution for Russian cloud services
The bottom line for operating in Russia and using cloud services there is compliance. Russia cloud services thusly need a solution for data localization, which is how InCountry can help. InCountry’s unique data residency-as-a-service helps companies store and process data in over 90 countries worldwide, including Russia and other CIS countries. More importantly however, and where InCountry outdoes its competitors, is that we prioritize compliance above all else. Data storage and processing is worthless if you unwittingly break data protection laws and endanger your operation there.
With InCountry’s data residency-as-a-service on Yandex.Cloud, the largest Russian cloud provider, international companies can feel at ease knowing their regulated data is compliant and safely stored within the Russian Federation. InCountry has notable certifications to store data such as PCI DSS, SOC 2 Type II, and SOC 3, and is FZ-152 compliant. See all of our certifications here.
Data localization in Russia
FZ-152 acts as the Russian data localization law, requiring at least a copy of any information on Russian citizens to be stored locally within Russia’s data centers. While further amendments and followup legislation have made FZ-152 into a matter of data localization and the center of Russia data privacy, the main part of the legislation to know about is the fact that although a copy (or the original) of data must be held on Russian soil, you can trust the storage and processing of that restricted data to a third party located within Russia, such as Yandex.Cloud.
Because of the reality of these Russian data protection laws, Russian cloud services do hold a distinct advantage in helping companies store data within compliance. That is a major reason why observers believe market growth will largely come from domestic cloud providers and not further expansion from global clouds in Russia.
Issues facing the Russian cloud market
Data localization in Russia is something to watch in the coming years, as the country has recently been enforcing the Russian data localization law with increasing frequency against Big Tech. While this battle might be unique to the megalithic tech companies, how willingly and severely the Russia data privacy card is played could have an inverse effect on future investments.
Typical cloud-based fears are also a factor in Russia. The aforementioned PwC survey found that the top three challenges in the process of cloud migration were the adaption of cybersecurity controls, compliance with legal and regulatory requirements, and migrating IT systems to a cloud-based infrastructure.
As you can see, Russia cloud services face the same hesitation many industries and regions have had about embracing the cloud. Despite the vast advantages of cost optimization and scalability, basic cloud information remains elusive to the wider population. Roughly 40% of respondents who work for companies that use cloud technology either didn’t know how their company protected data in the cloud or said they used the cloud “as-is” without additional cybersecurity protocols/functionality.
Worse than that are some of the worries Russians have about using the cloud. When asked about the most significant risks associated with cloud technologies, 54% said cloud provider staff accessing critical data, a sign of deep mistrust in technology. This could be a major blockade for Russia cloud service, as even though many are using the cloud, if so many do not trust it, a large percentage of cloud users may be hesitant to fully devote their companies to using it. It is unclear whether the issue is with global or Russian cloud services, but providers need to show complete transparency, otherwise the combination of Russia data privacy and the public’s mentality could limit growth and penetration.
How did 2020 affect Russian cloud service providers?
Somewhat surprisingly, 2020 was a boon for Russia cloud hosting and Russia cloud service. Because the cloud had yet to take off in the country like it had in other places around the world, the demand for cloud services and Russian cloud storage spiked quickly when offices closed. Russia’s well-represented white-collar sector suddenly was online and remote for the first time ever, presenting quite the opportunity for Russia cloud service providers.
Accordingly, the market grew by 24% in 2020 alone. The year was so successful that the government took notice of the sector, which may lead to additional amendments in the Russian data localization law and Russian data protection.
How is Russian cloud storage capacity and the Russia data center landscape?
Russian cloud storage actually might pose a problem if the industry continues to expand at such a fast pace. Since FZ-152 requires storage within Russia, tons of information needs to be stored throughout the country, impacting data centers within the country. Data centers Russia are in high demand but lagging supply. What compounds the data center Russia problem is that most are in and around Moscow and St. Petersburg, creating an additional supply problem and leaving much of the population of the world’s largest country in a bind.
Russian cloud storage has never had a problem historically, but the 2020 explosion of cloud services being used within the country and international companies needing to find local storage has made it into a modern but serious problem. Simply building more data centers in Russia is not a short-term solution as it would take too long and cybersecurity measures need to be put in place. That likely means that Russia will soon see a bottleneck in data center usage, with a data center Russia unable to accommodate the industry’s growth.
What are the fines for non-compliance with Russian data privacy laws?
The Russian Federation has strict penalties in place for failing to comply with data protection requirements. The fine for the first violation will be between $33,000 and $100,000, with repeat violations costing $100,000 to $300,000.
Since 2019, Roskomnadzor (the federal Russian service for Supervision of Communications, Information Technology and Mass Media) carries out regular inspections, to make sure companies are following regulations.
Policies for investigations as follows:
- Personal data operators receive 3 days’ notice for scheduled inspections and 24 hours’ for unexpected inspections.
- A scheduled inspection can last no longer than 20 days and an unexpected inspection – no longer than 10 days.
- Legal entities and individual entrepreneurs should not be inspected during the first three years after legal registration. This gives new-founded companies time to set up compliance processes and prepare for investigations.
- Inspection frequency depends on the types of data being processed and processing procedures. For most companies, inspections will happen only once in 3 years.
- Companies who operate with special categories of data (e.g. biometrics) and operators transferring data to foreign countries can expect to be investigated every 2 years.
Russian cloud services may already be prepared for such rigorous oversight, but global clouds in Russia need to operate carefully, lest they find themselves in a fight with the government. As the landscape of Russia cloud service transforms, giants like Google and Amazon might find themselves on the outside looking in as domestic, Russian cloud service providers jump ahead and gain relevancy due to Russia’s data privacy and Russian cloud storage favoring local competitors.