Shifting global regulations opens door to sovereign cloud | HCLTech

Shifting global regulations opens door to sovereign cloud

Shifting global regulations opens door to sovereign cloud

Sovereign cloud enables data access in compliance with national and international laws and regulations and underlines the importance of having an architecture that protects against unauthorized access to data.
6 min. read
Jordan Smith
Jordan Smith
US Reporter, HCLTech
6 min. read
sovereign cloud
Rise of population and decrease in employment leads to backdrop of economy

Sovereign cloud has emerged as key area of interest as companies seek intelligent solutions to obtain digital sovereignty. Sovereign cloud computing architecture provides data access in compliance with national laws and regulations. As international laws and regulations evolve, it’s essential to have a cloud architecture that protects from unauthorized access and ensures data is stored in compliance with privacy mandates.

Cloud sovereignty requires cloud service providers (CSPs) to monitor cloud and data storage services and validate compliance with national data privacy and security laws. To determine the sovereignty of a cloud computing architecture, regular assessments are established including records that log access permissions and data movement during a period of time.

Entities that process and maintain highly sensitive data are most likely to be evaluating and adopting sovereign cloud. Interest is even greater in highly regulated industries like financial services, life sciences and healthcare, public sector, as well as countries in Europe, according to SVP and Global Head of Google Cloud Ecosystem at HCLTech, Ankur Kashyap. He adds that Google estimates the sovereign cloud opportunity is worth over $70 billion.

“We are regularly in communications with companies discussing how sovereign cloud services can ensure regional and industry specific regulatory compliance, as well as data and operational control,” said Kashyap.

Kashyap shared that HCLTech has a three-pronged approach for helping customers adopt a sovereign cloud structure. There are advisory services for sovereign cloud adoption, in-country and in-region services who work toward assurance, security, data, and controls, as well as onboarding ISVs that can self-test and enhance their offerings to meet sovereign requirements.

“While we have been working with North American customers for the sovereign cloud environments for some time now, we are seeing significant interest from Europe with a specific, especially Germany and France in particular need to mandate sovereign cloud requirements for some regulated industries and for public sector entities,” said Kashyap.

Demystifying digital sovereignty
Watch the video

Google Cloud’s sovereign offering

Google Cloud’s sovereign cloud offerings spread across three pillars, which include: data, operational and software sovereignty.

Under the first pillar, data sovereignty, Google Cloud’s assured workload offering enables customers to maintain control of their data through local encryption key management and enhanced regulatory compliance. No unauthorized entity can access a customer’s data in this way—not even Google Cloud.

Operational software is a pillar that allows customers to get a multitenant environment while having the controls in place like a traditional on-prem environment. According to Kashyap, Google Cloud has partnerships with local providers in countries with mandated sovereign cloud requirements. The partners act as local administrators for encryption keys, controlling local infrastructure, production access, and software updates.

Through software sovereignty, customers can run and control the availability of their workloads without being dependent on providers' software. Google Cloud can also provide survivability services that enable air-gapped and disconnected operations for customers.

According to Kashyap, what differentiates Google Cloud’s sovereign cloud offerings from other cloud service providers and hyperscalers is that the offering follows the Google ethos of working with open ecosystems and open source and has more interoperable products.

“Additionally, Google has partnered with T-Systems in Germany, Thales in France, and Telecom Italia in Italy to deliver security, privacy and digital sovereignty capabilities which are aligned to local regulatory powers,” said Kashyap.

“I think this focused approach has helped Google Cloud establish a strong cloud sovereignty practice in their chosen regions,” he adds.

Advice to customers considering a sovereign cloud infrastructure

Customers must establish the critical drivers for moving to sovereign cloud infrastructure, Kashyap explains. Customers will need to evaluate the level of regulatory compliance that is mandated under old sequences.

Some requirements, like data residency and cryptographic control over data access, can still be managed without an end-to-end sovereign cloud environment. If a customer is looking into operational support services where local presence and personnel are needed, they will need to involve a local partner. In many cases, survivability requirements can be necessary and require an air gap mode.

HCLTech Google Cloud Ecosystem

Supercharging Progress

Supercharging Progress

Digital. Engineering. Cloud.

Technology & Services
Share On

Latest analyst reports

Why we are the go-to partner for enterprises

Read more