Interest in sovereign cloud has grown over the past few years, as regulations on data storage have become more stringent, especially for industries such as finance and healthcare.
At the same time, countries have looked at improving security and privacy for their own citizens against foreign attackers and intrusive data jurisdiction attempts by governments.
Sovereign cloud is an assurance by a cloud provider that data stored by a customer is protected from foreign access and stored in compliance with national privacy and security mandates.
All three of the main cloud providers have introduced cloud sovereignty packages in the past 12 months, with some launching entirely new tools and others expanding on what was already available to meet new demands.
Amazon Web Services
AWS has pledged to be “sovereign-by-design,” which it claims it has been since day one. Part of this pledge includes encryption and key management capabilities, compliance accreditations, and contractual commitments to customers.
AWS has added more services to meet customer sovereignty requirements, including data residency guardrails in the AWS Control Tower, which provide customers with more controls as to the storage and processing of data. It has also received confirmation that AWS services comply to the Cloud Infrastructure Service Providers in Europe (CISPE) data protection code of conduct, which includes compliance with GDPR.
By passing more of the control to the customer, AWS is able to provide sovereignty to those who want or need it, without being a burden to those who do not.
Microsoft announced a new solution, Microsoft Cloud for Sovereignty, in July 2022. This service, which was marketed to public sector organizations, aims to provide customers with the power of Azure while meeting the national requirements for data governance, security, privacy, residency, and other sovereign protections. This includes legal regulations such as GDPR.
Microsoft has 60 cloud regions and customers are able to control and contain their data and applications to a specified geographic boundary. Microsoft has zoned in on Europe, which is set to lead the world when it comes to cloud regulations and demands, with a data residency commitment that ensures Azure data is stored and processed in the EU.
In October 2022, Google Cloud announced market sovereign cloud services in Germany, France, Spain, and Italy. These new services are on-top of Google’s security protections provided to customers across the globe.
“Our Sovereign Solutions are designed to support data, operational and software sovereignty requirements, increasing customer control and transparency for sensitive data moving to the cloud,” said Adaire Fox-Martin, EMEA vice president at Google Cloud. “For example, Sovereign Solutions can help support compliance with European regulations such as GDPR and legal rulings such as Schrems II.”