As VMware gains momentum with their sovereign cloud initiative , we turned to leading partners AUCloud, Datacom, STC, NxtGen, TietoEVRY, ThinkOn, and UKCloud and their customers to find out why a sovereign cloud is essential.\n\nWith new national data protection and privacy laws continuing to take shape across the globe and penalties confirming the punitive power of existing regulations, it\u2019s no surprise that highly regulated industries are turning to sovereign cloud solutions. But by all accounts, the demand for cloud infrastructure that tightly controls where data resides (and how it is managed, protected, and shared) now extends beyond entities such as government, defense, financial services, and healthcare.\n\nWe recently connected with partners within the growing VMware Sovereign Cloud initiative to learn more about the demand for sovereign cloud solutions they see, what\u2019s driving that momentum in their eyes and those of their customers, and what CIOs should consider.\n\nIn addition to being VMware Cloud Verified, all of the partners who provided insights have earned the VMware Sovereign Cloud designation \u2013 a distinction reserved for those who can address sovereignty requirements that encompass everything from where data resides to how it is stored, serviced, and shared. Their experience reflects a rapidly changing regulatory environment, the nexus of myriad IT trends, and brings to light several increasingly universal conclusions.\n\nAll are ideally qualified to help their customers achieve and maintain the highest standards for data integrity, including absolute control over data access, transparency and visibility into the provider\u2019s operation, the knowledge that their information is managed appropriately, and access to VMware\u2019s growing ecosystem of sovereign cloud solutions. These include the new developer-ready cloud services powered by VMware Tanzu and enhanced data protection and security offerings from ecosystem partners Cloudian, Fortanix and Veeam. Customers also benefit from the development of a national digital infrastructure capability that increases protection from outside threats.\n\nNotably, in the last several years, it has become increasingly clear that for organizations in highly regulated industries, a sovereign cloud is crucial. In some sectors, particularly government, it\u2019s an already mature requirement.\n\n\u201cThe NxtGen Sovereign Cloud is purpose-built for government agencies that store their internal data and information on citizens used to deliver services,\u201d says A.S. Rajgopal, CEO of NxtGen. \u201cCompletely isolated from other cloud platforms, it is designed to comply with the requirements mandated by India\u2019s Ministry of Electronics and Information Technology and the Computer Emergency Response Team, the agency within the ministry that oversees cybersecurity.\u201d\n\nRajgopal adds that all customer data, metadata, and escalation data are kept on Indian soil at all times in an ironclad environment.\n\nFor its part, Datacom has provided sovereign cloud solutions for over a decade in Australia and New Zealand to more than 50 government agencies. Ross Delaney, Director of the Datacom Cloud, notes that all of its customers\u2019 data must remain within their respective countries.\n\n\u201cMany customers have policy and privacy requirements that restrict sensitive data being stored, accessed, or available in any way offshore,\u201d he says. \u201cFor example, the government agencies we serve in New Zealand require that all data on the nation\u2019s citizens be kept in New Zealand. In Australia, we provide services to courts and judicial bodies. Much of this information is exceptionally sensitive and must also be kept and protected in country.\u201d\n\nControlling the legal jurisdiction of data, and protecting it from unauthorized access, is also something with which UKCloud is very familiar. Its sovereign cloud service is used by customers across the nation\u2019s government, healthcare, and defense communities and the company\u2019s government-grade data centers are staffed by employees with security clearance. \n\nExpanding on the need for sovereign cloud solutions, UKCloud\u2019s Solutions Director, James Maynard, indicates that \u201ctraditionally, the prominent reason for sovereignty has been data residency, protecting data from foreign jurisdiction laws, and surveillance, which is still vital, however the critical importance has broadened. Sovereign cloud solutions can enable secure, reliable access to data, giving organisations the power to drive innovation through unlocking the value of their data to drive digital transformation. There is also a need to have flexibility whilst maintaining the legal jurisdiction of your data to ensure it is protected from unauthorised access. For instance, when working with a London NHS research hospital, the primary concern was initially security due to the sensitivity of patient data, which then, through the flexible approach of our sovereign platform, allowed them to adapt the platform to analyse COVID-19 data sets for 2.5 million people and allow the collaboration of scientific research groups.\u201d\n\nThe regulatory environment is changing\n\nOutside of public-sector deployments, it\u2019s also well known that enterprises must comply with important data-oriented legislation including the Patriot Act in the United States, the Digital Privacy Act in Canada, Europe\u2019s General Data Protection Regulation (GDPR), and Brazil\u2019s General Data Protection Law. Increasingly, though, that is only the beginning.\n\nWorld events, including the rise of increasingly sophisticated criminal syndicates and nation states intent upon conducting cybercrime, are prompting more data protection and privacy legislation that requires sovereign cloud capabilities. In the United States, for example, enterprises must now also be mindful of state regulations.\n\nSovereignty of course is crucial because companies outside of the jurisdiction of any such laws may not follow them. It\u2019s a point not lost on Franciso Romerogotor, Lead Service Owner at Finland-based partner TietoEVRY, which serves the Nordic region.\n\n\u201cThe explosion of data and the opportunities that come with it is driving the need for cloud solutions, and more specifically sovereign cloud solutions,\u201d says Romerogotor. \u201cDigital sovereignty is about the right to own data, where it is stored, and who has control over it. The most affected sectors and industries were those that were most regulated\u2014specifically, the public sector, health, and finance. But in practice, it\u2019s now equally applicable to all businesses that are subject to GDPR and other regulations.\u201d\n\nThe need for sovereign cloud now extends across industries\n\nCustomers stress that a sovereign cloud solution is increasingly required across industries by any company that works in an environment in which stringent data protection and security requirements are in place. Nimble Information Strategies is a customer of VMware Sovereign Cloud partner ThinkOn. Daryl Stott, Nimble\u2019s Vice President of Digital Transformation, puts it this way:\n\n\u201cThe success of any digital mailroom or document digitization solution relies heavily on the accuracy, security, and accessibility of the digitized documents. Not only does that extracted data need to be highly accurate, but the authority, control, and accessibility of this data must reside within Canadian Federal and Provincial boundaries to meet the data residency obligations of Nimble Information Strategies\u2019 customers,\u201d says Stott. \u201cNimble partners with ThinkOn to align our data residency and security business needs with the strict data sovereignty demands and expectations of our clients.\u201d \n\nIt\u2019s a point echoed by Andrew Thomlinson-Munn, Solutions Architect at Hummingbird Solutions, a customer of AUCloud.\n\n\u201cProviding digital and managed services solutions across a broad range of industries, it is imperative that we meet the constantly evolving challenges of data protection, availability, and governance,\u201d he says. \u201cHummingbird Solutions choose to work with AUCloud as an IaaS provider for their strength in delivering hosting solutions on a proven platform with VMware and their ability to provide a sovereign cloud solution to conform to our customers\u2019 internal and regulatory compliance requirements. The benefit of working with a VMware Sovereign Cloud certified provider is that this provides Hummingbird Solutions with the confidence that we are backed by a best-in-class infrastructure solution.\u201d\n\nSimultaneously, these same solutions must also be intuitive while providing users with high performance access to data. It\u2019s something Geoff Smith, Managing Director of the United Kingdom\u2019s Geoff Smith Associates (GSA), a customer of UKCloud, stresses.\n\n\u201cAs a SaaS supplier to both the public and private sector, UKCloud has provided GSA with an assured, agile, and value-for-money proven platform with their VMware Sovereign Cloud,\u201d says Smith. \u201cThis provides choice and flexibility, which is a prerequisite when you need to support your distinct capabilities, skills, and tools without compromise\u2014and also conform to customers\u2019 internal and regulatory requirements. Providing GSA and our customers with a secure yet easy and simple data sovereign cloud infrastructure gives the staff at GSA great confidence in the skills and expertise of UKCloud.\u201d \n\nIf you are concerned with data residency, a sovereign cloud deserves consideration\n\nPerhaps most importantly, there is a rising need for enterprises and CIOs to explore whether a sovereign approach to the cloud is warranted and if so, to address it expediently to mitigate risk.\n\n\u201cWe did research on our local market and found that some critical customers were struggling to build their own data center,\u201d says Nawal A. Alharkan, Product Manager, Cloud Infrastructure Services at Saudi Telecom Company (STC). \u201cThey can\u2019t get help from the local service provider since they are only offering public cloud services. STC decided to implement the sovereign cloud to cover the market demand and be the first to fulfill these requirements.\u201d\n\nAnd for those CIOs who don\u2019t believe they need a sovereign cloud? Phil Dawson, Managing Director at AUCloud, believes it\u2019s a question they need to ponder themselves.\n\n\u201cDo you know where your data goes?\u201d asks Dawson. \u201cDo you know who can access it when it moves around the world? What level of business, operational, or reputational risk can your organization tolerate when your data cannot be accessed, or when its confidentiality is breached, or its integrity compromised because it was moved outside of the country or could legally be accessed by a foreign government?\u201d\n\nDawson also notes that the answers to these questions reveal some of the many reasons sovereign cloud solutions are needed.\n\n\u201cIn our view, there is a convergence of factors driving the need for sovereign cloud solutions and services,\u201d he says. \u201cThese include the growth of the technology itself, the increasing volume of data and the velocity of data flows, heightened community and individual sensitivity and awareness of the need to protect data, and finally clear international trends such as the GDPR in Europe \u2013 all of which put the spotlight on nation states wanting to provide assurance to their citizens that their data is protected. At the end of the day, any organization that is the custodian of sensitive data must ensure it is secure and confidential, is available when it is needed, and has not been tampered with or changed \u2013 that the integrity of the data has not been compromised.\u201d\n\nThese are questions and thoughts for all CIOs to ponder.\n\nFor more perspectives on Sovereign Cloud solutions, read the latest partner blogs from AU Cloud, NxtGen, ThinkOn and Tieto. For additional information on VMware\u2019s Sovereign Cloud initiative, read the latest news release and blog or find a VMware Sovereign Cloud provider.