Discussions around data and cloud sovereignty have been gaining momentum over the past decade for multiple reasons, including unsecured digital documents, varied data-related laws in different countries, scrutiny and liability issues, the dominance of US hyperscalers, and low visibility into and control of data. However, the biggest trigger for increased focus on sovereign cloud is the US CLOUD Act of 2018, which gives US law enforcement agencies the power to unilaterally demand access to data from companies regardless of the geography in which data is stored.
What is a sovereign cloud?
A sovereign cloud essentially aims to maintain the sovereignty of data in all possible ways for any entity (country, region, enterprise, government, etc.). Thus, it demands that all data should reside locally, the cloud should be managed and governed locally, all data processing – including API calls – should happen within the country/geography, the data should be accessible only to residents of the same country, and the data should not be accessible under foreign laws or from any outside geography.
Multiple sovereign cloud initiatives have been undertaken in the past
In 2012, France launched a national cloud called Andromede. It failed to gain traction and was split into two clouds – Cloudwatt and Numergy. After struggling, Numergy was acquired by a telecommunications company in 2019, and CloudWatt was shut down in 2020. In another such initiative, Microsoft set up a dedicated German cloud in 2015 but decommissioned it in 2018 due to limited traction.
In 2019, in response to the US CLOUD Act, Germany, in partnership with France, launched Project GAIA-X, with the aim of creating a high performance, competitive, secure, and trustworthy infrastructure for Europe. The two governments invited many companies, including Bosch, Deutsche Telekom, Festo, Orange Business Services, and SAP, to collaborate on the project. While the original intent was quite aspirational and intended to create a completely independent hyperscale cloud, everyone quickly realized that this goal was illusory, and the project evolved into building something that brings the best of all worlds with “European DNA” at its center.
A novel mix of politics and technology makes GAIA-X interesting
While previous sovereign cloud initiatives have not been very successful, project GAIA-X promises to be different. When the project was first launched in 2019, it was largely seen as a political gimmick aimed at driving nationalistic sentiments in Europe. Many enterprises believed that the project could be completely scrapped if the government changed. Most were unconvinced of its potential success given their previous experiences with national clouds. The hyperscalers, AWS and Azure, dismissed GAIA-X’s potential to scale and become competitive, and called out that a national cloud was interesting only in theory.
However, the story that has unfolded and continues to evolve is completely different. While some of the intent may be political, various governments across Europe are strongly backing this initiative and coming together to create Europe’s own digital ecosystem. By June 2020, the GAIA-X Foundation had expanded to 22 organizations – including digital leaders, industrials, academia and associations – and the project is being supported by more than 300 businesses.
On the technology front, GAIA-X is now much clearer than when it began. It released a detailed technical architecture in June 2020, and primarily focuses on building common standards that enable transparency and interoperability by aligning network and interconnection providers, Cloud Solution Providers (CSP), High Performance Computing (HPC), and sector-specific clouds and edge systems. It has built use cases across industries including finance, health, public sector, agriculture, and energy, and horizontal use cases spanning Industry 4.0, smart living, and mobility.
There are still a few issues – including an unclear roadmap, unrealistically aggressive timelines, a lack of detail on hybrid or multi-cloud architectures, lower performance and higher costs, and a gap in the requisite skills – that need to be sorted for GAIA-X to succeed.
Nationalism and the coronavirus will push sovereign clouds beyond theory
Growing nationalistic sentiments sweeping various geographies/nations such as the US, Europe, and India, will add fuel to the sovereign cloud discussion. The Huawei ban in the US, the ban on Chinese apps in India, and reducing dependencies on China across sectors are indicators of emerging nationalistic sentiments. At the same time, the COVID-19 pandemic has forced enterprises to reevaluate their external exposure. The fact that cloud is the core pillar of enterprises’ data strategies falls right at the center of this entire discussion, and the idea of a national or sovereign cloud is destined to become more than mere theory.
Recommendations on how you can begin to incorporate elements of sovereign cloud in your cloud strategy
Enterprises around the globe need to pay immediate attention to this sovereign cloud trend. Here are our recommendations on how your organization can stay ahead of the curve.
- Be aware of the GAIA-X trends in Europe: While the project is still in its initial stages, it is evolving very quickly and gaining significant traction. You should proactively track and understand GAIA-X adoption as it will be an excellent preview of what could happen in the rest of the world.
- Factor the political angle into your future cloud strategy: Europe is an excellent example of the political influence in enterprise cloud decisions. You need to be aware of the political environment in your country and whether or not it could pose risks to your existing cloud strategy. The idea of a nationalistic or sovereign cloud will be driven by the government, which might pass laws enforcing some kind of implementation. You should be prepared for this potential eventuality.
- Ensure technological flexibility in your cloud architecture: Cloud architecture flexibility will be key to integrating sovereign cloud with the rest of your environment. Hyperscalers like AWS and Azure are increasingly leveraging techniques such as increased licensing prices, full stack services, contractual terms, data transfer charges, and limited interoperability to lock in enterprises. You need to be wary of these techniques and adopt an agnostic, interoperable, multi-cloud strategy to ensure easy migration to sovereign cloud in the future.
How do you think sovereign cloud will evolve in Europe and other geographies? Please share your thoughts with me at [email protected].