Save to My DOJO
VMware Sovereign Cloud is an initiative by the company to show customers that data sovereignty in the cloud and compliance is being worked on and ensures that those customers can rely on VMware’s services to safely store their data and workloads openness, transparency, data protection, security, and portability in mind.
The concept of data sovereignty is not new per se but it has organically become an important topic to consider among large organizations and government entities following the rise of commodity cloud computing, cyber security threats, the Snowden leaks…
VMware’s own definition of sovereignty is the following:
“Sovereignty is the power of a state to do everything necessary to govern itself, such as making, executing, and applying laws; imposing and collecting taxes; making war and peace; and forming treaties or engaging in commerce with foreign nations”.
“Data sovereignty refers to data being subject to the privacy laws and governance structures within the nation where data is collected.”
Data Sovereignty: The Challenge of the Data Decade
You may be familiar with Moore’s law that was formulated around 1970 which stated that CPU speeds will double every year and hasn’t been discredited in 2021, over 51 years later. While the global data growth doesn’t follow the same dramatic trend, it does evolve exponentially. In fact, back in 2018, IDC estimated that over 175 zettabytes will be generated each year by 2025.
“Annual size of the global datasphere – Sponsored by Seagate from IDC”
Environments that store all of their data on-premise know where the data is when it leaves the network, where it goes, how it is used… However, the advantages of cloud are no longer subject to debate, it is an accepted fact that cloud computing solves many a challenge and most companies leverage it in some way or another.
With that said, storing data in the cloud means they are no longer under your control but the cloud provider’s, meaning they could be in another country that abides by different laws and this is where the discussion begins. As you can see in the trend below, the amount of data stored in the cloud is growing.
“Data storage is shifting from on-premise data centers to public cloud providers”
Enter data and cloud sovereignty. Data sovereignty (and indirectly cloud sovereignty) refers to countries’ jurisdiction on data compliance and how it relates to the concepts of ownership, who is authorized to store data, how it can be used, protected, stored and what would happen should the data be used ill-intentionally. With the growth of data storage in the cloud, public entities, large enterprises and government bodies are eager to ensure that their cloud-based data is treated right and that they don’t need to worry about it.
Among recent examples of sovereign cloud initiatives, we find:
- The principality of Monaco recently unveiled a sovereign cloud where all the shareholders are residents along with the state owning a controlling stake in it.
- The European Commission is spearheading the Franco-German Gaia-X project to create a federated and secure data infrastructure. The goal is an open, transparent and secure digital ecosystem, where data and services can be made available, collated and shared in an environment of trust.
The European cloud market was allegedly worth €53 billion in 2020 and is expected to be worth between €300 billion and €500 billion by 2027-2030, hence VMware’s eagerness to be ahead in the cloud sovereignty market.
Introducing the New VMware Sovereign Cloud Initiative
Up until recently, data sovereignty was ensured by cloud providers through clauses in contracts regarding several areas of the data lifecycle. While large enterprises have departments with dedicated people to deal with all of this, smaller structures can’t necessarily afford the overhead or simply don’t have the resources internally to understand the risks and benefits associated with data sovereignty.
“VMware Sovereign Cloud streamlines the process of ensuring data sovereignty with cloud providers”
One needs to ensure at the very least that:
- The cloud infrastructure is secured, modern and kept up to date at all times.
- Customers’ data sovereignty is assured and guaranteed.
It is with these challenges in mind that VMware sovereign cloud aims to simplify and streamline the process of cloud sovereignty by offering its customers a certified cloud offering through partnerships with cloud providers. The VMware Sovereign Cloud Initiative is built on a framework comprised of a number of rules to abide by in order to be a certified cloud provider. VMware Sovereign Cloud providers must meet applicable geographic-specific sovereign cloud requirements, regulations, or standards where their Sovereign Cloud is made available.
In fact, you can already review the list of VMware sovereign cloud providers on cloud.vmware.com. where you find all VMware cloud solutions. As of the time of this writing, there are currently 9 VMware Sovereign Cloud providers but the list will grow as others get on board. Once a provider checks all the boxes of the VMware Sovereign Cloud Initiative framework, they will get the VMware Sovereign Cloud designation.
“VMware Sovereign Cloud providers can be filtered out in cloud.vmware.com”
Ensuring data privacy and compliance
Sovereignty has become an important part of national policy and customers are starting to get on board with this train of thought. VMware Sovereign Cloud is here to help them navigate these waters and verified VMware sovereign cloud providers will remain where the workloads run.
“Environment, Social & Governance (ESG) are the 3 VMware Sovereign Cloud strategies”
In order to certify providers as Sovereign Cloud Providers, VMware is developing a two-phase approach to tackle the problem:
VMware Sovereign Cloud Framework
This framework developed by VMware includes guiding principles, best practices, and technical architecture requirements to adhere to the data sovereignty requirements of the specific jurisdiction in which that cloud operates. For instance, France requires data to be stored in the European Union while Germany requires localization either in Germany or the EU depending on the level of data sovereignty.
The framework is built around 5 principles:
- Data sovereignty and jurisdiction control
- Data access and integrity
- Data security and compliance
- Data independence and mobility
- Data innovation and analytics
VMware Sovereign Cloud Initiative
The VMware Sovereign Cloud initiative is a designation for Providers that self-attest and meet all the requirements of the VMware Sovereign Cloud framework. They must complete an assessment on their Cloud environment (design, build, operations…) and attest that they check all the boxes based on the VMware Sovereign Cloud framework. Among other things, VMware Sovereign Cloud providers must follow the VMware Validated Designs (VVD) for Cloud providers to be VMware Cloud verified.
Promoting VMware Multi-Cloud Offerings
Although it wasn’t made obvious during VMworld 2021 or in the official communications, pushing VMware Sovereign Cloud may also be a way to open the door to multi-cloud offerings. Organizations and public bodies with data sovereignty concerns aren’t likely to go through all the hoops of data sovereignty compliance with several cloud providers for sports.
“VMware Cross-Cloud Services will simplify the adoption of multi-cloud architectures”
Embracing cloud computing isn’t necessarily easy at first. Leveraging several cloud providers for specific features or redundancy reasons multiplies the hurdles along the way. This is why VMware introduced their new multi-cloud offerings with VMware cross-cloud services and communicated so much about it. Now add data sovereignty to the mix and you get a tangled mess that will be tricky to make sense of.
From a business perspective, cloud services is a very lucrative business since it brings recurring revenue and centralizes customers while consolidating the maintenance and support effort on the VMware side of things. With the VMware Sovereign Cloud initiative, I believe it will lift a load off the decision makers’ shoulders that will only have to select among the available VMware Sovereign Cloud providers and choose whatever service they are interested in such as VMware Disaster Recovery as a Service (DRaaS).
To protect your VMware environment, Altaro offers the ultimate VMware backup service to secure backup quickly and replicate your virtual machines. We work hard perpetually to give our customers confidence in their backup strategy.
The Road Ahead
It is no wonder we are in what is referred to as the “data decade” given the rate of current and projected data that is being generated by consumers, enterprises and public entities. While cloud adoption used to be rather slow at the beginning of the last decade, the emergence of use cases and cloud providers in the last few years have made it an integral part of the modern digital ecosystem. VMware’s global strategy is a testimony of this trend given the resources they’ve invested in developing their multi-cloud offering and partnerships with various providers.
VMware Sovereign Cloud is one of the components in this global strategy but it will certainly be an important one given the customers concerned by these problems. Those include government bodies and highly regulated large entities that usually allocate large chunks of their budget towards securing their data which at the end of the day boils down to data sovereignty.
With the VMware Sovereign Cloud Initiative, the company is positioning itself at the forefront of this topic by removing the complexity of cloud sovereignty to promote multi-cloud offerings. Securing a large customer base on this solution will likely incur important revenue streams and customers will not be likely to switch unless they have a very good reason given the importance of compliance nowadays.
Not a DOJO Member yet?
Join thousands of other IT pros and receive a weekly roundup email with the latest content & updates!