AWS European Sovereign Cloud
Recently AWS announced that it was working on a European Sovereign Cloud, this is a good opportunity to discover a little more about what is hidden behind this term and what we can hope for in the future. In this article, we will discuss the sovereign cloud in general while focusing on the AWS European Sovereign Cloud without going into detail about the legal regulations.
A definition of sovereign cloud is:
A sovereign cloud refers to a cloud infrastructure that ensures data is stored and processed within the geographical and jurisdictional boundaries of a specific geographic region or economic area, adhering to its laws and governance.
The demand for a European sovereign cloud is not new, it exists since European institutions and regulated businesses began their cloud transition. However, in the past, and still today, they accepted to use the well-known US public cloud providers (mainly Amazon, Microsoft and Google) as long as the data is fully stored in a EU cloud region. Some European cloud providers (mainly OVH, Scaleway and United Internet) tries to convince that they are the best solution since they are mainly located in EU. Unfortunately for them, they cannot fully compete with US Hyperscalers in terms of service portfolio or network capacity for example. Moreover, they do not benefit from sufficient visibility and when they are publicly exposed it is often for bad reasons.
Since some years, the geopolitical context (wars, pandemic, etc.) made the countries across the globe but also the European Union and its Member states to reinforce their approaches and pass protectionist laws. The big north American public cloud providers have understood this and have launched activities to provide sovereign cloud to these countries/economic zones. For AWS, this was made concrete through the AWS Digital Sovereignty Pledge manifest.
We are only at the beginning of this sovereign cloud transition journey, the news on this subject will intensify and we will see fierce competition between the different cloud providers in the near future. Indeed, it is a safe bet to think that the first large institutions to choose a sovereign cloud solution will influence the choice of many other smaller organizations.
The organizations interested by a European sovereign cloud are mainly:
- Pure European institutions like European Commission, European Central Bank, European Court of Justice, Publications Office, etc.
- European national agencies. This category includes all the government services linked to a European country. For example: the Belgian driving license agency, the German pharmaceutical agency etc.
- European companies and non-governmental organizations who would like to be able to continue their activities even in the event of major global conflicts or problem. They also want to protect their data and activities against espionage or patent theft.
- European citizens who would like to control the privacy of the data they store in the cloud.
- Academics and researchers who would like to keep their confidential activities until they are protected by a patent.
- Regulated companies such as financial institutions, telecommunication, pharmaceutical or airlines compagnies.
Sovereign cloud advantages
The two benefits below are usually the first that come to mind when thinking about cloud sovereignty. We can even consider them as the main purpose of the sovereign cloud. These two concepts are related but different:
- Data sovereignty: The data must be stored, processed, and managed within a specific geographic region or country.
- Data privacy: It is about how data is collected, used, shared, and guarded to respect local privacy rights.
The advantages below are more secondary advantages, not always verified:
- Security: Sovereign clouds often have enhanced security measures to protect against data breaches and cyber-attacks.
- Local economic benefits: The money to maintain this kind of cloud is spent locally, new local jobs are also created.
- Customization to local needs and regulations: The services are more adapted to the local needs, for example the languages, the file formats, the payment option etc. The service also provides improved compliance to the relevant local regulation.
- Small latency: As the data centers are built at proximity, there is, by definition, less network latency.
Sovereign cloud disadvantages
Even if cloud sovereignty comes with several interesting advantages, it also implies significant drawbacks. The main ones are explained below:
- Higher costs: This is mainly because economies of scale are no longer global. It is also possible that the local legislation implies an higher minimum wage than outside the area’s borders. The electricity price may also be higher. The cost may also depend on the local climate, if the average temperature is higher than in another part of the world, the energy required to cool the data centers is more important.
- Limited service: As current global cloud providers already make known, the services accessible from their sovereign cloud are limited at first.
- Reduced redundancy and disaster recovery options: By definition, as the area of the cloud is restricted, it also restricts the number of “regions” where the resources can be located and especially the distance between them. It is crucial in case of disaster.
- Limited local expertise: Again, by definition the people who can work on such cloud offering must be in a restricted area, which means that much of the world’s talent cannot be directly involved.
- Migration effort for existing cloud infrastructures: Migrating from a common public cloud to a sovereign cloud can require big effort according to the infrastructure size, the number and type of cloud services used etc. For example, if a service is not available in the sovereign cloud, an alternative must be found or developed. The migration also requires repatriation of all data.
AWS sovereign cloud considerations
Recently AWS announced to work on a European Sovereign Cloud, please find below what we already know about this new offering:
- All the employees who will operate and support the sovereign cloud will reside in the EU.
- The first region will be situated in Germany and separated from all existing regions. As usual, this region will have multiple Availability Zones (AZ).
- Data but also labels, permissions, and configurations created within this cloud will be stored in the EU, ensuring compliance with data residency requirements.
- To access this new region, it will be needed to create a brand-new AWS account. However, migration tools will be available to migrate to the sovereign cloud region.
- One very interesting thing is that AWS has already planned that the different sovereign cloud regions will be used in the future to host more restricted clouds (thanks to AWS Outposts technology). So, we can imagine that if Germany requests a Germany sovereign cloud, it will be hosted (and isolated) in the European Sovereign Cloud Germany region.
As seen above, the sovereign cloud is in its infancy, driven by legal and geopolitical contexts, news from the different players will probably intensify.
This type of cloud is in demand by a growing number of compagnies and government agencies. The sovereign cloud offers advantages that customers will have to balance with the disadvantages and migration efforts. However, it seems reasonable to consider migration paths, by default, for any new deployment as of today.