How Sovereign Cloud Supports Data Sovereignty
A sovereign cloud provides the data sovereignty benefits of a private cloud without the IT headaches.
October 3, 2022
Sponsored by VMware
As recently spotlighted at VMware Explore US, sovereign cloud continues to gain momentum. The TAM of sovereign cloud business is estimated to reach $60 billion by 2025, in no small part due to the rapid increase of data privacy laws (currently, 145 countries have data privacy laws) and the complexity of compliance in highly regulated industries.
As the need to monetize data grows and nations seek to realize the true value of data, VMware is delivering on our sovereign cloud position: Sovereign Security, Sovereign Compliance, Sovereign Control, Sovereign Autonomy and Sovereign Innovation.
Previously, we looked at what data sovereignty is and how it impacts business operations when it comes to personal, sensitive or classified data. Now, let’s look at how an organization can better comply with data sovereignty laws by choosing the right cloud architecture.
Most businesses have moved to cloud computing for at least some of their data. Cloud provides greater flexibility, scale and computational power than traditional on-premises data centers.
While public clouds are popular for their high capacity and low costs, some organizations have started moving data out of them to comply with regulations. In fact, 81% of decision-makers in regulated industries have repatriated some or all data and workloads from public clouds. Some have moved data back on premises, whereas others are using a mix of public and private clouds. Ultimately, protecting and realizing national data has never been a more important factor in building a cloud. With the combination of increasing country regulations — including the U.S. CLOUD Act, EU’s GDPR and China’s Personal Information Protection Law — along with data privacy laws in 132 countries (with an annual increase of about 10%), choosing the right data sovereignty solution has become a hot
To better understand why a business may choose one cloud model over another, let’s look at the common types of cloud architectures:
Public– on-demand computing services and infrastructure managed by a third-party provider and shared with multiple organizations using the public Internet. Public clouds are usually multitenant: Multiple customers share the same server, but the server is partitioned to prevent unauthorized access. Public clouds offer large scale at low cost.
Private– infrastructure is dedicated to a single user organization. A private cloud can be hosted either in an organization’s own data center, at a third-party facility or via a private cloud provider. Private clouds are generally more secure than public due to limited access and can meet regulatory requirements such as data privacy and sovereignty. However, they require more resources to set up and maintain.
Community – shared cloud that is integrated to connect multiple organizations or employees for collaboration. This can be multiple private clouds connected to facilitate the exchange of data. These are frequently used by regulated industries where public clouds are not compliant, but they are complicated to set up due to having multiple groups involved.
Government– a type of private or community cloud designed specifically for government bodies to maintain sovereignty and control
Multicloud– using multiple public clouds to take advantage of different features. An organization may host some services in one cloud and others with a different provider. This model has the highest level of security risk due to the volume of data and access.
Hybrid – a mix of public and private clouds. The term is sometimes also used to refer to a mix of public cloud and on-premises private data centers.
While public clouds are suitable for public information that isn’t subject to data sovereignty laws, a hybrid or other more private solution is needed for overall compliance. Private clouds can meet data sovereignty requirements, but they need dedicated data centers, operated either by the organization itself or via a provider using dedicated hardware. This can be expensive and time-consuming. The quickest or off-the-shelf solution may not include the level of security or compliance necessary to be sovereign. Key factors in consideration are jurisdictional control, local oversight, data portability and customizability, to name a few.
Sovereign cloud is an option designed specifically to meet data sovereignty requirements. Think of this as a semi-private cloud, combining some of the best features of public and private. They are operated by experienced cloud providers that are smaller, local, multitenant operations. A sovereign cloud provides the data sovereignty benefits of a private cloud without the IT headaches.
Sovereign cloud can be used in conjunction with public cloud as part of a hybrid cloud architecture. Data and services subject to data sovereignty laws would live in the sovereign cloud while non-sensitive data and services might live in the public cloud. The exchange of data between these clouds must be carefully controlled to ensure compliance.
When it comes to finding a sovereign cloud provider, customizability, flexibility and frictionless implementation is critical. You need to be able to audit operations and access to make sure compliance is maintained. Local, self-attested sovereign cloud providers can follow implement and build residency requirements correctly so that data residency and sovereignty requirements are met. Cross-border restrictions and jurisdictional control must also be understood, addressing privacy concerns with no remote processing of data. At the end of the day, true sovereignty ensures that other jurisdictions are unable to authority over data stored beyond national borders, fostering national data interest and growth.
True sovereign clouds require a higher level of protection and risk management for data and metadata than a typical public cloud. Metadata — or information about the data, such as IP addresses or host names — must be protected along with the data itself. VMware Sovereign Cloud providers offer transparency around security measures, both cybersecurity protections and physical security, in the data center.
VMware sovereign cloud providers are:
Trusted approved partners in providing best-in-class IaaS Security and compliance
Experts in local platform builds, as well as local data protection laws
Able to provide solutions for data choice and control, and cost-efficient (TCO) solutions that are flexible and customizable
Able to grow with customer needs, providing a complete solution that is future-proof
Customers requiring sovereign solutions demand the expertise and transparency offered by VMware sovereign cloud providers, ensuring security and compliance with local data privacy and sovereignty laws. This expertise and transparency become invaluable, enabling data security and compliance.
Find your sovereign Cloud provider today. Check out the latest VMware sovereign cloud Infographic or join the conversation via our LinkedIn community at VMware Sovereign Cloud | Groups | LinkedIn.
This guest blog is part of a Channel Futures sponsorship.
About the Author
You May Also Like