Organizations from across the globe are capitalizing on the multi-cloud for its flexibility, scalability, agility, and cost-effectiveness.
Organizations from across the globe are capitalizing on the multi-cloud for its flexibility, scalability, agility, and cost-effectiveness. Research suggests around 85% of organizations are considering multiple clouds. A good percentage of those, 65% according to Pluralsight, are already operating a multi-cloud environment. Amid the rise of multi-cloud, the cloud thesaurus is also expanding to include newer cloud types and configurations, each responding to emerging challenges and technologies. One of the latest additions to the ever-expanding portfolio of cloud types is sovereign cloud.
To address new laws and increasingly stringent sovereignty regulations, hyperscalers like Google and Microsoft have rushed to roll out their sovereign cloud offering. AWS lagged behind for a while, raising concerns regarding the legitimacy and urgency of the need for a dedicated sovereign cloud. However, AWS is now catching up with its rivals as it announced the impending launch of its European Sovereign Cloud, which will be physically and logically separated from the rest of its public cloud infrastructure. Note that this comes shortly after the launch of AWS Dedicated Local Zones in August of this year, indicating that AWS is now shifting from its earlier approach to making its entire public cloud infrastructure “sovereign-by-design”. If anything, it highlights the mounting demand for a sovereign cloud with no strings attached — no multi-tenancy, no vendor dependency, and certainly no operational silos. With all key public cloud players on board, the impetus for a sovereign cloud is now irrefutable.
Data is an asset both for businesses and nations, and the amount of metadata Cloud Service Providers (CSPs) collect and hold is beyond imagination. This metadata includes information such as IP addresses, user credentials, logging and diagnostics reports, and more and is collected automatically in most cases, compelling most businesses to be complicit. However, now that the cloud is past its peak, governments and businesses alike are increasingly wary of losing sovereignty and control of their data and workloads. Accenture reports that at least 137 countries have already passed data protection or sovereignty laws, prompting some half of the surveyed CXOs to consider digital sovereignty as a key factor when comparing cloud vendors. As such, digital sovereignty requires certain sovereign capabilities with regard to access control, operations, and locality of data, workloads, and infrastructure — capabilities beyond the domain of public clouds. Soon enough, sovereign cloud will be a part of most organizations’ diverse multi-cloud portfolios.
Digital sovereignty goes beyond data residency and security, which even the public cloud can provide. Access control, data auditability, autonomous operations and support, and air gapping are all critical elements of sovereignty that necessitate the sovereign cloud. Here are the three basic aspects of sovereignty that organizations should be looking for in a sovereign cloud:
Organizations should be able to choose where their data, workloads, and backups reside, depending on applicable regulations, such as the GDPR, and business considerations, like network latency. Sovereign cloud must also provide certainty that proprietary data cannot be accessed or manipulated by any unauthorized party, including the CSP itself. In addition to stringent access controls, the data traversing the internet or dedicated connections must always be encrypted using external key management. In some highly-sensitive cases, such as those concerning national security, the sovereign cloud may need to be provisioned within the organizational premises. Sovereign cloud providers should have this capability.
Organizations should have full transparency and control over the technical and administrative staff that accesses and maintains the sovereign cloud infrastructure. Depending on the compliance and business needs, the organization may need to reserve access to infrastructure and logging and monitoring data for authorized, in-house staff only. Operational sovereignty must be maintained throughout the infrastructure lifecycle, including during upgrades and functionality updates.
Public cloud offerings with their multi-tenancy and operational opaqueness cannot cater to all these aspects and levels of digital sovereignty. Hence, the need for dedicated sovereign clouds. Sovereign clouds allow organizations to meet the varying demands of all the different national, regional, and industrial regulations applicable to them. However, a key point to keep in mind is that different organizations, and even the data and workloads within the same organization, require different levels of sovereignty. And while sovereign cloud promises to uphold most national and industrial standards for sovereignty, hyperscalars like AWS can’t truly and completely offer the sovereignty of on-site, air-gapped deployments. Their entire business model is based on delegation of tasks and responsibilities. Overall, there’s no one-size-fits-all when it comes to sovereign cloud deployments. Most organizations do not need NSA-level sovereignty, not to forget that NSA also has a partnership with AWS for its “hybrid compute initiative”. Even for them, sovereign cloud would be overkill for non-critical data and workloads.
It’s important to categorize data and workloads based on their criticality and compliance requirements before shifting them to the cloud. To make the most out of cloud investments and to make sure that sovereignty does not come at the cost of innovation, organizations need to deploy the right data and workloads to the right cloud. This essentially highlights the need for a diverse multi-cloud environment with public, private, and sovereign cloud elements. It’s equally important to approach this multi-cloud in a structured, streamlined, and consistent manner.
emma’s cloud management application — the emma Platform — weaves all clouds, public, private, and sovereign, into a unified and cohesive multi-cloud environment with centralized visibility and control. How does the emma platform streamline and integrate different CSPs and sovereign clouds together? It offers:
Unlike traditional solutions that focus on specific aspects of cloud management, the emma platform offers a unified approach by integrating cloud management, cost management, networking, and governance capabilities into a single, powerful platform. This eliminates the need for organizations to juggle multiple disjointed tools, resulting in improved operational efficiency and reduced error margins. It lets you add new clouds to your multi-cloud arsenal in just a few clicks, ensuring that your organization is prepared for whatever’s next in the cloud landscape.
.png)
