According to Gartner, after years of globalization, supply-chain issues, disruption and the global health crisis, companies are moving away from global integration and becoming more insular.
Countries have recognized the enormous value attached to digital data and are looking to establish sovereignty over their citizens’ data within their boundaries.
As well as data sovereignty issues, the European Commission also sees the European cloud as helping to achieve its ambitious sustainability goals and inspire enterprises and start-ups to innovate and federate energy-efficient and trustworthy cloud infrastructures and associated services.
Rising interest in sovereign clouds
The principal value of a European sovereign cloud is that it ensures data residency and sovereignty across regions and clouds. This means all data stays on sovereign soil, subject to the laws and governance structure where it is collected.
There are several reasons for a rise in interest in sovereign clouds. First, to avoid what some see as an unhealthy reliance on hyperscale cloud providers and U.S.-based companies holding data.
Second, governments and enterprises want data closer to home for security reasons. Some industries such as telcos, health and finance, for example, are heavily regulated. Having a sovereign cloud that adheres to relevant regulations makes compliance much less complex. There are also economic reasons to take into account, such as regional investment and job creation.
Third, sovereign clouds have the potential to build a more sustainable and efficient digital economy. The Sustainable Digital Infrastructure Alliance believes a sovereign cloud will support evolving digital ecosystems and provide technology companies with what they are yearning for: “A competitive and sustainable digital environment with affordable resources, with the right ingredients, delivering digital power that will help any company or enterprise to transform seamlessly to participate in the digital economy,” it says.
Investing in building a data economy
Last year, the European Commission welcomed a joint declaration from 25 member states on building the next generation of cloud in Europe.
The European Commission sees advancing European cloud offers as pivotal in increasing the competitiveness of European businesses and providing European citizens, organizations and administrations with broader choices when it comes to a trustworthy data processing infrastructure and services. It also believes it will help lead the way with data-driven innovation, particularly 5G/6G and artificial intelligence (AI).
“Europe needs to join forces to lead on the current and upcoming wave of industrial and public data. This declaration is promising and shows the depth of the change that we witness. There is a common understanding that it is vital that any data can be stored and processed in Europe, according to European rules and standards. That will be a key pillar of our digital sovereignty for this Digital Decade and will propel Europe’s recovery, ensure long-term competitiveness, and help us reach climate sustainability,” explains Thierry Breton, EU Commissioner for the Internal Market.
Collaborations are already underway
It is important to note that Gaia-X sits inside the European sovereign cloud map. Gaia-X is not looking to be a service provider. Instead, it is looking to join up cloud-hosting services, allowing data to move freely with all data protected under Europe’s processing regulations. Elements will be linked via open interfaces and standards to open up data to a broader spectrum of users through a European cloud ecosystem.
“The objective is to ensure that existing cloud solutions, in line with a common European standard, are portable and interoperable. European companies will have at their disposal Gaia-X labeled solutions that will enable them to collaborate more easily,” explains Francesco Bonfiglio, CEO of the Gaia-X Association.
Alongside Gaia-X, sovereign clouds are being created at a national level. These clouds are ultimately expected to join Gaia-X.
Orange, for example, has worked with Capgemini on the independent cloud platform dubbed Bleu, which is based on Microsoft Azure. Bleu, which will be kept separate from Microsoft’s global infrastructure, has been created to ensure that data is subject to France’s laws and governance structures. T-Systems has followed France’s lead and confirmed it is building its own sovereign cloud for Germany.
At the same time, French defense giant Thales and Google have formed a joint venture to co-develop what it calls a sovereign hyper-scale cloud offering. In Italy, the government has confirmed it will award a $1 billion tender for a sovereign cloud hub at the end of this year. Even Monaco, which has a population of around 39,000, has announced it will be launching a “state sovereign cloud.”
T-Systems’ CEO Adel Al-Saleh believes its German cloud initiative is “an important building block” supporting Gaia-X in building a European cloud ecosystem.
Protecting citizens’ data
With organizations becoming interconnected, global issues around data privacy have evolved and become more wide reaching and complex. In Europe, there is growing concern that citizens, businesses and the Member States are “losing control of their data, over their capacity for innovation, and their ability to shape and enforce legislation in the digital environment,” according to a European Parliament briefing.
As a result, many countries and regions are taking a strict stance on data privacy. Under the concept of data sovereignty, an organization that collects, stores and processes data is subject to the nation’s laws, governance, and best practices where it is physically located. This falls under GDPR in Europe and is mandated in Russia and China.
Another motivation for data sovereignty in Europe is data access. The 2018 U.S. CLOUD Act, for example, gives U.S. law enforcement authorities the right to request access to data from U.S. cloud providers, even if it is stored outside the United States. This regulation has raised significant concerns with some European governments and organizations about data safety in the cloud and discords with GDPR. A principally U.S.-based cloud makes it very difficult for European citizens and businesses to see how their data is managed, protected and governed.
Moving towards tailor-made solutions
According to recent research, the European cloud market has grown three-fold since 2017, hitting EUR 5.9 billion (or $6.9 billion) in the third quarter of 2020. But if you dig deeper, the picture is not so healthy looking. European service providers have seen their cloud revenues fall from 26% to 16%, eaten into by Amazon, Google and Microsoft during the same period. They are looking to claw some of this market back.
Regulatory requirements are having a considerable impact on purchasing decisions. Research by Bain & Company found that customers in highly-regulated industries, such as finance and healthcare, lag in cloud adoption by 10 – 20% as a result.
European cloud providers could use this to their advantage by providing bespoke offerings for specific industries in the region. According to IDC, by 2022 enterprises will allocate 20% of new cloud services spending to cloud solutions that meet specific industry and ecosystem data-sharing requirements for their vertical segments.
In addition, the analyst firm forecasts that by year end, 80% of enterprises evaluating cloud services for privacy-sensitive workloads will mandate maintenance of data sovereignty and data control capabilities across geographies.
Interestingly, AWS, Google and Microsoft have joined the Gaia-X group, claiming it shows their commitment to data sovereignty and privacy. AWS, for example, maintains its involvement and support is being driven by ensuring the highest levels of security and data protection, respect for data sovereignty and providing access to world-leading technology.
The cynical might say they don’t want to be excluded from such a big market as Europe. But they do bring invaluable expertise and technologies to the Gaia-X initiative. It is up to Gaia-X to define how far they are involved, and only time will tell.
Data sovereignty is now a critical issue
With the increasing use of cloud computing, data sovereignty is now a critical issue for CIOs. As a result, organizations must work harder to mitigate risk and fully understand how their data is stored, who owns it and how it moves. Data brings the potential for excellent business value, but collecting it comes with increased and changing responsibilities, and the regulatory framework is only going to get tougher.
Find out how Orange Business can help your organization meet data sovereignty requirements and accelerate your transformation to the cloud.