What elements are essential for digital sovereignty?
IDC Guest Post
Data privacy continues to be a major concern in Europe, and the continent is therefore in the vanguard of the sovereign cloud market.
Add to this the growing concerns about AI, which is now at the top of the agenda for many organizations. When IDC asked organizations how they expect their AI use cases to impact their (sovereign) cloud usage, the top 3 answers were new cybersecurity threats (26%), the need to build additional knowledge (27%), and increased cloud costs (23%) (Source: IDC EMEA Cloud Survey, August 2023. N=1,610).
According to IDC's survey, a combined 84% of organizations across Europe are either currently using sovereign cloud solutions or plan to do so in the next 12 months. The top 3 drivers include enhanced cybersecurity, expanded cloud use (to support greater remote work), and compliance and industry regulations.
In addition to these drivers, the European Union strives for digital independence from non-European cloud service providers and rely instead on home-grown resources in order to present itself as a stronger player on the global digital stage with its own cloud providers, platforms, services, and infrastructure.
All these factors are likely to influence cloud-buying decisions for organizations in Europe, especially those in regulated sectors. IDC guest blog post reveals that storage, security, and data management are the top 3 workloads that European organizations are most likely to migrate to a sovereign cloud. However, not all workloads and data need to be migrated to a sovereign cloud (or indeed any cloud).
For digital sovereignty to work and succeed at scale, partnerships between global technology providers and local cloud service providers are vital. There is the potential for sovereign solutions to be restrictive, risking the cloud’s innovation potential. By working with a trusted ecosystem of global and local partners that advance greater customer choice and avoid lock-ins, organizations can balance their need for sovereignty with the ability to harness the power of the cloud. For global providers, working with the right regional and in-country partners will help them boost their local credibility, deliver local services, and leverage local expertise. For local providers, teaming up with the right global players will help them deliver cloud innovation and scalability and foster greater competition. Global SaaS providers should work across both sets of providers to develop and deliver customized offerings within sovereign frameworks.
AI and the Sovereign Cloud
Organizations working with AI workloads involving highly sensitive information are particularly interested in sovereign cloud solutions. When asked about their main concerns when planning to use AI in the cloud, the top answer for those considering the sovereign cloud was data privacy and security. Furthermore, when asked to identify the most important factors when selecting a cloud platform for migrating and modernizing applications, the top answer for organizations using the cloud to build AI was security and compliance. Thus, the market sees the lower risk related to data security and regulations as a main benefit of the sovereign cloud, and this is why organizations using the public cloud to build AI solutions are choosing the sovereign cloud.
The main workloads AI users are most likely to migrate to a sovereign cloud include security, storage, and analytics/big data services, according to IDC research. In the meantime, the top use case for organizations in Europe building AI solutions and planning to use sovereign cloud in the next 12 months is for advanced data analytics (including data classification, data governance, data mining, and insights extraction). This is followed by process optimization, while the third answer selected was virtual assistants, such as intelligent agents and/or chatbots (all data sources: IDC's EMEA Cloud Survey, August 2023).
Sovereign Cloud Complexities
Deploying solutions for sovereignty will prove challenging for many organizations. The top hurdle here is the high cost. This covers areas such as investments in local infrastructure and platforms, new tools for data governance and management, and re-designed internal processes and mechanisms to ensure compliance.
High complexity is the second-biggest challenge for organizations looking to implement sovereign solutions. This becomes particularly difficult because organizations will need to manage more heterogeneous environments in which workloads running in clouds need to be orchestrated or integrated with those running in sovereign environments.
As rules and regulations continue to evolve or are introduced in various jurisdictions, organizations seeking sovereign cloud solutions will need to remain compliant with all current and forthcoming regulations. They may, therefore, need to hire new talent or invest in re-skilling to support the implementation of a sovereign cloud; working with partners who offer expertise in all the associated technical, governance, and legal skills will also prove to be a major advantage.
Opportunities for Sovereign Cloud Providers
Digital sovereignty is expected to drive a rebalancing of workloads across on-premises, local cloud providers, and global technology partners, as most organizations aim to change the current distribution of their IaaS, PaaS, and SaaS workloads.
With security and compliance being the most important considerations in selecting a cloud platform, organizations are looking for integrated solutions that offer sophisticated security measures, data encryption, compliance certifications, and adherence to regulations. The enhanced security and guardrails at the heart of all sovereign cloud solutions will help protect highly sensitive classified workloads from breaches or attacks that could lead to catastrophic consequences for organizations, including hefty fines, loss of business, and long-term reputational damage.
Organizations should also work with platform players that can deliver plug-and-play capabilities. These must include open-source solutions that lend themselves well to interoperability, portability, and transferability, as organizations cannot afford to lock themselves into custom-built solutions that end up as legacy systems in their own right. Sovereign solution providers will need to offer cloud reversibility.
Recommendations
- Given all the challenges, and especially with complexity being a top challenge for organizations looking to deploy sovereign solutions, most will need to lean more heavily on their partners. Vendors that want to be seen as the go-to providers for sovereign solutions will need to offer a broad level of expertise and demonstrate key capabilities in the challenges highlighted above. Organizations require vendors that can offer expertise in assessing and defining the scope of a sovereign cloud strategy to help win additional budgets, handle data classification, and identify the full sets of data and workloads subject to sovereign requirements. This requires multiple disciplines that many organizations may not have in-house, including data governance and jurisdictional expertise.
- Maintaining security and compliance on an ongoing basis must be a shared responsibility between the customer and its sovereign solution providers. Customers should take responsibility for security in a sovereign cloud, while the provider is responsible for the security of the cloud.
- Providers should be prepared for greater customer and auditor scrutiny when pitching for sovereign business and delivering solutions. Transparency and accountability are the watchwords here.
- Sovereignty solutions are typically restrictive, and users therefore run the risk of stifling innovation. The kinds of pro-competitive partnerships between global and local providers described above are vital for sovereignty to work securely and at scale, and those partnerships can help customers balance the need for sovereignty while harnessing the cloud’s power and potential.
- Sovereignty is not a short-term quick fix. Providers and their ecosystems of partners need to be sovereign today and sovereign tomorrow. This means having the specific expertise to keep a constant eye on what’s happening in the regulatory and legal environments that apply to the industries and jurisdictions they want to serve and adapting solutions accordingly.
*Sponsored by Broadcom