What is sovereign cloud, and how can your organization benefit from it? Wenche Karlstad guides you through the regulatory maze and explains how to deal with sensitive data in the cloud. Credit: istock Sovereign cloud is not a new concept. It has just become very topical due to a changing geopolitical landscape and new regulations that affect control of data. To put it briefly, sovereign cloud provides a smart solution for an international battle of digital sovereignty, but let’s dig a little deeper. Behind the move to make clouds sovereign is the need for digital sovereignty. In practice, this is all about data: where does it reside, where is it flowing, and who has control over it? These questions are critical for a modern data economy, where data means power. Inevitably, cloud services come under the spotlight. They are the engines of the data economy. Solving the legal limbo around cloud services European industries and public sector organisations are storing more and more data in cloud data centres. As everyone knows, this playground is dominated by American tech giants. Now, regulation has caused a legal limbo around cloud. Among the driving factors are the US Cloud Act and similar laws in other countries such as China. They are in conflict with new EU rules and decisions by the EU Court of Justice, in particular a ground-breaking case coined Schrems II. The European Union wishes to mitigate dependence and the risk of foreign access to critical data, also considering that cloud is the powerhouse of AI, and other essential technology. EU regulations, such as GDPR, Data Act and Data Governance Act, are meant to control the flow of data across borders to prevent the risk of access to data by non-European authorities. In particular, the rules demand that sensitive or critical data stay on sovereign soil. This is emphasised in the Schrems II judgment. As a result, Chief Data Privacy Officers now need to understand and assess what data is stored in the cloud and whether any of that data is being transferred outside of the EU. Also read our previous blog: What you should know about CLOUD Act, Schrems II, Gaia-X and data sovereignty regulations The amount of metadata that cloud providers are collecting is much greater than people realise. The collection is often automatic and may include data such as IP addresses, credentials, as well as logging and diagnostic reports. The recommendation is to do a thorough data classification and application assessment to secure compliance. Organisations must deploy the right applications and the right data into the right cloud, whether it is private, hybrid or native public cloud. It is necessary to differentiate what data can be classified as critical according to national and regional security standards. First, there are different classification tiers such as public, confidential or restricted data, which vary by country or region. Second, there are different types of industry data such as national, corporate, or personal. That is why the first thing to do is a full data and application assessment. Sovereign cloud to ensure data sovereignty Today, sovereign cloud lacks a definition that is commonly accepted or used in the industry. But fundamentally it is about data, its ownership, trust, control, national interests, and compliance with regulations. Why? A sovereign cloud ensures all data including metadata stays on sovereign soil and prevents foreign access to data under all circumstances. It provides a trusted environment for storing and processing data that can never be transferred across borders and must remain under one jurisdiction. Sovereign cloud is really about protecting and unlocking the value of critical data. Sovereign clouds are mature and well-established solutions that are part of emerging multi-cloud landscape. They also provide all the other core benefits of cloud such as agility, security and automation. In the end, sovereign cloud should be a part of a multi-cloud strategy. It just demands understanding that not all data is the same and that there are differences between clouds. The clouds have a different value proposition, and organisations must use each flavour side by side. It’s time to update your cloud strategy to match the current regulatory maze and take sovereign cloud as part of the palette. 5 recommendations for sovereign cloud Classify your data, and for critical and sensitive data, mitigate all risks including data sovereignty and foreign access risks.Create a Chief Data Privacy Officer or Data Guardian role in your organisation.Understand your data flows and conduct a data protection impact assessment (DPIA) before moving to the cloud.Shift from Cloud First to Cloud Smart, deploying the right data/workload into the right cloud.Engage a partner as a trusted multi-cloud advisor to guide you. Above all, digital sovereignty is the right of the nations, organisations and citizens to have control over their digital autonomy and their data. The sovereign cloud infrastructure is the connected ‘highways’ needed to unlock all the potential of the data-driven economies and promote the innovation of the society through digital technologies. Digital ecosystems need to flourish through collaboration and open access to commonly architected data hubs. The values of openness, trust and transparency, as well as the inclusiveness that we are proud of in the Nordic countries deserve to be guaranteed through digital empowerment. We are here to guide you through the maze, so don’t hesitate to contact us to continue the discussion. Watch our on-demand event: Navigate the data sovereignty maze – from cloud first to cloud smart! Learn more about our services here to ensure that your data is protected and kept sovereign with a trusted, cloud infrastructure and data platform provider. Related content brandpost Sponsored by VMware Involta: On a mission to transform the world through technology In its sustainability efforts, Involta is applying the same attention to detail and focus on performance that marks its IT solutions and services. By Ken Phillips Dec 21, 2023 5 mins Green IT brandpost Sponsored by VMware Author E. Freya Williams has a Message for Tech Leaders The author of “Green Giants: How Smart Companies Turn Sustainability into Billion-Dollar Businesses,” is on a mission to show corporate leaders that sustainability can be central to how businesses make money. She also has a message for th By Ken Phillips Oct 24, 2023 9 mins Green IT brandpost Sponsored by VMware DEAC and DLC: Delivering sustainable cloud services to the Baltics and beyond European Data Center Operator – Digitalas Ekonomikas Attistibas Centrs – (DEAC) and Data Logistics Center (DLC) are on a shared mission to empower enterprises in the Baltics with the most sustainable cloud solutions and services available By Ken Phillips Oct 23, 2023 5 mins Cloud Management Green IT brandpost Sponsored by VMware Inside Intermax’s ambitious journey to be a sustainable cloud leader Intermax are intent on making their cloud services as sustainable as possible to help customers who are equally focused on cutting emissions. By Ken Phillips Sep 18, 2023 5 mins Green IT Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe