Staying in control and securing your data has never been more important! As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to change how they handle personal data. Regulations, compliance, and how data is controlled and managed is becoming more of a critical factor globally, with more than 157 countries around the world having some form of data privacy laws, and thus putting a spotlight on sovereign clouds.1
In addition to rights to transparency and security granted by regulations such as GDPR, more countries worldwide are starting to create rules around data sovereignty. This ‘protectionism’ restricts where data can go and who has jurisdiction over the data. New rules around data sovereignty are designed to keep data out of the hands of other countries, bad actors, and those without authorized access.
Data sovereignty is the right to control citizens’ data collection, ownership, and application.2
To ensure compliance with data privacy and sovereignty laws, organizations are looking to sovereign cloud solutions to protect their sensitive data. Sovereign clouds are operated by experienced national cloud providers who can provide dedicated cloud storage that complies with local regulations.
There are four key use cases to consider around sovereign cloud. This post will cover all four in brief, or you can read the in-depth posts on each topic.
- Data Sovereignty in the Cloud
- Data Security and Compliance
- Data Access and Integrity
- Data Independence and Mobility
Data Sovereignty in the Cloud
A significant hurdle for complying with data sovereignty regulations is the dominance of U.S.-based companies in the public cloud computing market. These providers are subject to the U.S. CLOUD Act, which could result in the U.S. government accessing data, even if it is stored in another country but with a U.S.-based company.
Sovereign cloud protects your data from interference by foreign authorities. All data, including metadata, resides locally, making it easier to comply with residency laws and other local sovereign requirements. Using a sovereign cloud allows you to stay in control of your data and ensure it’s compliant with regulations.
Data Security and Compliance
Sovereign cloud providers use multi-layered security and access controls to protect data. This prevents unauthorized access and data loss in the face of growing cyberattacks. Additional data protection steps should be taken by the provider, such as encryption and air-gapped storage.
Compliance is critical to comply with data sovereignty laws, from where data is stored to who can access it. As laws evolve, compliance staff must understand and follow relevant local and industry regulations. Sovereign cloud providers have been approved for security controls as part of the 20-point self attestation process which provide consistent security, zero trust principles and micro segmentation in addition to having local compliance experts to keep up with the latest laws.
VMware Sovereign Cloud helps organizations comply with data privacy laws by partnering with local cloud providers to build sovereign clouds based on VMware’s framework that are based entirely within a local jurisdiction. These VMware Cloud Verified partners have local staff with security clearances (if required) and expertise with local laws to ensure the compliance of the sovereign cloud environment. These providers offer continuous compliance monitoring, reporting, and remediation so data follows local and industry regulations.
Data Access and Integrity
Having data is useless if you can’t access it when you need it. That’s why access and integrity are required components of a sovereign cloud. With multiple in-region data centers, providers can offer 99.999% uptime in addition to backup and recovery protocols that meet data sovereignty requirements.
VMware Sovereign Cloud provides secure access to sensitive data and protects its integrity to allow organizations to unlock value from their data and to ensure it is accurate and complete. In-region data centers with high availability, resilient infrastructure, and low latency make data accessible when needed. Secure access presents new opportunities for data analysis that can fuel innovation and improve local economies.
Data Independence and Mobility
Data sovereignty laws have placed restrictions on how data travels across national or regional borders. These data movement and sharing restrictions can cause companies to limit where they do business to avoid compliance headaches. Sovereign clouds can prevent these issues by keeping a company’s sensitive data compliant while operating as part of a broader multi-cloud ecosystem that supports the overall business.
VMware Sovereign Cloud helps organizations future-proof their cloud infrastructure with data independence, interoperability and mobility. Data can be shared and migrated as needed to respond to changes in technology or geopolitics. A sovereign cloud is compatible with multi-cloud or hybrid cloud strategies and is separate from the underlying infrastructure, preventing vendor lock-in. Workload migrations into or out of a sovereign cloud are secure, allowing organizations to deploy and move data anywhere as needed.
Learn more about VMware Sovereign Cloud:
- Download the Sovereign Cloud Solution Brief
- Watch the Sovereign Cloud Overview video
- Find and connect with a Sovereign Cloud Provider in your region
- Join the conversation on Sovereign Cloud on LinkedIn
Sources:
- Now 157 Countries: Twelve Data Privacy Laws in 2021/22, SSRN, Graham Greenleaf, University of New South Wales, Faculty of Law, March 2022
- Hinrich Foundation, Data is disruptive: How data sovereignty is challenging data governance, August 2021