Everything you want to know about the sovereign Cloud

Laws and regulations around data privacy and the location of data have a lot of impact on the use of the public Cloud. Some organisations therefore choose to withdraw their data from the public Cloud, however, this is not the only solution. Using a sovereign Cloud allows your organisation to comply with local data laws and regulations, while continuing to enjoy the convenience and benefits of the public Cloud.

Privacy legislation

The General Data Protection Regulation (GDPR or AVG in the Netherlands), which came into force in 2018 within the European Union, has created a much stricter handling of privacy-sensitive and personal data. Furthermore, this sweeping regulation has inspired more than 100 countries to enact similar legislation. Individuals are entitled to have privacy-sensitive data protected, but also accessible to them so that they can view it and decide whether data should be modified or deleted. Legislation around data therefore imposes requirements on both the protection and availability of data.

In addition, more and more data sovereignty legislation is emerging: personal data is subject to the laws of the sovereign state in which the data was produced. In other words, if a Dutch citizen from the Netherlands creates data or leaves his data somewhere, it is protected by Dutch (and EU) privacy rules. A central aspect of this legislation is the physical location of the data, or data residency: many countries require organisations, operating in a particular country, to store data on residents on servers located within the country's borders.

US public Cloud

At the same time, public Cloud is being used more and more. This involves moving data and workloads to a data centre maintained by a public Cloud provider. For many companies, this is a way to be flexible and not have to worry about the costly and complex maintenance of their own server farm or data centre. However, by placing data in the public Cloud, it is no longer clear in which geographical location it is stored. Additionally, the largest and most widely used public Clouds (AWS, Azure, Google) are from the US, and the U.S. CLOUD Act of 2018 states that data stored with US Cloud providers remains claimable by US governments via a court order, even if it is located outside the US. This runs counter to the requirements of the GDPR and legislation around data sovereignty.

An increasing number of organisations, especially in highly regulated industries, are opting out of storing their data in the public Cloud. Some French and Austrian organisations even stopped using Google Analytics because it could lead to spying from the US. Meta, the parent company of Facebook and Instagram, has even considered shutting down its operations in the EU because of the contradictions in legislation.

Of course, not all data is privacy-sensitive. The information contained on publicly accessible websites is not, but medical data, a customer or address file obviously is. And for commercial companies, it makes sense to properly protect their company data and intellectual property. By classifying data, it becomes clear which data is suitable for the public Cloud and which is not.

‍

What is a sovereign Cloud?

But where do you leave that sensitive data? Back to your own private Cloud and once again do the costly management yourself? Or do you opt for the middle way, the sovereign Cloud? The term sovereign Cloud describes the framework where data security, processing and continuity are guaranteed on every Cloud platform. This is because the sovereign Cloud complies with local data storage and data sovereignty laws. In a sovereign Cloud, you have full control over your data yourself, while it is properly managed and protected by specialists who are well versed in the changing world of data legislation and cybersecurity.‍

‍

Complying with the rules

Legislation around data privacy, data sovereignty and data residency is still evolving and also varies from country to country. Complying with the latest legislation requires specialised knowledge that most organisations do not have in-house. In addition, it is important for an organisation to manage data in such a way that new legislation can be applied quickly. A certified sovereign Cloud provider, such as Fundaments, has this knowledge in-house and offers the right flexibility in data storage and management.

Security, integrity and accessibility

Fundaments' Sovereign Cloud, based on the VMware Sovereign Cloud framework, offers a layered approach to protecting data. It ensures you comply with local laws and regulations and that your data is safely shielded from unwanted foreign powers and other undesirable entities.

Data security, integrity and availability starts with the physical protection of data, a combination of reliable data backups, proven disaster recovery protocols, secure networks and robust data centre connections. For example, the sovereign Cloud's local data centre has at least two different locations where data is stored. In addition, strict access policies can be implemented based on the zero-trust principle: all communication between workloads is closed off unless explicitly authorised. External threats can be further locked out using encryption or even an air-gapped network.

Of course, all these sovereign Cloud facilities are regularly tested and certified according to recognised industry standards. Fundaments' experienced experts are also well acquainted with the security strategies and tactics needed to protect your applications and data from the threats of ransomware and cyber attacks.The strict access policy does not only have security benefits.

The operational security of the sovereign Cloud and the availability of data improve business processes. In addition, it is also quite possible to use personal data anonymised for customer data analysis to better target online campaigns.

‍

Across national borders

Having data securely stored in the country where it was created is important to remain compliant with laws and regulations. But what if your organisation also does business beyond national borders? Regulations on moving data across national borders are also on the rise, which can impact international trade. Fundaments' Sovereign Cloud separates data from the underlying infrastructure and applications, making data portability and movement easy. By working with Fundaments' experts, you can be sure that moving data across country borders is done within the regulations. Not for nothing is Fundaments the first Cloud provider to be VMware Sovereign Cloud certified.

Ideally, a sovereign Cloud forms a central component of a multi Cloud strategy that also uses public Clouds for non-sensitive data. This allows your organisation to scale efficiently, control costs and maintain full control over your data. Want to know what the best solution is for your organisation? In that case, get in touch with Fundaments' experts.