Advertisment

Data Sovereignty and Clouds: Not an Oxymoron. Anymore

Sovereign Clouds reshape data control, blending compliance and localization. Global vendors adapt, ensuring secure, efficient solutions for evolving geopolitical demands.

author-image
DQINDIA Online
New Update
image
Listen to this article
0.75x 1x 1.5x
00:00 / 00:00

What was once contrarian to what the Cloud stood for is now being accommodated by top vendors and crafted in a special way.

Advertisment

Are Sovereign Clouds flipping the script?

It’s always reassuring to keep your precious jewels safe – like in a bank locker. But what if that bank moves right in your street? So that you can watch it from your window, anytime. As unusual as it may have sounded just a few years back, the cloud industry has begun to realise that some regions and verticals need tight control over ‘where’ their data is kept. From compliance needs to localisation mandates to sovereignty imperatives, Cloud has been adapting well to this big customer need.

Almost every big Cloud vendor – from AWS to Oracle to Salesforce has now embraced sovereignty in some form. In an Accenture report in 2023, it was observed how with digital sovereignty laws on the rise, sovereign cloud solutions have emerged to help organizations take back control of their data. Interestingly, European enterprises were seen increasingly embracing sovereign cloud, with 37 per cent already invested and 44 per cent that were planning to invest in the next two years. As many as 50 per cent of European CXOs saw data sovereignty as a top issue when selecting cloud vendors. The Accenture survey also found that increasing numbers of European enterprises are prioritizing cloud sovereignty over the near term, and 89 per cent even said that the Russia-Ukraine war has strengthened their focus on sovereign cloud. Of those companies who had made or were considering sovereign cloud investments, 37 per cent had spotted to have already invested and about 20 per cent of workloads were already being moved to sovereign cloud. Over a third of surveyed companies also saw the potential for eventually moving between 25 per cent and 75 per cent of data, workloads or assets.

Advertisment

image

The level of sovereignty we see growing in India are – data centre sovereignty and sovereign cloud policy adherence. - Naresh Chandra Singh, Sr Director Analyst at Gartner

It’s not a trend limited to Europe. In the recent IDC report, ‘State of Sovereign and Industry Cloud Investment by Asia/Pacific Governments’, government interest in the region for sovereign cloud solutions has been seen rising due to geopolitical disruptions, increasing cyber threats, evolving data protection regulations, and shifts in digital trade policies. Governments are also witnessing sovereign cloud as an economic advantage, encouraging investments from hyperscalers in local data centres to enhance the digital economy and industry prospects. As per the report, government organizations in the Asia Pacific region are increasingly interested in adopting sovereign cloud services, with 17 per cent already utilizing them and a third planning to do so within two years, according to IDC’s FERS survey. Almost all major cloud providers like AWS, Google Cloud, IBM Cloud, Microsoft Azure, and Oracle are expanding their offerings for the sovereign cloud market in the Asia Pacific region – as observed in the report.

Advertisment

Data is a big reason for this shift.

Why the U-turn?

Cloud vendors are investing in sovereign clouds to address growing demands from governments and regulated industries for data sovereignty, privacy, and compliance, points out Biswajeet Mahapatra, principal analyst at Forrester. “By ensuring data residency and meeting local security requirements, they help clients meet strict regulatory standards, especially in Europe and Asia. Many regions, particularly Europe, mandate data localization. Sovereign clouds ensure data remains within borders, complying with local laws.” He illustrates how providers like Google (partnering with T-Systems in Germany) and Microsoft (with Capgemini in France) are teaming up with local firms to boost trust and ensure compliance with regional standards.

Advertisment

No more a Pancake, But a Waffle 

Governments want to avoid foreign-controlled infrastructures, prioritizing local control over data and infrastructure. - Biswajeet Mahapatra, Principal analyst at Forrester

Yugal Joshi, partner, Everest Group reflects that Cloud sovereignty has been a discussion theme among specific customers but has rarely upended any potential cloud engagement. “Given increasing geo-political tensions and changing alliance priorities of governments, this will become even more important. Interestingly, sovereignty started almost as an “anti-USA cloud vendor” initiative by European entities, but since then has become a broad-based need from cloud providers.”

Advertisment

Cloud sovereignty has gained significant traction in the past few years, with governments and companies demanding greater control over data, avers Bharat Unadkat, Engagement Partner at Practus. “A recent report by Gartner predicted that by 2026, 60 per cent of organizations will leverage sovereign Cloud services to meet evolving compliance needs.”

He offers some fresh examples too. Microsoft launched a sovereign Cloud offering in Germany, in partnership with T-Systems, to meet the strict data residency requirements. This regionalized solution ensures that data stays within national borders and is managed by a German data trustee. Similarly, Google has partnered with Thales in France to build a sovereign Cloud that meets French data localization mandates. The service is aimed at French businesses in highly regulated sectors, showcasing Google’s commitment to localized Cloud solutions.

Joshi observes that in its earlier avatar, it was to build local cloud vendors owned within a country that comply with the law and order of that nation. “However, over time it was realized that it is hard to compete with large cloud vendors and therefore, they were asked to provide elements of sovereignty in their cloud solutions.”

Advertisment

There are multiple levels of sovereignty offered by cloud providers, chimes in Naresh Chandra Singh, Sr Director Analyst at Gartner. The ones we see growing in India are – data centre sovereignty and sovereign cloud policy adherence. These are driven by technical reasons like user experience being better when you have a data centre inside the country and addressing the needs of customers who have data residency requirements, and also government policies and rules that may make government entities including government-invested commercial organizations use only those cloud providers that comply with the above.”

Image

The aggregation of many enterprise’s workloads in a public cloud is more efficient than distributed across many locations. - Dr. Owen Rogers, Upime Intelligence

Advertisment

First is the emergence of digital assets as a critical pillar of national operations that necessitates their availability 24x7 and hence protection from unauthorized actors, explains Vishal Kamani – Cloud Business Head, Kyndryl India. “Secondly, geopolitical tensions have further underscored the importance of autonomous control over the nation’s digital infrastructure to ensure continuity and resiliency.”

The Broken Window Syndrome

Just putting a bank locker close to your doors will not suffice. No neighbourhood is secure enough – especially when small cracks on car windows are ignored. Enterprises cannot rest easy just by parking their data in Clouds nearby.

The long-term success will hinge on how regulations evolve and the market’s willingness to absorb the associated costs, underlines Mahapatra. “Sovereign clouds may endure as regulatory demands increase globally, but the model may need to adapt for scalability and efficiency. Innovations, such as decentralized and confidential computing, may also impact how sovereign clouds operate in the future.”

Consider a different perspective that Dr. Owen Rogers, Senior Research Director for Cloud Computing for Uptime Intelligence offers here. “Data centre footprints might reduce if enterprises decide that public cloud now meets their data sovereignty requirements, and so migrate their on-premises workloads to the cloud. The aggregation of many enterprise’s workloads in a public cloud is more efficient than distributed across many locations, similar to how road traffic reduces when many people sell their own cars and take a shared bus instead.”

Cloud Sovereignty is real, and many organizations/ governments have successfully implemented this effectively, however sovereign clouds can be more expensive due to higher operational costs, as they provide value by ensuring compliance and security, which can mitigate potential legal and financial risks, reminds Harshit Gupta (Head - Acies Consulting and Product Leader - Kepler and Kore).

Sovereignty spans three dimensions, as captured well by Kamani. “Data sovereignty (local storage and processing), operational sovereignty (local management by in-country entities), and technological sovereignty (reduced dependence on foreign technology). We need a coordinated effort between industry bodies, technology companies and government institutions to achieve a sovereign cloud across all three dimensions.”

Looks like Data security and control will continue to define Cloud investments in new ways ahead. The bitter truth is that today ‘data safety’ happens to be the new oxymoron. 

By pratima H

pratimah@cybermedia.co.in

 

Advertisment