Home
Expert Base
Blogs
Optimal data continuity and security with the sovereign Cloud from Fundaments
Contents
Optimal data continuity and security with the sovereign Cloud from Fundaments
What is the sovereign Cloud from Fundaments?
Sovereign Cloud Framework
The 8 steps
Related blogs
Back to Expert Base

Optimal data continuity and security with the sovereign Cloud from Fundaments

This is the fourth and final article in our blog series on sovereign Cloud, data classification and Cloud strategies.‍

Written by
Iris Nicolaas
&
Larik-Jan Verschuren
Posted on
02
-
11
-
2023
2024
Written by
Iris Nicolaas
&
Larik-Jan Verschuren
Posted on
02
-
11
-
2023
2024
Contents
Optimal data continuity and security with the sovereign Cloud from Fundaments
What is the sovereign Cloud from Fundaments?
Sovereign Cloud Framework
The 8 steps
Related blogs
Back to Expert Base

In the previous articles in our blog series, we have talked about increasing data volumes, the challenges of properly protecting such data and the importance of considering different Cloud routes. In this article, we reflect on one of these Cloud routes: the sovereign Cloud. What exactly is it? What makes it sovereign? Using the Sovereign Cloud Framework, we walk through the characteristics of this particular Cloud route in this article.

In 2022, Fundaments was the first Cloud Service Provider to achieve VMware Sovereign Cloud status. With this status, we have shown that Fundaments takes Cloud sovereignty to the next level. This means that we are committed to ensuring data protection and compliance, while taking national laws and regulations into account, as well as protecting all the data in the Cloud from the increasing digital threats. We achieve this by continuously striving to optimise control over the place where data lands.

What is the sovereign Cloud from Fundaments?

With our sovereign Fundaments Cloud, we offer our partners the most secure and reliable Cloud foundation. Looking at the Fundaments Cloud, we can operate it independently and have everything covered from A to Z: going from people to process and technology. This starts with how we set up a data centre, all the way through the way we guarantee the continuity of organisations with the choices for hardware, software and its set-up. We also ensure that we take day-to-day management to the highest level with our skilled colleagues. So, how the Cloud is consumed must be clear throughout the chain and we are highly critical in this regard. Continuity is the key word here: business-critical applications must always be able to run, without interruption. Hence, our data centres are geographically separated and we solely use Dutch data centres. In addition, both we as an organisation as well as our data centres comply with the appropriate certifications regarding information security and continuity.

The advantages of Fundaments' sovereign Cloud are:

  • Fundaments' sovereign Cloud protects critical data from cyber attacks and external access;
  • Data resides on Dutch soil and is fully managed throughout the chain: from data location, hardware to every process for management and security;
  • Compliance with ever-changing local regulations.

Sovereign Cloud Framework

Using the Sovereign Cloud Framework, we bring our partners the most optimal data continuity and security. This framework includes, as shown below, a number of steps we take to land data in the best place, in the right Cloud and with the right measures to ensure availability and continuity.

Step 1: In this first step, we check whether we understand our client and we put the focus on the required specialism. Do we have the expertise for it? Many organisations are in a particular market segment. For Fundaments, the organisation we are serving has wishes and requirements that we can fulfil through our solutions. Take a look at a company like TriOpSys, they build and manage Mission Critical IT systems for the government, among others. Examples include control rooms and traffic control centres. These systems must never fail, because this could cause major economic damage or even human suffering.
Rob Timman, Managing Director at TriOpSys, says the following about the partnership with Fundaments: “Responding quickly, the understanding that we are dealing with essential systems, and the offering of high quality: these are essential issues for us, and Fundaments provides them. They really do that extremely well."

Step 2: Next, we have a conversation with the Data Officer, Security Officer and CISO. Which policies are followed and which parties are involved in managing applications? By mapping out the total governance on the customer side, Fundaments can fully account for the processing of data landing on a platform with its own management organisation. Should this be partly impossible, clarifying the demarcation on responsibilities and risks is also part of this step.

Step 3: In the third step, it is important to look at which data is out there and how it is classified. Think of classifications such as ‘public’, ‘internal’, ‘confidential’ or ‘secret’. In addition, however, classification can also be done on the impact on business processes: when the data is not available, what is the impact for an organisation? As well as: what does it mean if data gets into the wrong hands? All of these properties are identified in this step.

Step 4: From the data classification in the previous step and especially from the policies on data management, in the fourth step there is an analysis on where data may be stored and processed.

Step 5: Alongside storing and knowing the value of the data from its classification, it is important to know who processes it and how. Who is the exact management organisation that protects the data and ensures its availability? Which people work with the data and which processes ensure correct processing? Identifying the management organisation and also determining the jurisdiction within which the organisation operates will help establish a risk profile.

Step 6: This step looks at how continuous compliance is ensured. Protecting and keeping data available is a continuous process that should always receive attention in a deming cycle. This is guaranteed within many certifications. For Fundaments, this means that from our ISAE3402 type I and II certifications, among others, this is made transparent in a report on our process improvements. In addition, policies on innovation, research on product security and improving knowledge by training employees also fall under this part of the framework.

Step 7: Based on all the previous steps, it is clear which Cloud can be chosen. For public data, a hyperscaler can be a solution, but for government applications, it must be clear throughout the chain where the data is hosted and who processes it. In addition, technical requirements may also play a role in this; think of the physical distance between user and processing of their data. Fundaments also looks at the portability of data between Clouds, especially when an exit strategy is very explicitly desired, the migration to and from a Cloud is examined in detail.

Step 8:  In the growth and dependence of data, keeping it protected and available is a requirement, however, the set of applications and the underlying platform are also constantly changing. Keeping up with developments is an important aspect, especially because very often security methods also become more diverse and stringent in this development. The chosen Cloud platform should also be able to facilitate such developments."Nowadays, making data available online and protecting it is the central issue; Cloud is a means and no longer the goal."Larik-Jan Verschuren - CTO at Fundaments.

Going through the framework will identify all the relevant issues for your data. Fundaments' sovereign Cloud platform allows you to find all the components to make the right choices. In addition, Fundaments' Cloud Experts provide a solid, well-argued strategy for your business-critical data.

Related blog items

No items found.
No items found.
No items found.
No items found.