Key Cloud Sovereignty Concerns and Need of Hour

What is a sovereign cloud, and how can you organize it?

In the last 10 years, the adoption of public cloud services has been a significant step for any organization to become competitive, innovative, and agile.

The pandemic gave a greater push for cloud services adoption to stay alive. But along with this organizations also realized the need for sovereignty in utilizing cloud environments as a digitization strategy. Several governments are mandating that healthcare, banking, financial service providers, and public sector organizations prioritize cloud sovereignty regulations and put limitations on collaboration with external cloud providers. The intent is that organizations must choose the cloud provider who provides their services by following strict sovereignty rules.

Organization Concerns related to Cloud Sovereignty

Business leaders tend to take adequate steps to build the data center and related operations under local regulations. It includes key questions like where my data is stored, who can access it, and under what circumstances. For instance, in the case of hospitals, huge amounts of data are produced that contain confidential patient records synced with hospital information systems. Using the cloud infrastructure, nurses and doctors can access these records from anywhere to help patients prescribe anytime. But using the cloud, this sensitive data can be at risk of unauthorized access. That also puts concerns on non-sovereign cloud environments involved to host and operate critical data.

Not just data, organizations’ concerns are now growing towards operational and software sovereignty as well.

Operational Sovereignty – Organizations will be concerned about who the cloud provider is and how vendor lock-in can be avoided if that vendor does not belong to the same country. The operational constraints are important to monitor processes and actions on cloud infrastructure and data that organizations consume. This way operational sovereignty constraints are supposed to provide complete visibility and control over the cloud provider operations. If we take the hospital example as discussed earlier and map it with operational sovereignty, the hospital IT team should get a clear architecture of how the cloud provider is using and managing hospital data and software system and further control end-to-end infrastructure.

Software sovereignty – Software applications are integral components as they deal with generating and processing critical data. Most software applications are developed and hosted in the cloud to get accessibility benefits. Also, software applications are developed specifically for organization operations. Sovereignty constraints push for where software applications are developed without depending on the cloud providers and how easy it is to migrate them to on-premises infrastructure (Portability) without any downtime. Also, software solutions need to follow the integration standards so that to enable interoperability with an existing and new cloud provider without any complexity.

The very recent ‘The Journey to Cloud Sovereignty’ Report throws light on several aspects to go for cloud sovereignty. As per the report, the topmost concern for organizations is security and resiliency related to current cloud vendors. Other than this, organizations concerned about

• Potential exposure to extra-territorial laws and/ or the possibility of data access by foreign governments owing to vendor’s location of origin
• Lack of transparency or control over data hosted in the cloud
• Lack of mechanism of interoperability of applications
• Operational dependency on vendors/providers based outside of the country/region’s jurisdiction

Cloud sovereignty is mainly looked at as data localization. But with findings from this report, we can conclude that organizations who have adopted cloud services, especially from public cloud providers across the border will be evaluated thoroughly to get clarity on the level of trust while managing and building the digital ecosystem.

Why is the concept of a trusted cloud important?

Need for cloud sovereignty in India

India is a big consumer of cloud services provided by external vendors. And with the 5G boom, the adoption of digital and cloud-related services will go exponentially larger. Maximum organizations have already or are on their way to digitizing their operations and collection of information. A huge amount of critical data will be produced by organizations, mainly in the healthcare, public sector, banking, and financial sector. But following the regulations of cloud sovereignty is still not emphasized in India.

In the last 3-4 years, after the UK announced the GDPR regulations to protect their data, the big 3 cloud hyperscalers like AWS, Google Cloud, and Azure realized the need for providing the sovereign cloud to organizations. With the growing digitization in India, the top cloud vendors see it as a huge potential to capture the market and sell cloud services. But if we look at concerns raised by organizations and government mandates it seems to be a tricky call with regard to cloud sovereignty.

If we look at data, operational, and software sovereignty concerns, there is a great potential IT and technology to disrupt the cloud market from storage, software development, and building on-demand services offered by public cloud providers. We will need to bring the ecosystem that will fill the gaps in the journey of our own open cloud.

I am curious to know your opinions and comments. Please feel free to mention it in the comment section.