Microsoft has offered its Cloud for Sovereignty for nearly a year and today provided an update on the service.
Microsoft Cloud for Sovereignty is primarily focused on government and public sector customers that want to get the benefits of the public cloud but must follow strict regulatory and compliance requirements, particularly related to data privacy.
Corey Sanders, corporate vice president of Microsoft Cloud for Industry, said the offering will also work well for companies that are heavily regulated.
In the past year, Microsoft has delivered two private previews of Cloud for Sovereignty. “A lot of the initial feedback and passion to use the public cloud has originated in Europe,” said Sanders. “But a lot of countries are looking at it.”
Microsoft is already working with the governments of Belgium, the Netherlands, Luxembourg and Italy.
Silverlinings asked if the U.S. might make a prime target for Cloud for Sovereignty, given that the 50 states seem to be making their own laws on several issues that involve data privacy. We’re thinking about sensitive topics such as legalized drug use and abortion laws that now vary from state to state. Not to mention more mundane issues such as human resources requirements that vary widely in different states with so many employees working remotely.
Sanders said, “The complexity of regulation is increasing. That’s true worldwide and within the U.S. One of the benefits of Microsoft for Sovereignty is creating a simplified way to manage across the different services and offerings we have based on those different types of regulations.”
He said Microsoft has a component called “sovereign landing zones,” which allows customers to take their unique requirements and apply them to the public cloud configuration, following the specific rules and regulations on a country-by-country or state-by-state basis.
According to a blog post Sanders published today, “Many governments require transparency regarding how Microsoft responds to third-party data requests. Microsoft does not provide direct and unfettered access to our customers’ data. We do not share encryption keys or the ability to break our encryption with anyone, including any government. Governments must follow the applicable legal process to request customer data. They must serve us with a warrant for content or a court order or subpoena for subscriber information or other non-content data.”
The blog added that all requests for data must target specific accounts and identifiers. Microsoft’s legal compliance team reviews all submissions to ensure they are valid and rejects those that are not.
Security technology
Microsoft’s Azure Cloud deals with 65 trillion security signals per day. Sanders said that Cloud for Sovereignty includes Azure Confidential Compute, which enables the classic encryption for at-rest or in-transit data, but also provides encryption for in-use data. “It leverages root-trust security based to the hardware itself so that customers understand they are protected even with any hardware shifts underneath,” he said.
Confidential Compute protects data in use by performing computations in a hardware-based Trusted Execution Environment (TEE). Any data in the TEE can't be read or tampered with by any code outside that environment.
In addition, customers can use a blockchain service built on top of Confidential Compute — called Confidential Ledger — that confirms and audits that their data wasn’t moved.