How Sovereign Cloud Supports Data Sovereignty

As recently spotlighted at VMware Explore US, sovereign cloud continues to gain momentum. The TAM of sovereign cloud business is estimated to reach $60 billion by 2025, in no small part due to the rapid increase of data privacy laws (currently, 145 countries have data privacy laws) and the complexity of compliance in highly regulated industries.​

As the need to monetize data grows and nations seek to realize the true value of data, VMware is delivering on our sovereign cloud position: Sovereign Security, Sovereign Compliance, Sovereign Control, Sovereign Autonomy and Sovereign Innovation.

Previously, we looked at what data sovereignty is and how it impacts business operations when it comes to personal, sensitive or classified data. Now, let’s look at how an organization can better comply with data sovereignty laws by choosing the right cloud architecture.

Most businesses have moved to cloud computing for at least some of their data. Cloud provides greater flexibility, scale and computational power than traditional on-premises data centers.

While public clouds are popular for their high capacity and low costs, some organizations have started moving data out of them to comply with regulations. In fact, 81% of decision-makers in regulated industries have repatriated some or all data and workloads from public clouds. Some have moved data back on premises, whereas others are using a mix of public and private clouds.  Ultimately, protecting and realizing national data has never been a more important factor in building a cloud.  With the combination of increasing country regulations — including the U.S. CLOUD Act, EU’s GDPR and China’s Personal Information Protection Law — along with data privacy laws in 132 countries (with an annual increase of about 10%), choosing the right data sovereignty solution has become a hot

To better understand why a business may choose one cloud model over another, let’s look at the common types of cloud architectures:

While public clouds are suitable for public information that isn’t subject to data sovereignty laws, a hybrid or other more private solution is needed for overall compliance. Private clouds can meet data sovereignty requirements, but they need dedicated data centers, operated either by the organization itself or via a provider using dedicated hardware. This can be expensive and time-consuming.  The quickest or off-the-shelf solution may not include the level of security or compliance necessary to be sovereign. Key factors in consideration are jurisdictional control, local oversight, data portability and customizability, to name a few.

Sovereign cloud is an option designed specifically to meet data sovereignty requirements. Think of this as a semi-private cloud, combining some of the best features of public and private. They are operated by experienced cloud providers that are smaller, local, multitenant operations. A sovereign cloud provides the data sovereignty benefits of a private cloud without the IT headaches.

Sovereign cloud can be used in conjunction with public cloud as part of a hybrid cloud architecture. Data and services subject to data sovereignty laws would live in the sovereign cloud while non-sensitive data and services might live in the public cloud. The exchange of data between these clouds must be carefully controlled to ensure compliance.

When it comes to finding a sovereign cloud provider, customizability, flexibility and frictionless implementation is critical. You need to be able to audit operations and access to make sure compliance is maintained. Local, self-attested sovereign cloud providers can follow implement and build residency requirements correctly so that data residency and sovereignty requirements are met. Cross-border restrictions and jurisdictional control must also be understood, addressing privacy concerns with no remote processing of data.  At the end of the day, true sovereignty ensures that other jurisdictions are unable to   authority over data stored beyond national borders, fostering national data interest and growth.

True sovereign clouds require a higher level of protection and risk management for data and metadata than a typical public cloud. Metadata — or information about the data, such as IP addresses or host names — must be protected along with the data itself.  VMware Sovereign Cloud providers offer transparency around security measures, both cybersecurity protections and physical security, in the data center.

VMware sovereign cloud providers are:

Customers requiring sovereign solutions demand the expertise and transparency offered by VMware sovereign cloud providers, ensuring  security and compliance with local data privacy and sovereignty laws. This expertise and transparency become invaluable, enabling data security and compliance.

Find your sovereign Cloud provider today. Check out the latest VMware sovereign cloud Infographic or join the conversation via our LinkedIn community at  VMware Sovereign Cloud | Groups | LinkedIn.

This guest blog is part of a Channel Futures sponsorship.