Embracing the evolving landscape of data protection, Microsoft has introduced the Cloud for Sovereignty, tailored for public sector entities striving to comply with stringent data regulations. With a robust four-tier service architecture, this initiative offers specialised tools and localised services to support compliance with data residency laws and security controls. As it emerges in its preview phase, this innovative framework addresses the complexities of cloud usage within geopolitical boundaries, catering to the specific needs of government bodies and institutions
Achieving data sovereignty with Microsoft
As cloud technologies have evolved, many countries are updating and strengthening the laws that protect data belonging to their citizens. In addition to specifying what can and cannot be done with personal information, these data protection laws also define where that information can be stored. Quite often, data must not leave the geographical confines of the nation state.
In some deployments this could be problematic. The strength of the cloud is its distributed nature. Being able to spread computing load across multiple data centres, even across the world, increases operating resilience and reduces risk of failure. But doing so may breach local data protection laws.
Microsoft Cloud for Sovereignty has been designed to help public bodies leverage the power of the cloud to drive digital transformation and meet their sovereignty compliance obligations. It does this using a four-tier service architecture:
1. Data Residency
Microsoft offer 60+ Azure regions to deliver local residency that adhere to physical national borders.
2. Sovereign Controls
Tools to orchestrate and manage security policies that define how data is protected at rest and in transit.
3. Governance & Transparency
Tools and principles that help to demonstrate compliance with local laws and operating commitments.
4. Expertise
Additional support for local Microsoft experts to further improve and enhance compliance.
Microsoft Cloud for Sovereignty also operates in a hybrid model, ensuring the most sensitive strategic data resides only in the customer’s data centre.
Is the Microsoft Cloud for Sovereignty framework free?
Released on October 3rd 2023, he Microsoft Cloud for Sovereignty framework is currently only available as a ‘preview’. This means that you can download and use the Sovereign Landing Zone code directly from github for free.
You will need paid a Microsoft Azure subscription if you want to test the framework.
How difficult is Microsoft Cloud for Sovereignty to learn?
Microsoft Sovereignty is still undergoing pilot testing. Usage will only increase significantly once the service goes live. Microsoft has begun building a network of trusted local experts who will help to onboard Azure customers.
Using this approach, Microsoft and their clients can overcome the knowledge shortage which may otherwise prevent or delay deployment. It will also help customers move forward with their cloud-driven digital transformation projects as their IT teams are trained in how to use the framework effectively.
If you want to get a head start, take a look at the documentation provided in Microsoft Learn.
Data Sovereignty: Key Features of Microsoft’s Solution
Microsoft Cloud for Sovereignty is designed to help organisations maintain compliance with data sovereignty regulations. In addition to the four-tier architecture described above, tools include:
- Azure Confidential Computing Support for Confidential Virtual Machines and Confidential Containers. Microsoft’s Azure cloud also uses specialised hardware to create isolated and encrypted memory called Trusted Execution Environments (or TEEs).
- Double Key Encryption Using customer-provided keys to protect and encrypt data marked as sensitive.
- Azure Arc To provide hybrid cloud capabilities, extending Azure functionality into the customer’s on-premises data centre.
- Azure Landing Zone Infrastructure as Code (IaC) and Policy as Code (PaC) options to codify and apply compliance protections to every new project, automatically. The landing zone spans the entire Microsoft Cloud for complete protection.
- Microsoft Government Security Program (GSP) access GSP participants receive controlled access to source code, engage on technical content about Microsoft’s products and services, and have access to five globally distributed Transparency Centres to build trust in the Azure platform. Microsoft Cloud for Sovereignty also enables audit rights to examine Azure’s compliance processes and evidence.
Who uses Microsoft Cloud for Sovereignty?
- Microsoft Cloud for Sovereignty is currently only available as a technical preview. There are a number of organisations already using the technology as part of Microsoft’s pilot, including:
- Municipality of Amsterdam (local government)
- Netherlands National Cyber Security Centre (central government agency)
- Leonardo (aerospace, defence and security)
- Finnish Tax Administration (central government agency)
- Czech Republic’s National Agency for Communication and Information Technologies (central government agency)
Microsoft Cloud for Sovereignty is designed specifically for public sector and government customer needs. The service is unlikely to be offered to profit-making businesses.
Sovereign controls can be used anywhere in the world, including those countries which do not have a local Azure hyperscale service.
How can I learn more?
This article and infographic are part of a larger series centred around the technologies and themes found within the TechRadar by Devoteam. To learn more about Microsoft Cloud for Sovereignty and other technologies you need to know about, please explore the TechRadar by Devoteam.