With massive global and geopolitical changes and significant increases in data privacy laws and regulations, the focus on data sovereignty and protecting consumer value has never been higher. Safeguarding highly sensitive, proprietary data and workloads have become a top priority to ensure their usage as a national asset and protection from foreign access. Because VMware has deep expertise in delivering solutions that are secure, cost-efficient, and future-proof, we provide a best-in-class solution – the sole, non-hyperscale, sovereign cloud solution that allows customers to maintain who can access data, whom has jurisdictional control over your data, where data is physically & geographically stored so that it is locally secured.
So to start, let’s define what a sovereign cloud is. Sovereign cloud is a data protection methodology that:
- Ensures that all data (including metadata) remains on sovereign soil
- Prevents foreign access to critical national, corporate and personal data, especially when resident outside of your sovereign country (known as jurisdictional control or data sovereignty)
- Keeps data access, control, and legal oversight secure
To provide a truly secure sovereign cloud, customers and organizations are looking for cloud provider partners who have all the tools in place to help them navigate and comply with regulations and are familiar with how to build sovereign clouds. Cloud providers are not only adept at understanding the laws of their own local jurisdiction, but they provide value-added services to consumers and are valuable business partners that help grow their local businesses and national economies.
From the customer’s perspective, sovereign clouds ensure that their cloud is:
- Compliant with national security standards
- Protected against other jurisdictions’ authority over data stored beyond their national borders
- Realized as a protected asset that provides value
Secure and Trusted Sovereign Cloud from VMware
While data protection is a common goal for customers and cloud providers, there are numerous possible approaches. VMware has the only truly sovereign cloud solution available because of our vetted cloud partners and local operations backed by cloud choice, continuous compliance, and industry support. The VMware Sovereign Cloud Framework is based on a set of 20 Sovereign control guidelines that include: data sovereignty & jurisdictional controls, data independence & interoperability, data security & continuous compliance, and data access & integrity.
VMware Sovereign Cloud Partners are attested to be compliant with the highest level of certification in regional policies and governance. They are also certified in building world-class, enterprise-grade clouds with decades of experience in delivering secure, quality solutions. These sovereign cloud solutions are operated by a sovereign entity, block foreign authority, provide jurisdictional control, are operated by national staff, and are in compliance with local laws and security standards.
The result is a trusted data protection system in a locally-built, secure and attested platform that can be customized and maintained. The VMware solution is a best-in-class, enterprise-grade cloud that is built from trusted code to be compliant, portable, and interoperable. A sovereign cloud built with VMware products (Cloud Verified), the Sovereign Cloud Framework and attested partners provides the ultimate solution for Sovereign Cloud choice and control. When a solution is built on a robust framework like VMware’s, it simply and seamlessly works across VMware-based multi-cloud platforms. This makes it easier to lift and shift from on-premises to cloud, allows for vendor flexibility with a comprehensive sovereign ecosystem of services, and allows for continuous modernization to provide a low(er) total cost of ownership and future-proof operations.
Sovereign clouds not only provide control and privacy for customers, but they can also benefit citizens and local economies in a number of ways. Let’s explore a few use cases.
Innovation from Secure Data Sharing
Many organizations have data they could be analyzed to gain new insights from…but they don’t due to fears of violating privacy regulations. With a sovereign cloud, an organization can collect data to share securely with vetted research firms who can then study the data to uncover new trends and info. This trusted ecosystem can even be utilized by other trusted groups, such as sharing anonymized or encrypted data, without risking a privacy breach from foreign entities.
A real-life example of realizing data comes from the UK’s National Health Service. Hospital researchers used sovereign cloud to securely analyze patient records of over 2.5 million people. Previously, that data had gone unused due to privacy concerns. However, with a new, secure way to utilize data, teams were able to collaborate and uncover new insights about COVID-19.1
Many governments, commonly working with highly sensitive or nationally protected data, are trying to create systems that make life easier for their citizens. One such way is by compelling data standardization and secure sharing. The UK government initiated ‘Open Banking’ in 2017 to increase competition in retail banking. Part of this package included the ability for consumers and small and medium-sized businesses to share their bank and credit card transaction data securely with trusted third parties in real-time to get personalized offers, streamlined lending, and cardless transactions.2
Collaboration between banks, third parties, and technical providers use a secure and regulated framework to protect sensitive data. An ecosystem of Sovereign Clouds could create similar types of sharing infrastructures that benefit citizens without the need to invest in new frameworks.
A recent study found that 81% of organizations are repatriating some or all their data from public clouds.3 Those repatriating in order to meet data sovereignty requirements provide a growth opportunity for local cloud providers. Companies moving out of public cloud need somewhere secure and local to store their data, and cloud providers are investing in local Sovereign data centers to assist them.
There’s also a need for additional employees skilled in compliance laws, frameworks, and controls. A recent survey found that 50% of respondents had skills gaps in their organizations around these functions.4 It’s an opportunity to train people for new, in-demand jobs.
For smaller businesses, complying with data sovereignty requirements can be daunting. They lack the personnel and resources to operate multiple data centers, and private cloud is too expensive (not to mention they still need compliance experts). Sovereign cloud providers can offer their expertise to multiple clients, creating economies of scale for smaller customers. For small organizations, sovereign cloud may be the best way to stay in business.
While data privacy and sovereignty can be a tricky issue to navigate, a sovereign cloud can help you comply with regulations without adding IT burden, excessive cost, or risk of compliance fines. Engaging with a trusted VMware Sovereign Cloud provider with expertise in privacy, data security, and data mobility can help guide you toward a robust data protection plan.
Learn more about sovereign cloud or connect with a provider in your region.
- Unified Networking, Sovereign Clouds: Elevating Data Integrity to New Heights, April 2022
- UK Competition & Markets Authority, Update on Open Banking, November 2021
- IDC, commissioned by VMware, Deploying the Right Data to the Right Cloud in Regulated Industries, June 2021
- ISACA, Privacy in Practice 2022, March 2022