Today, we’re announcing general availability of Microsoft Cloud for Sovereignty across all Azure regions. Microsoft Cloud for Sovereignty helps governments meet their compliance, security, and policy requirements while utilizing the cloud to provide superior value to their citizens.
Governments around the world must meet a wide range of national and regional compliance requirements for applications and workloads, including governance, security controls, privacy, and in some cases data residency and sovereign protections. Until now, most solutions for addressing these regulatory requirements have relied upon private cloud and on-premises environments, creating a lag in adoption of scalable, secure and resilient cloud capabilities.
Microsoft Cloud for Sovereignty — offering governance, security, transparency and sovereign technology — supports the digital transformation of government customers unlike any other cloud provider in the world. Customers gain automation of best practices to address regulatory requirements while benefiting from the rapid pace of innovation in the hyperscale cloud.
Advancing conversations about sovereignty in the hyperscale cloud
When we talk with government customers, we hear common questions in terms of achieving data sovereignty in the cloud. These often include questions around (1) residency, security and compliance of the hyperscale cloud; (2) controls for data access; and (3) the complexity of addressing regulations that vary by country.
First, Microsoft Cloud for Sovereignty is built on the foundation of more than 60 cloud regions, providing industry-leading cybersecurity along with the broadest compliance coverage. Microsoft offers the most regions of any cloud provider. Customers can implement policies to contain their data and applications within their preferred geographic boundary, in alignment with national or regional data residency requirements.
Second, Microsoft Cloud for Sovereignty provides sovereign controls to protect and encrypt sensitive data and control access to that data, enabled by sovereign landing zones and Azure Confidential Computing.
A sovereign landing zone is a type of Azure landing zone designed for organizations that need government-regulated privacy, security and sovereign controls. Organizations can leverage landing zones as a repeatable best-practice for secure and consistent development and deployment of cloud services. As many government organizations face a complex and layered regulatory landscape, utilizing sovereign landing zones makes it much easier to design, develop, deploy and audit solutions while enforcing compliance with defined policies.
Customers can also leverage Azure Confidential Computing to secure sensitive and regulated data even while it’s being processed in the cloud. Azure Confidential Computing protects data in memory in hardware-based trusted execution environments, helping prevent unwanted data access by the cloud provider, administrators and users. Customers can benefit from this capability on Azure without having to change existing applications.
Third, customers can adopt specific, sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements. These help customers create cloud guardrails and enforce specific regulations more easily. Customers can layer these policy initiatives to form a complete solution for their specific needs, and use deployment automation to ensure consistency, best practices and save time.
For example, our customers typically start with Azure Cloud Security Benchmark then layer the new Sovereignty Policy Baseline to ensure best practices for digital sovereignty. Then, customers can leverage a regional specific layer, such as Baseline informatiebeveiliging overheid (BIO), a foundational standards framework for information security within the Netherlands government, or the strategic guidelines for migration to the cloud of data and digital services of the Italian Public Administration National Cybersecurity Agency (ACN).
Additionally, the new Cloud Security Alliance Cloud Controls Matrix (CSA CCM v4) policy initiative is oriented toward a global standard that many other regional standards build upon.
Customer and partner collaborations delivering local solutions
Through our product development lifecycle, we’ve had the privilege of collaborating with customers around the world and their trusted partners. These collaborations continue to inform both our technical roadmap as well as solution design and delivery.
In the Netherlands, the National Cyber Security Center (NCSC-NL) has achieved significant traction in their work to establish a cloud center of excellence, deploying Microsoft Cloud for Sovereignty to accelerate innovation in the cloud while still managing sovereign controls. Arnoud van Petersen, CIO & Head of IT Services at NCSC-NL, explains: “Our innovation teams are exploring ways to use advanced data and AI capabilities to reduce the time required to interpret signal data and produce advisories from days to minutes, delivering an EU leading rapid response and information sharing in a dynamic cyber threat landscape.”
The municipality of Amsterdam is partnering with InSpark (a subsidiary of Royal KPN) to bring on-premises datacenter workloads to the cloud in compliance with the relevant classification within the Dutch BIO regulation. Patrick Scholte, Director Platforms & Development, shares: “Municipality of Amsterdam opted for Cloud for Sovereignty primarily due to privacy considerations, specifically in compliance with GDPR. Beyond its effective implementation of innovative security technologies, Microsoft Cloud for Sovereignty plays a crucial role in facilitating significant internal advancement for us.
“As an organization, it is imperative for us to address the establishment of processes, policies, and guidelines, as an addition to the use of innovative technologies that pertain to data sovereignty,” Scholte adds. “These measures are essential in mitigating evolving risks, and the use of Microsoft Cloud for Sovereignty allows us to encode and audit them effectively.”
In Italy, Leonardo is now migrating their public and private customers to a secure public cloud service on the new Italy North Azure region, leveraging sovereign landing zones and advanced technologies such as Azure Confidential Computing. “We have chosen Microsoft Cloud for Sovereignty to deliver solutions for our customers in compliance with digital sovereignty attributes and regulations, leveraging the economies of scale, security levels and pace of innovation that today are only available with hyperscale clouds,” says Massimo Tedeschi, Senior Vice President Cyber & Security Engineering, Leonardo.
In Belgium, Proximus has selected Microsoft Cloud for Sovereignty in its work with customers across Belgium, Luxembourg and the Netherlands to deliver cloud capabilities along with advanced security layers and sovereignty controls to protect sensitive data in the cloud.
“Our customers expect us to provide them with the highest data protection and sovereignty, says Anne-Sophie Lotgering, Enterprise Market Lead at Proximus. “That is exactly why we collaborate with Microsoft to offer advanced cloud capabilities together with the highest security and privacy controls to our Benelux customers.”
Driving a rapid pace of innovation
As the Microsoft Cloud for Sovereignty enters general availability today, we’re also announcing new capabilities in preview. These solutions underscore our continued investment in a rapid pace of innovation to advance sovereignty in the hyperscale cloud:
- Drift analysis capabilities: Ongoing administration and maintenance can potentially introduce changes that don’t comply with policies, resulting in the deployment beginning to drift out of compliance over time. The new drift analysis tool inspects your deployment and generates a list of non-compliant settings, as well as a severity rating, making it easier to identify any discrepancies to remediate and verify the compliance of specific environments.
- Transparency logs: Gives eligible customers visibility into the instances where Microsoft engineers have accessed customer resources through Just-In-Time (JIT) access, most commonly in response to a customer support request. With this update, customers can now request access to the preview feature via the Azure portal.
- New configuration tools in the Azure portal: Allows customers to create a new tailored sovereign landing zone in two simple steps using a guided experience.
Learn more and get started today
Get started with Microsoft Cloud for Sovereignty today to advance government innovation in the cloud.
Visit microsoft.com/sovereignty for the latest news, visit Microsoft Learn, and reach out to your Microsoft representative to learn more.