Stay in Control of Your Data with a Secure and Compliant Sovereign Cloud

Staying
in
control
and
securing
your
data
has
never
been
more
important!
As
data
privacy
regulations
continue
to
evolve,
businesses
have
had
to
adapt
how
and
where
they
store
data.
The
EU’s
General
Data
Protection
Regulation
(GDPR)
has
been
the
most
newsworthy,
requiring
all
businesses
that
operate
in
or
have
customers
in
the
EU
to
change
how
they
handle
personal
data.
Regulations,
compliance,
and
how
data
is
controlled
and
managed
is
becoming
more
of
a
critical
factor
globally,
with
more
than
157
countries
around
the
world
having
some
form
of
data
privacy
laws,
and
thus
putting
a
spotlight
on
sovereign
clouds.¹

In
addition
to
rights
to
transparency
and
security
granted
by
regulations
such
as
GDPR,
more
countries
worldwide
are
starting
to
create
rules
around
data
sovereignty.
This
‘protectionism’
restricts
where
data
can
go
and
who
has
jurisdiction
over
the
data.
New
rules
around
data
sovereignty
are
designed
to
keep
data
out
of
the
hands
of
other
countries,
bad
actors,
and
those
without
authorized
access.

Data
sovereignty
is
the
right
to
control
citizens’
data
collection,
ownership,
and
application.²

To
ensure
compliance
with
data
privacy
and
sovereignty
laws,
organizations
are
looking
to
sovereign
cloud
solutions
to
protect
their
sensitive
data.
Sovereign
clouds
are
operated
by
experienced
national
cloud
providers
who
can
provide
dedicated
cloud
storage
that
complies
with
local
regulations.

There
are
four
key
use
cases
to
consider
around
sovereign
cloud.
This
post
will
cover
all
four
in
brief,
or
you
can
read
the
in-depth
posts
on
each
topic.

Data
Sovereignty
in
the
Cloud
Data
Security
and
Compliance
Data
Access
and
Integrity
Data
Independence
and
Mobility

Data
Sovereignty
in
the
Cloud

A
significant
hurdle
for
complying
with
data
sovereignty
regulations
is
the
dominance
of
U.S.-based
companies
in
the
public
cloud
computing
market.
These
providers
are
subject
to
the
U.S.
CLOUD
Act,
which
could
result
in
the
U.S.
government
accessing
data,
even
if
it
is
stored
in
another
country
but
with
a
U.S.-based
company.

Sovereign
cloud
protects
your
data
from
interference
by
foreign
authorities.
All
data,
including
metadata,
resides
locally,
making
it
easier
to
comply
with
residency
laws
and
other
local
sovereign
requirements.
Using
a
sovereign
cloud
allows
you
to
stay
in
control
of
your
data
and
ensure
it’s
compliant
with
regulations.

Data
Security
and
Compliance

Sovereign
cloud
providers
use
multi-layered
security
and
access
controls
to
protect
data.
This
prevents
unauthorized
access
and
data
loss
in
the
face
of
growing
cyberattacks.
Additional
data
protection
steps
should
be
taken
by
the
provider,
such
as
encryption
and
air-gapped
storage.

Compliance
is
critical
to
comply
with
data
sovereignty
laws,
from
where
data
is
stored
to
who
can
access
it.
As
laws
evolve,
compliance
staff
must
understand
and
follow
relevant
local
and
industry
regulations.
Sovereign
cloud
providers
have
been
approved
for
security
controls
as
part
of
the
20-point
self
attestation
process
which
provide
consistent
security,
zero
trust
principles
and
micro
segmentation
in
addition
to
having
local
compliance
experts
to
keep
up
with
the
latest
laws.

VMware
Sovereign
Cloud
helps
organizations
comply
with
data
privacy
laws
by
partnering
with
local
cloud
providers
to
build
sovereign
clouds
based
on
VMware’s
framework
that
are
based
entirely
within
a
local
jurisdiction.
These
VMware
Cloud
Verified
partners
have
local
staff
with
security
clearances
(if
required)
and
expertise
with
local
laws
to
ensure
the
compliance
of
the
sovereign
cloud
environment.
These
providers
offer
continuous
compliance
monitoring,
reporting,
and
remediation
so
data
follows
local
and
industry
regulations.

<br />

Data
Access
and
Integrity

Having
data
is
useless
if
you
can’t
access
it
when
you
need
it.
That’s
why
access
and
integrity
are
required
components
of
a
sovereign
cloud.
With
multiple
in-region
data
centers,
providers
can
offer
99.999%
uptime
in
addition
to
backup
and
recovery
protocols
that
meet
data
sovereignty
requirements.

VMware
Sovereign
Cloud
provides
secure
access
to
sensitive
data
and
protects
its
integrity
to
allow
organizations
to
unlock
value
from
their
data
and
to
ensure
it
is
accurate
and
complete.
In-region
data
centers
with
high
availability,
resilient
infrastructure,
and
low
latency
make
data
accessible
when
needed.
Secure
access
presents
new
opportunities
for
data
analysis
that
can
fuel
innovation
and
improve
local
economies.

Data
Independence
and
Mobility

Data
sovereignty
laws
have
placed
restrictions
on
how
data
travels
across
national
or
regional
borders.
These
data
movement
and
sharing
restrictions
can
cause
companies
to
limit
where
they
do
business
to
avoid
compliance
headaches.
Sovereign
clouds
can
prevent
these
issues
by
keeping
a
company’s
sensitive
data
compliant
while
operating
as
part
of
a
broader
multi-cloud
ecosystem
that
supports
the
overall
business.

VMware
Sovereign
Cloud
helps
organizations
future-proof
their
cloud
infrastructure
with
data
independence,
interoperability
and
mobility.
Data
can
be
shared
and
migrated
as
needed
to
respond
to
changes
in
technology
or
geopolitics.
A
sovereign
cloud
is
compatible
with
multi-cloud
or
hybrid
cloud
strategies
and
is
separate
from
the
underlying
infrastructure,
preventing
vendor
lock-in.
Workload
migrations
into
or
out
of
a
sovereign
cloud
are
secure,
allowing
organizations
to
deploy
and
move
data
anywhere
as
needed.

For
more
info
on
VMware
Sovereign
Cloud…
Download
the
Sovereign
Cloud
Solutions
Brief
by
clicking here or
watch
the
Sovereign
Cloud
Overview
video
by
clicking here.
Learn
more
about
sovereign
cloud
from
VMware
or
to
connect
with
a
provider
in
your region,
visit https://cloudsolutions.vmware.com/services/sovereign-cloud.html or
join
the
conversation
on
Sovereign
Cloud
on
LinkedIn
by
clicking here.

Sources:
1.

Now
157
Countries:
Twelve
Data
Privacy
Laws
in
2021/22, SSRN,
Graham
Greenleaf,
University
of
New
South
Wales,
Faculty
of
Law,
March
2022
2.
Hinrich
Foundation, Data
is
disruptive:
How
data
sovereignty
is
challenging
data
governance,
August
2021

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts