Which criteria should a sovereign Cloud meet?

Eduard: ‘when we consider what exactly a sovereign Cloud is, we first need to take a step back. In 2018, people were already introducing the GDPR/AVG and the US Cloud Act. In 2020, it was joined by Gaia X: a platform where data sovereignty was and is widely discussed. Globally, 145 countries have their own data privacy laws. For a Dutch company, that means you have to comply with Dutch law. Herein, you see the sovereign Cloud taking off. It is increasingly becoming a talked-about topic, causing companies to think about issues such as: where exactly is my data and who can access my data? Geopolitical circumstances, such as the war in Ukraine, are also forcing organisations to think about how we handle the Cloud and where our data should reside. Another driver to look at the sovereign Cloud is cyber-attacks. You simply want your data to be safe.’

‍

The criteria for a sovereign Cloud

‘'When looking at the term sovereign Cloud, it has no substance if we do not assign criteria to it. Actually, a sovereign Cloud only has value when an external authority sets measurable criteria. VMware, as an authority, has jumped on this and created the VMware Sovereign Cloud status. Fundaments is the first in the Netherlands to achieve this status. The VMware Sovereign Cloud status is extremely significant, because it gives people certainty. You can see it as a certification. It gives solidity to who you are as a Cloud provider. It is good for companies to find that their data is in a sovereign Cloud from VMware, so you know where your data is and that it is safe.’

‍

‍

‍

When is a Cloud sovereign?

‘In this, a number of elements play a role. First, who does/ does not have access to your data? This gives you assurance that parties who should not have access to your data, really don't. Secondly: data is on Dutch territory. You can indicate in which data centre in the Netherlands you want your data to be hosted. This way, you always know exactly where your data is located. Finally: your data is managed by a Dutch organisation with Dutch people who are screened for this. The processes are set up in such a way that the data does not leave the data centre.

‍

‍

The VMware Sovereign Cloud status

‘In addition to the elements just mentioned, the VMware Sovereign Cloud has additional conditions that a Cloud provider must meet to obtain this status. Such conditions look at three elements: people, organisation and technology. Employees are screened, the organisation must meet certain certifications, (such as ISAE 3402) and the technology must meet the VMware Cloud Verified status.’

‍

‍

‍

The benefits for partners of Fundaments

‘Our partners are embracing the sovereign Cloud status, they see the added value in being able to offer reassurance to their customers and prospects that the data they have the right to manage is safe in the Netherlands. Looking a little more broadly, we see that the sovereign Cloud allows companies to do a piece of data classification. Companies thus have assurance through our partners that the data is safe with us and managed by people who have been screened.'

‘In short: on a sovereign Cloud you can build and trust. Would you like to meet Eduard for a coffee and discuss our sovereign Cloud with him? Then get in touch at  e.keijzer@fundaments.nl.

Or watch our talk show Fundaments Talks - Sovereign Cloud here.

‍