Home Posts tagged sovereign

Tag: sovereign

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , , , ,

Offering an extensive portfolio of ICT solutions and services in conjunction with its high-available data centers, fastest broadband internet and telecommunications networks for consumers and businesses, Dialog Enterprise is one of the most trusted information and communication technology brands in Asia. Now it is also the first provider in Sri Lanka to earn the VMware Sovereign Cloud distinction.

“More than 35,000 enterprises rely on us for the compute, storage and networking power they need to excel,” says Venura Mendis,  Head of ICT Business at Dialog Enterprise. “The cloud of course is a game-changer and our Dialog Enterprise Cloud gives customers in a wide range of industries the capabilities and flexibility inherent in a software-defined data center, complete with a self-service portal and hybrid cloud capabilities.”

Based on VMware technology and featuring numerous capabilities, among them Container PaaS service, Backup-as-a-Service and Disaster Recovery-as-a-Service, the Dialog Enterprise Cloud is the choice of many of the country’s industry leaders. This includes stalwarts in the nation’s banking, construction, education, government, healthcare, hospitality and dining, manufacturing, retail and transportation industries.

“We understand that different industries require different business solutions,” adds Mendis. “For that reason, we offer a broad array of solutions and services designed for various industries that can be customized for any business, along with completely bespoke offerings that draw on the extensive design and development expertise our team offers. Increasingly, we’ve seen a lot of demand for sovereign cloud offerings, particularly in highly regulated industries where the stakes are high and data privacy demands are great.”

To address this, Dialog Enterprise sought to earn VMware Sovereign Cloud distinction, becoming the first provider in the entire region to do so – a feat that echoed its earlier honor of being the first company in Sri Lanka to provide VMware Cloud Verified services. Mendis is quick to stress that while the company is currently the only company to have done so, the demand for sovereign clouds is great and growing rapidly.

“When a solution is a build on a robust framework like VMware’s, it simply and seamlessly works across VMware-based multi-cloud platforms, which makes it easier to lift and shift workloads from on-premises environments to the cloud while allowing for continual modernization at a much lower cost of ownership,” he says. “Now enterprises also increasingly want and demand the added ability to ensure full data sovereignty and jurisdictional control at all times. This includes making sure that data is never accessed by foreign parties in the context of maintenance or service.”

Mendis notes that because the data in its sovereign cloud is subject to the full jurisdictional control of Sri Lanka, full compliance with the country’s privacy laws can be guaranteed. This stands in stark contrast to the clouds offered by hyperscalers, but it is not the only reason customers are choosing a Sri Lankan sovereign cloud.

“Yes, customers are concerned about hosting their sensitive data in public clouds due to issues like data confidentiality, data loss, data storage needs, security and transparency issues,” says Mendis. “But it’s not all about safeguards, or the ability we have to guarantee compliance with local laws and regulations. Enterprises also turn to us because our sovereign Infrastructure-as-a-Service offers low-latency connectivity options, an intuitive portal, pricing models that are based consumption and high performance.”

Notably, it also integrates seamlessly with the myriad innovative solutions the company offers, from those that harness the potential of the Internet of Things, to broader Enterprise solutions platforms. This includes managed SDWAN and SASE solutions, Data as a Service offerings and multiple other Cyber and physical security solutions  D – among many others.

“As organizations across industries look to digital transformation to drive growth, the cloud will by necessity play a core role,” says Mendis. “And it is no surprise that it is increasingly important to ensure that sensitive data be stored and processed in a secure and compliant environment. The sovereign cloud solution we offer gives our clients much-needed peace of mind and the knowledge that their data is securely stored in a physically and logically isolated environment, managed by a team of experts. It’s only natural that more organizations will want that.”

Learn more about Dialog Enterprise and its partnership with VMware here.

Cloud Management

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

In the first use case of this series, Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud, we looked at what data sovereignty is, why it’s important, and how sovereign clouds solve for jurisdictional control issues. Now let’s take a closer look at how data privacy and sovereignty regulations are driving security, privacy, and compliance.

Data Privacy and Security

The EU’s GDPR has formed the basis of data privacy regulations not just in EU but around the world. A key principle of the regulation is the secure processing of personal data. The UK GDPR states that security measures must ensure the confidentiality, integrity, and availability of data (known in cybersecurity as the CIA triad) and protect against accidental loss, destruction, or damage.1

Restricting access to sensitive and restricted data is a crucial aspect of data security, along with ensuring trust and flexibility for portability needs. 

Sovereign clouds are built on an enterprise-grade platform and customized by partners to meet local data protection laws, regulations, and requirements. Locally attested providers use advanced security controls to secure applications and data in the cloud against evolving attack vectors, ensuring compliance with data regulation laws and requirements to safeguard the most sensitive data and workloads.

Protected data should employ micro-segmentation with zero-trust enforcement to ensure workloads cannot communicate with each other unless they’ve specifically been authorized and are encrypted to secure them from foreign access. A multi-layered security approach secures data and applications in the sovereign cloud, keeping them safe from loss, destruction, or damage.

Sovereignty and Compliance

Data residency – the physical location where data (and metadata) is stored and processed – is a key aspect of data privacy and sovereignty regulations Data residency laws require that companies must operate in a country and that data should be stored in that country, often due to regulatory or compliance requirements. For companies that have customer data in multiple countries, it becomes a challenge to keep data secure. A sovereign cloud helps minimize risk and offers more robust controls and trusted endpoints needed to keep data secure and compliant.

In addition, data residency requirements continue to evolve and vary by country or region. Multi-national companies frequently rely on in-country compliance experts to help ensure they’re following the latest rules correctly and to avoid significant fines and legal action. 

With VMware, we provide best-in-class enterprise-grade cloud, security, and compliance solutions that provide the ultimate platform for data choice and control.

“A law can change, and it can change your entire way of doing business,” one Fortune 500 CISO said.2  And with the ever-changing geopolitical landscape, platform flexibility is needed to minimize risk with self-attested, trusted code. VMware provides simpler lift-and-shift portability and interoperability, as well as greater compliance with local laws and regulations.

Faced with changing regulations, it’s not surprising that compliance is a top cloud challenge according to 76% of organizations.3  One reason is a lack of skilled personnel. A recent survey from ISACA found that 50% of respondents said they experienced skills gaps in compliance laws and regulations, as well as in compliance frameworks and controls. Another 46% are dealing with a gap in privacy-related technology expertise.4

With these challenges, it’s not surprising that 81% of decision-makers in regulated industries have repatriated some or all data and workloads from public clouds.5  Some have moved data back on-premises, whereas others are using hybrid cloud architectures. 

With VMware Sovereign Cloud, solutions are provided by locally attested partners who provide full-service, sovereign solutions and ensure that compliance is achieved, implemented and configured. Sovereign cloud meets data residency requirements with local data centers to contain all regulated data, including metadata, and you can respond faster to data privacy rule changes, security threats, and geopolitics with a flexible cloud architecture and knowledgeable local experts.

Learn more about VMware Sovereign Cloud:

Download the Security and Compliance 1 pager

Watch the Sovereign Cloud Overview video  

Find and connect with a Sovereign Cloud Provider in your region

Join the conversation on Sovereign Cloud on LinkedIn

Next, we’ll explore data access and integrity, and how that can ignite innovation.

Sources:
1. UK information Commissioner’s Office, Guide to the General Data Protection Regulation (GDPR) Security, accessed June 2022
2. CSO, Data residency laws pushing companies toward residency as a service, January 2022
3. Flexera 2022 State of the Cloud Report
4. ISACA, Privacy in Practice 2022, March 2022.
5. IDC, commissioned by VMware, Deploying the Right Data to the Right Cloud in Regulated Industries, June 2021

Cloud Management, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

Simply put, and despite claims customers may hear and/or see in this infant market, the reality is that there is no one-size-fits-all definition to “data sovereignty”, and the true source of the definition to “data sovereignty” as applicable to any workload being contemplated is the legal, policy or guidelines applicable to that data that are prescribing it as a requirement.

For example, a government customer who is planning to acquire cloud services for workloads related to their defence ministry/department would have different data sovereignty applicable to legal, policy and guidelines than when the same government is acquiring the cloud services for their revenue ministry/department. And both of those would be different compared to when that same customer is acquiring cloud services for their parks/forestry ministry/department. Furthermore, a defence ministry of one government may have different requirements than the defence ministry of another government, and the single defence ministry may have different requirements for two different purchases depending on the workload they are considering. It is therefore understandable that a cloud offering can be compliant with the data sovereignty requirements for one customer workload, but not for another of the same customer.

In sum, the definition of data sovereignty varies from jurisdiction to jurisdiction, and from workload to workload, even within the same jurisdiction (depending on the applicable laws, policies, or guidelines that are prescribing it as a requirement). That being said, the common denominator amongst most definitions is that data must remain subject to the privacy laws and governance structures within the nation where the data is created or collected. Because the location of data is not, under many jurisdictions, a bar to foreign jurisdictions asserting control over the data, data sovereignty often requires that it remains under the control and/or management of entities and individuals who cannot be compelled by foreign governments to transfer the data to foreign governments (or, again depending on the requirements, certain foreign governments).  As an example of a requirement that may be different, some, but not all, require that the cloud vendor employees who are supporting the underlying infrastructure hold citizenship and security clearance (i.e., data residency and jurisdictional control would not suffice).  

The other important terms to define are as follows:

Data Residency – The physical geographic location where customer data is stored and processed is restricted to a particular geography. Many customers and vendors confuse this concept with data sovereignty.

Data privacy – Data privacy looks at the handling of data in compliance with data protection laws, regulations, and general privacy best practices.

Jurisdictional control of data – A jurisdiction retains full control of data without other nations/jurisdictions being able to access, or request access, to that data.

Data Governance – The process of managing the availability, usability, integrity, and security of the data in systems, based on internal data standards and policies that also control data usage.

Global hyperscale commercial cloud – Foreign company-owned cloud infrastructure where data is held by a foreign Provider, and as a result may be subject to foreign laws.

VMware Sovereign Cloud Initiative

VMware recognizes that regional cloud providers are in a great position to build on their own sovereign cloud capability and establish industry verticalised solutions aligned to differing data classification types and under their nation’s jurisdictional controls.

Data Classification is core to understanding where your data needs to reside and the protections that must be in place to safeguard and protect its ‘sovereignty’ with jurisdictional controls. The VMware Sovereign Cloud initiative has established a framework of trust scale, based on the classification of data which varies by vertical. Examples vary by industry and region, for example, official UK government classifications such as Official, Secret, and Top Secret. Examples from the commercial sector can include Confidential, Internal Use, Public, Sensitive, and Highly Sensitive. The classifications that a Sovereign Cloud Provider chooses to include in the platform by default will depend on a combination of local jurisdictional norms and the type of customers the platform is intended to serve.

The principle for data classification and trust is that the Sovereign Cloud Provider security can be organised into different trust zones (architecturally called security domains). The higher the classification type, the more trustworthy and sovereign the offering, and the more unclassified the more risk mitigation and safeguards are required (such as encrypting your data, confidential computing, and privacy-enhancing computation). However, there are some hard stops, such as security stopping at the last most secure zone that is always within a sovereign nation and under sovereign jurisdiction.

The placement of data must be based on the least trusted/sovereign dimension of service. Assessing your data classification requirements against the proposed services will result in understanding where the data can reside based on the necessary locations and available mitigations. This is an opportunity for VMware Sovereign Cloud partners to overlay solutions. By this, I mean that in many cases, a specific data classification can be placed on a particular platform (or security domain) if certain security controls are in place. E.g., Confidential Data can reside on Shared Sovereign Cloud infra if encrypted and the customer holds their own keys.

Using this risk and data classification analysis, VMware Sovereign Cloud Providers understand where their proposed Sovereign Cloud offerings sit on the scale, in relation to their other services such as public hyperscale cloud. They can then determine how to shift everything towards the most sovereign dimension of service as necessary using technology and process and enhance a customer’s Sovereign protection and cloud usage.

For the reasons noted above, VMware Sovereign Cloud providers, using VMware on-premises software, are in an ideal position to build compliant data sovereign hosted cloud offerings in alignment with data sovereignty laws, policies, and frameworks of their local or regional jurisdictions, – all in a model that is a more optimal approach to assuring jurisdictional control and data sovereignty.

My thanks to Ali Emadi for co-authoring this article. To read the full article Will the Real Data Sovereign Cloud please stand up? Click here.

Cloud Management, Cloud Security, Data Management, Data Privacy

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

Staying in control and securing your data has never been more important. As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to change how they handle personal data. Regulations, compliance, and how data is controlled and managed is becoming more of a critical factor globally, with more than 157 countries around the world having some form of data privacy laws, and thus putting a spotlight on sovereign clouds.

In addition to rights to transparency and security granted by regulations such as GDPR, more countries worldwide are starting to create rules around data sovereignty. This ‘protectionism’ restricts where data can go and who has jurisdiction over the data. New rules around data sovereignty are designed to keep data out of the hands of other countries, bad actors, and those without authorised access.  

Data sovereignty is the right to control citizens’ data collection, ownership, and application

To ensure compliance with data privacy and sovereignty laws, organisations are looking to sovereign cloud solutions to protect their sensitive data. Sovereign clouds are operated by experienced national cloud providers who can provide dedicated cloud storage that complies with local regulations. 

There are four key use cases to consider around sovereign cloud. This post will cover all four in brief, or you can read the in-depth posts on each topic. 

Data Sovereignty in the Cloud

Data Security and Compliance

Data Access and Integrity 

Data Independence and Mobility

Data Sovereignty in the Cloud 

A significant hurdle for complying with data sovereignty regulations is the dominance of US-based companies in the public cloud computing market. These providers are subject to the US Cloud Act, which could result in the US government accessing data, even if it is stored in another country but with a US-based company.  

Sovereign cloud protects your data from interference by foreign authorities. All data, including metadata, resides locally, making it easier to comply with residency laws and other local sovereign requirements. Using a sovereign cloud allows you to stay in control of your data and ensure it’s compliant with regulations.  

Data Security and Compliance 

Sovereign cloud providers use multi-layered security and access controls to protect data. This prevents unauthorised access and data loss in the face of growing cyberattacks. Additional data protection steps should be taken by the provider, such as encryption and air-gapped storage.  

Compliance is critical to comply with data sovereignty laws, from where data is stored to who can access it. As laws evolve, compliance staff must understand and follow relevant local and industry regulations. Sovereign cloud providers have been approved for security controls as part of the 20-point self-attestation process which provide consistent security, zero trust principles and micro segmentation in addition to having local compliance experts to keep up with the latest laws. 

VMware Sovereign Cloud helps organisations comply with data privacy laws by partnering with local cloud providers to build sovereign clouds based on VMware’s framework that are based entirely within a local jurisdiction. These VMware Cloud Verified partners have local staff with security clearances (if required) and expertise with local laws to ensure the compliance of the sovereign cloud environment. These providers offer continuous compliance monitoring, reporting, and remediation so data follows local and industry regulations.

Data Access and Integrity 

Having data is useless if you can’t access it when you need it. That’s why access and integrity are required components of a sovereign cloud. With multiple in-region data centres, providers can offer 99.999% uptime in addition to backup and recovery protocols that meet data sovereignty requirements. 

VMware Sovereign Cloud provides secure access to sensitive data and protects its integrity to allow organisations to unlock value from their data and to ensure it is accurate and complete. In-region data centres with high availability, resilient infrastructure, and low latency make data accessible when needed. Secure access presents new opportunities for data analysis that can fuel innovation and improve local economies. 

Data Independence and Mobility 

Data sovereignty laws have placed restrictions on how data travels across national or regional borders. These data movement and sharing restrictions can cause companies to limit where they do business to avoid compliance headaches. Sovereign clouds can prevent these issues by keeping a company’s sensitive data compliant while operating as part of a broader multi-cloud ecosystem that supports the overall business.

VMware Sovereign Cloud helps organisations future-proof their cloud infrastructure with data independence, interoperability and mobility. Data can be shared and migrated as needed to respond to changes in technology or geopolitics. A sovereign cloud is compatible with multi-cloud or hybrid cloud strategies and is separate from the underlying infrastructure, preventing vendor lock-in. Workload migrations into or out of a sovereign cloud are secure, allowing organizations to deploy and move data anywhere as needed.

Learn more about VMware Sovereign Cloud:

Download the Sovereign Cloud Solution Brief

Watch the Sovereign Cloud Overview video  

Find and connect with a Sovereign Cloud Provider in your region

Join the conversation on Sovereign Cloud on LinkedIn

Cloud Management, Cloud Security, Data Management, Data Privacy, VMware

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

Alexander Wallner, CEO of plusserver, believes the importance of the sovereign cloud services and solutions needed to ensure that data is protected, safe, and compliant cannot be overemphasized. He is also quick to point out that plusserver takes responsibility for the cloud-based operations of its growing customer base, which includes enterprises across industries and throughout Germany’s public and private sectors.

“Our customers, especially public institutions and leaders in industries like healthcare and financial services, have high data security and sovereignty requirements that must be met,” says Wallner. “We enable them to benefit from a robust, high-performance IT foundation – one that combines our sovereign cloud offerings with those from the major hyperscalers – to create a true managed multi-cloud platform so they can focus their time and effort on growing their businesses, not building and managing the IT infrastructure they need to accomplish their goals. At plusserver, we believe that data sovereignty is crucial for enabling digital growth and that digital growth in turn is synonymous with business growth.”

With four advanced data centers in Germany, including two facilities in Hamburg and ones in Cologne and Dusseldorf, as well as a cadre of seasoned cloud experts who are fully-vetted German nationals – plusserver offers a wide range of solutions that meet or exceed myriad certifications, including BSI C5, ISO 9001, IDW PH 9.860.1, ISO 27001, and of course the classic data protection requirements of the General Data Protection Regulation. The company’s extensive portfolio of sovereign cloud solutions addresses the needs of customers at every point in their cloud journey, whether it’s first migrating to the cloud or the development of advanced cloud-native applications.

The company also offers a number of complimentary services, including ones for data management, data lifecycle management, and security and storage. In addition, plusserver’s high-performance cloud setups and deployments ensure that customers can consume all services without restrictions or performance degradation even during peak times.

“Our company is viewed as a companion by our customers on their way to the cloud, and once there, in initiatives that realize its full potential,” he adds. “For many, this leads to pluscloud, our sovereign cloud based on trusted and proven VMware technology that features consumption-based billing and free traffic for planning and cost transparency. Now, as a result of earning the VMware Sovereign Cloud distinction, customers can enjoy even greater peace of mind and confidence in our ability to support them at every stage in their unique cloud journey.”

Notably, plusserver is a founding member of Gaia-X. The company also recently commissioned a study with IDC titled “Data Sovereignty in the Cloud – Requirements, Potential and Challenges,” to learn more about the specific needs of both public and private-sector enterprises in Germany.

The survey found that cloud computing is the most important modernization factor for IT, and that cloud services will increasingly replace legacy IT over the next two years, with 61% of companies also planning to use cloud services even more intensively in the medium and long-term because of increased cybersecurity requirements and new standards.

In addition, 82% of respondents in companies with more than 1,000 employees rated data sovereignty as very important or important. Even so, only 11% of German companies were found to have implemented data sovereignty plans or to have a strategy in place for the sovereign handling of data.

This will be important if organizations are to meet what Wallner sees as increasingly imperative requirements. These include knowing where important data resides and who has access to it, retaining the ability to quickly change service providers and avoid vendor lock-in, and enjoying the freedom to innovate that robust sovereign cloud platforms deliver.

“Clearly the market for sovereign cloud solutions will only increase as organizations in Germany take steps to address data sovereignty – an issue that is overwhelmingly acknowledged as being very important,” Wallner says. “At plusserver, our staff is well trained, highly experienced and ideally qualified to help enterprises address this reality. Importantly, our product portfolio is highly standardized for smooth and fast delivery, but we also have the proven ability to develop highly bespoke applications and solutions that surpass the most stringent data protection requirements. Data security, compliance, and data sovereignty are in plusserver’s DNA.”   

Learn more about plusserver and its partnership with VMware here. IT teams can also download a complimentary data sovereignty summary and decision matrix.

Cloud Computing, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , ,

Stéphane Garneau, the president of Quebec-based Micro Logic, still sees the same forces driving private sector enterprises and public sector agencies to seek out sovereign cloud solutions now that he witnessed nearly a decade ago.

“We first made the commitment to create and offer sovereign cloud solutions and services in 2014,” says Garneau. “At the time government agencies wanted to embrace technologies and the flexibility and performance they offered, but feared being subjected to a competitive country that potentially could leverage their legislative power to unilaterally force local and international cloud providers to grant access to critical, classified or otherwise strategic information. Today, those same motivations and same concerns have only grown stronger.”

Today, Projet Cirrus – Micro Logic’s suite of sovereign cloud solutions, including private, community, public, and hybrid offerings – is relied on by hundreds of organizations in the public and private sectors organizations that require all data to reside in Canada at all times. Not only that, but data is required to only be accessible by fully vetted Canadian citizens – or in the case of international companies doing business in Canada, to be subject to the data protection regulations of their home country.

“High profile incidents as well as the widespread collection and use of data have led to a growing preoccupation with what happens to the information we share or upload online,” adds Garneau. “This is particularly true for sensitive and private data used in certain industries and by the government. It is more important than ever to control and secure this data at all times, which is exactly what the sovereign clouds solutions in Projet Cirrus do.”

The sovereign cloud offerings within Projet Cirrus also include robust backup and disaster recovery services, as a well as a Fortified Cloud that features encryption and data protection measures that exceed the most stringent guidelines for government agencies and highly regulated industries. All services are provided from two distinct and independent Tier-3 certified data centers in Quebec and Montreal.

Notably, the entire Projet Cirrus suite is supported by the more than 300 sovereign cloud experts at Micro Logic. This includes a dedicated team that is specifically focused on building and developing locally owned and operated international alternative cloud products that are designed to address the unique, bespoke needs of specific enterprises and institutions.

“Flexibility is one of the key attributes of the cloud, and that same concept extends to sovereign cloud solutions and services. Our dedicated Projet Cirrus team is comprised of certified and highly skilled experts who strive to push innovation forward and who are ideally qualified to address each customer’s unique cloud journey,” says Garneau. “Our clients benefit from this expertise and a sovereign cloud that is not only built around the latest technology and hardware, but which is also based on agnostic technology that empowers them to avoid vendor lock-in at all times.”

Garneau also stresses that the company’s strong relationship with VMware and reliance on its proven and trusted technologies offers enterprises additional peace of mind. He notes it is also of importance to prospective customers.

“The VMware Sovereign Cloud distinction is an important recognition for Micro Logic because it highlights our commitment and shows that we have made the extra effort to ensure that their data is hosted in known and trusted facilities sheltered from foreign political or legislative influence,” he says. “The breadth of our expertise allows us to address the full spectrum of IT challenges organizations and businesses face today. We took our extensive experience in on-premises computing and in years of service expanded it to encompass the sovereign, hybrid and multi-cloud environments our clients depend on and need today.”  

Learn more about Micro Logic and its partnership with VMware here.

Cloud Computing, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , ,

Staying in control and securing your data has never been more important! As data privacy regulations continue to evolve, businesses have had to adapt how and where they store data. The EU’s General Data Protection Regulation (GDPR) has been the most newsworthy, requiring all businesses that operate in or have customers in the EU to change how they handle personal data. Regulations, compliance, and how data is controlled and managed is becoming more of a critical factor globally, with more than 157 countries around the world having some form of data privacy laws, and thus putting a spotlight on sovereign clouds.1 

In addition to rights to transparency and security granted by regulations such as GDPR, more countries worldwide are starting to create rules around data sovereignty. This ‘protectionism’ restricts where data can go and who has jurisdiction over the data. New rules around data sovereignty are designed to keep data out of the hands of other countries, bad actors, and those without authorized access.  

Data sovereignty is the right to control citizens’ data collection, ownership, and application.2  

To ensure compliance with data privacy and sovereignty laws, organizations are looking to sovereign cloud solutions to protect their sensitive data. Sovereign clouds are operated by experienced national cloud providers who can provide dedicated cloud storage that complies with local regulations. 

There are four key use cases to consider around sovereign cloud. This post will cover all four in brief, or you can read the in-depth posts on each topic. 

Data Sovereignty in the CloudData Security and ComplianceData Access and Integrity Data Independence and Mobility

Data Sovereignty in the Cloud 

A significant hurdle for complying with data sovereignty regulations is the dominance of U.S.-based companies in the public cloud computing market. These providers are subject to the U.S. CLOUD Act, which could result in the U.S. government accessing data, even if it is stored in another country but with a U.S.-based company.  

Sovereign cloud protects your data from interference by foreign authorities. All data, including metadata, resides locally, making it easier to comply with residency laws and other local sovereign requirements. Using a sovereign cloud allows you to stay in control of your data and ensure it’s compliant with regulations.  

Data Security and Compliance 

Sovereign cloud providers use multi-layered security and access controls to protect data. This prevents unauthorized access and data loss in the face of growing cyberattacks. Additional data protection steps should be taken by the provider, such as encryption and air-gapped storage.  

Compliance is critical to comply with data sovereignty laws, from where data is stored to who can access it. As laws evolve, compliance staff must understand and follow relevant local and industry regulations. Sovereign cloud providers have been approved for security controls as part of the 20-point self attestation process which provide consistent security, zero trust principles and micro segmentation in addition to having local compliance experts to keep up with the latest laws. 

VMware Sovereign Cloud helps organizations comply with data privacy laws by partnering with local cloud providers to build sovereign clouds based on VMware’s framework that are based entirely within a local jurisdiction. These VMware Cloud Verified partners have local staff with security clearances (if required) and expertise with local laws to ensure the compliance of the sovereign cloud environment. These providers offer continuous compliance monitoring, reporting, and remediation so data follows local and industry regulations.

Data Access and Integrity 

Having data is useless if you can’t access it when you need it. That’s why access and integrity are required components of a sovereign cloud. With multiple in-region data centers, providers can offer 99.999% uptime in addition to backup and recovery protocols that meet data sovereignty requirements. 

VMware Sovereign Cloud provides secure access to sensitive data and protects its integrity to allow organizations to unlock value from their data and to ensure it is accurate and complete. In-region data centers with high availability, resilient infrastructure, and low latency make data accessible when needed. Secure access presents new opportunities for data analysis that can fuel innovation and improve local economies. 

Data Independence and Mobility 

Data sovereignty laws have placed restrictions on how data travels across national or regional borders. These data movement and sharing restrictions can cause companies to limit where they do business to avoid compliance headaches. Sovereign clouds can prevent these issues by keeping a company’s sensitive data compliant while operating as part of a broader multi-cloud ecosystem that supports the overall business.

VMware Sovereign Cloud helps organizations future-proof their cloud infrastructure with data independence, interoperability and mobility. Data can be shared and migrated as needed to respond to changes in technology or geopolitics. A sovereign cloud is compatible with multi-cloud or hybrid cloud strategies and is separate from the underlying infrastructure, preventing vendor lock-in. Workload migrations into or out of a sovereign cloud are secure, allowing organizations to deploy and move data anywhere as needed.

For more info on VMware Sovereign Cloud…
Download the Sovereign Cloud Solutions Brief by clicking here or watch the Sovereign Cloud Overview video by clicking here.
Learn more about sovereign cloud from VMware or to connect with a provider in your region, visit https://cloudsolutions.vmware.com/services/sovereign-cloud.html or join the conversation on Sovereign Cloud on LinkedIn by clicking here.

Sources: 
1. Now 157 Countries: Twelve Data Privacy Laws in 2021/22, SSRN, Graham Greenleaf, University of New South Wales, Faculty of Law, March 2022 
2. Hinrich Foundation, Data is disruptive: How data sovereignty is challenging data governance, August 2021

Cloud Computing, Cloud Security

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , ,

Already a leader in Malaysia’s burgeoning cloud services and solutions sector when it was acquired by Time dotCom, one of the region’s largest fixed-line communications companies in 2021, AVM Cloud recently became one of the select group of providers who offer VMware Cloud Verified Services to earn the VMware Sovereign Cloud distinction.

Originally known as Integrated Global Solutions Technologies, AVM Cloud has a long relationship with VMware going back to 2010.

David Chan, CEO, AVM Cloud

AVM Cloud

AVM Cloud’s CEO David Chan explains that “being named VMware’s Hybrid Cloud Provider of the Year FY 2018 reflected our commitment to provide customers with choices that enable them to optimize their unique cloud journey and in many ways our decision to pursue and earn the VMware Sovereign Cloud distinction is a natural progression of that effort. Now our customers can choose to have their data safely and securely kept, maintained, and safeguarded by Malaysian citizens in Malaysian territory.”

Chan notes that AVM Cloud’s commitment to providing enterprises with choices is readily apparent in the depth and breadth of the company’s portfolio. This includes not only its hybrid cloud products, but also the private AVM Cloud offered in multi-tenant and dedicated versions, Infrastructure-as-a-Service and Platform-as-a-Service, the company’s Fusion backup to cloud solution, and AVM’s Cloud-In-A-Box – a ready-made offering that lets organizations deploy a private cloud with robust security features on premises or in a co-located data center.

Notably, AVM Cloud also offers a number of custom cloud solutions. This includes an ever-growing portfolio of cloud-native applications based on VMware Tanzu.

Chan says AVM Cloud’s top priority in achieving its status was to be able to cater to full spectrum of customers’ workloads, including those that are best served when data resides in, is safeguarded in, and is managed and maintained within sovereign territory without intervention from foreign entities

Sovereignty is increasingly a priority for many organizations in Malaysia. In the case of AVM Cloud, this includes customers in numerous industries, including financial services and manufacturing.

“The regulatory requirements on sovereign cloud are still nascent and developing in Malaysia,” he says. Data sovereignty is reflected in existing legal and policy frameworks which encompass a comprehensive, cross-sectional framework to protect personal data in commercial transactions and play an important role in helping companies address data sovereignty issues.

These issues are directly addressed by the five criteria and numerous requirements that must be met to achieve the VMware Sovereign Cloud distinction: data sovereignty and jurisdiction control, data access and integrity, data security and compliance, data independence and mobility, and data innovation and analytics. AVM Cloud addresses each of them.

“Our sovereign clouds are architected and built to deliver security and data access that meets the strict requirements of regulated industries and local jurisdiction laws on data privacy, access, and control,” Chan says. “We deliver this national capability for digital resilience while still enabling our customers to access a hyperscale cloud in another region for ancillary workloads or analytics. In this way, Malaysian companies can demonstrate to their customers that they value their trust and treat their personal data with the utmost care. Ultimately, this commitment will benefit all Malaysian citizens.”

Learn more about AVM Cloud and its partnership with VMware here.

Cloud Management, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , ,

With massive global and geopolitical changes and significant increases in data privacy laws and regulations, the focus on data sovereignty and protecting consumer value has never been higher. Safeguarding highly sensitive, proprietary data and workloads have become a top priority to ensure their usage as a national asset and protection from foreign access. Because VMware has deep expertise in delivering solutions that are secure, cost-efficient, and future-proof, we provide a best-in-class solution – the sole, non-hyperscale, sovereign cloud solution that allows customers to maintain who can access data, whom has jurisdictional control over your data, where data is physically & geographically stored so that it is locally secured.  

So to start, let’s define what a sovereign cloud is. Sovereign cloud is a data protection methodology that:

Ensures that all data (including metadata) remains on sovereign soilPrevents foreign access to critical national, corporate and personal data, especially when resident outside of your sovereign country (known as jurisdictional control or data sovereignty)Keeps data access, control, and legal oversight secure

To provide a truly secure sovereign cloud, customers and organizations are looking for cloud provider partners who have all the tools in place to help them navigate and comply with regulations and are familiar with how to build sovereign clouds. Cloud providers are not only adept at understanding the laws of their own local jurisdiction, but they provide value-added services to consumers and are valuable business partners that help grow their local businesses and national economies. 

From the customer’s perspective, sovereign clouds ensure that their cloud is:

Compliant with national security standardsProtected against other jurisdictions’ authority over data stored beyond their national bordersRealized as a protected asset that provides value  

Secure and Trusted Sovereign Cloud from VMware

While data protection is a common goal for customers and cloud providers, there are numerous possible approaches. VMware has the only truly sovereign cloud solution available because of our vetted cloud partners and local operations backed by cloud choice, continuous compliance, and industry support. The VMware Sovereign Cloud Framework is based on a set of 20 Sovereign control guidelines that include: data sovereignty & jurisdictional controls, data independence & interoperability, data security & continuous compliance, and data access & integrity.

VMware Sovereign Cloud Partners are attested to be compliant with the highest level of certification in regional policies and governance. They are also certified in building world-class, enterprise-grade clouds with decades of experience in delivering secure, quality solutions. These sovereign cloud solutions are operated by a sovereign entity, block foreign authority, provide jurisdictional control, are operated by national staff, and are in compliance with local laws and security standards.

The result is a trusted data protection system in a locally-built, secure and attested platform that can be customized and maintained. The VMware solution is a best-in-class, enterprise-grade cloud that is built from trusted code to be compliant, portable, and interoperable. A sovereign cloud built with VMware products (Cloud Verified), the Sovereign Cloud Framework and attested partners provides the ultimate solution for Sovereign Cloud choice and control.  When a solution is built on a robust framework like VMware’s, it simply and seamlessly works across VMware-based multi-cloud platforms. This makes it easier to lift and shift from on-premises to cloud, allows for vendor flexibility with a comprehensive sovereign ecosystem of services, and allows for continuous modernization to provide a low(er) total cost of ownership and future-proof operations.

Sovereign clouds not only provide control and privacy for customers, but they can also benefit citizens and local economies in a number of ways. Let’s explore a few use cases. 

Innovation from Secure Data Sharing 

Many organizations have data they could be analyzed to gain new insights from…but they don’t due to fears of violating privacy regulations. With a sovereign cloud, an organization can collect data to share securely with vetted research firms who can then study the data to uncover new trends and info.  This trusted ecosystem can even be utilized by other trusted groups, such as sharing anonymized or encrypted data, without risking a privacy breach from foreign entities. 

A real-life example of realizing data comes from the UK’s National Health Service. Hospital researchers used sovereign cloud to securely analyze patient records of over 2.5 million people. Previously, that data had gone unused due to privacy concerns. However, with a new, secure way to utilize data, teams were able to collaborate and uncover new insights about COVID-19.1

Government-Backed Ecosystems 

Many governments, commonly working with highly sensitive or nationally protected data, are trying to create systems that make life easier for their citizens. One such way is by compelling data standardization and secure sharing. The UK government initiated ‘Open Banking’ in 2017 to increase competition in retail banking. Part of this package included the ability for consumers and small and medium-sized businesses to share their bank and credit card transaction data securely with trusted third parties in real-time to get personalized offers, streamlined lending, and cardless transactions.2

Collaboration between banks, third parties, and technical providers use a secure and regulated framework to protect sensitive data. An ecosystem of Sovereign Clouds could create similar types of sharing infrastructures that benefit citizens without the need to invest in new frameworks. 

Data Repatriation 

A recent study found that 81% of organizations are repatriating some or all their data from public clouds.3 Those repatriating in order to meet data sovereignty requirements provide a growth opportunity for local cloud providers. Companies moving out of public cloud need somewhere secure and local to store their data, and cloud providers are investing in local Sovereign data centers to assist them.

There’s also a need for additional employees skilled in compliance laws, frameworks, and controls. A recent survey found that 50% of respondents had skills gaps in their organizations around these functions.4 It’s an opportunity to train people for new, in-demand jobs. 

Small Business

For smaller businesses, complying with data sovereignty requirements can be daunting. They lack the personnel and resources to operate multiple data centers, and private cloud is too expensive (not to mention they still need compliance experts). Sovereign cloud providers can offer their expertise to multiple clients, creating economies of scale for smaller customers. For small organizations, sovereign cloud may be the best way to stay in business. 

While data privacy and sovereignty can be a tricky issue to navigate, a sovereign cloud can help you comply with regulations without adding IT burden, excessive cost, or risk of compliance fines. Engaging with a trusted VMware Sovereign Cloud provider with expertise in privacy, data security, and data mobility can help guide you toward a robust data protection plan.

Learn more about sovereign cloud or connect with a provider in your region.

Sources: 

Unified Networking, Sovereign Clouds: Elevating Data Integrity to New Heights, April 2022 UK Competition & Markets Authority, Update on Open Banking, November 2021 IDC, commissioned by VMware, Deploying the Right Data to the Right Cloud in Regulated Industries, June 2021 ISACA, Privacy in Practice 2022, March 2022 
Cloud Management, IT Leadership

Posted on Posted in Digital transformation, General topics Tagged with , , , , , , , , , , , ,

Fundaments, A VMware Cloud Verified partner operating from seven data centers located throughout the Netherlands, and a team of more than 50 vetted and experienced experts – all of whom are Dutch nationals – is growing rapidly. With an expanding customer base that includes public and private-sector leaders, demand for the company’s solutions is being driven by enterprises that must monitor their data and ensure that it remains on Dutch soil at all times.

We recently connected with Larik-Jan Verschuren, chief technology officer at Fundaments, to learn more about the company’s recently announced honor of being the first to earn the VMware Sovereign Cloud distinction in the Netherlands, find out what’s driving the demand for sovereign approaches to data management, and get his thoughts on future demand.

“One of the unique things about Fundaments is that we offer a mission-critical, sovereign cloud and Infrastructure-as-a-Service for managed service providers and independent software companies as well as other private-sector businesses and government agencies,” says Verschuren. “Sovereignty means having true control from A to Z – from the physical hardware and services that are located here in the Netherlands, to the engineers operating workloads, and everything that is under their orchestration and management. At Fundaments, all data is stored in the Netherlands and we have a completely Dutch organization. Customers’ data is not exposed to any foreign input in any way.”

Verschuren notes that Fundaments, which operates a network of seven tier-3 datacenters across the nation, chose to achieve the VMware Sovereign Cloud distinction after seeing a significant increase in demand for data to be stored in the Netherlands. Just as importantly, these same enterprises had to be able to demonstrate certification and compliance with sovereignty requirements.

“Due to the increase in globalization and digitization more and more data is being used in the cloud, and more and more companies find it important to know that this data, their most important asset, is accessible and safe on a Dutch cloud platform,” adds Verschuren. “The introduction of the General Data Protection Regulation (GDPR) also prompted companies to think carefully about where their data is stored and the sovereignty issues that must be considered to be compliant.”

Verschuren also notes that compliance officers and chief information security officers are increasingly mindful of data integrity and demand the strongest levels of protection. Simultaneously, the pandemic accelerated digitization and contributed to the growing demand for innovation, analytics, and the capabilities the cloud delivers. Both factors directed organizations to Fundaments.

“By virtue of our VMware Sovereign Cloud status and the innovation and focus on compliance inherent in our work, Fundaments fulfills all of these needs,” he says. “Our customers know that their data sovereignty requirements will be met and that they are compliant with all relevant regulations here in the Netherlands – all on a platform that enables them to transform their businesses with the power of the cloud.”

Notably, Fundaments has worked extensively with VMware for years while serving its customers.

“We of course aren’t new at offering sovereign cloud services,” says Verschuren. “For two decades we’ve built our hosting operation around geographically dispersed, high security data centers in the Netherlands,” says Verschuren. “We wanted our cloud offerings to be a fully certified, all Dutch answer to the large hyperscalers, and we wanted them to be utterly stable, reliable, and scalable – qualities that differently reflect the VMware technologies we use in our platform and services.”

Verschuren believes that the demand for sovereign cloud services will only grow in light of geopolitical events and efforts to protect personal information. He also predicts that Fundaments’ ability to provide highly personalized service 24/7 will remain a significant differentiator for organizations that need to manage sensitive workloads that demand sovereignty.

“Our customers can consult with one of our engineers within minutes on any day and at any time,” he says. “With our focus on technology, processes, and people we are able to embrace and address the constantly evolving IT needs of our customers and our partners in an environment that is purpose-built to meet and exceed the most demanding sovereignty requirements.”

Learn more about Fundaments and its partnership with VMware, here.

Cloud Computing, IT Leadership