Plan and prepare for Microsoft Cloud for Sovereignty in 2023 release wave 2
Important
The 2023 release wave 2 plan covers all new functionalities planned to be delivered to market from October 2023 to March 2024. In this article, you'll find the product overview and what's new and planned for Microsoft Cloud for Sovereignty.
Overview
The Microsoft Cloud for Sovereignty enables governments to build and digitally transform workloads in Microsoft Cloud while meeting many of their specific compliance, security, and policy requirements. Microsoft Cloud for Sovereignty creates software boundaries in the cloud to establish the extra protection that governments require, using hardware-based confidentiality and encryption controls.
Adopting cloud computing while meeting digital sovereignty requirements is complex and can differ greatly between organizations, industries, and geographies. Microsoft Cloud for Sovereignty addresses the sovereignty needs of government organizations. Further, Microsoft Cloud for Sovereignty is customizable and adheres to evolving local policies and regulatory requirements around the handling of data. Governments need not choose between digital innovation and control over their data, and digital workloads. They can implement secure, consistent, and compliant environments and adhere to evolving local regulations while taking full advantage of the cloud.
The benefits and value of running your applications in the Azure public cloud are substantial and include scalability, elasticity, resiliency, compliance, agility, and unmatched cybersecurity. With Microsoft Cloud for Sovereignty, you can meet digital sovereignty and compliance requirements and still gain the benefits of the public cloud. Cloud for Sovereignty aims to simplify, standardize, and improve confidence in the digital sovereignty of the public cloud by providing tools and guidance throughout the cloud implementation lifecycle for IT professionals, information security officers, and decision makers. Cloud for Sovereignty supports both greenfield scenarios, such as migration of on-premises workloads to the cloud, and brownfield implementations, such as aiming to improve the digital sovereignty and compliance of existing cloud workloads.
Microsoft Cloud for Sovereignty provides capabilities across different layers.
- Built on top of the Azure public cloud capabilities.
- Regulatory compliance and transparency into the cloud operator's activities.
- Sovereign guardrails through codified architecture, workload templates, localized Azure Policy Initiatives, tooling, and guidance.
- Advanced sovereign control services like Azure Confidential Computing and Azure Key Vault Managed HSM.
Investment areas
Compliance and transparency
Governments require confidence in the security and privacy of their data and the ability to keep innovating while protecting that data. They must also be able to meet their legislative or regulatory obligations and have more insights into the cloud operator's activities.
Microsoft Cloud for Sovereignty builds on top of the compliance and transparency capabilities that Microsoft already provides. Eligible customers can also take advantage of increased transparency over – and into – their environment's operations with tools and programs such as source code review, access to technical data, and transparency reports.
For qualified customers and government agencies, Microsoft Cloud for Sovereignty provides more transparency into Microsoft activities through transparency logs. Additionally, eligible government agencies can take advantage of the Microsoft Government Security Program.
Sovereign control portfolio
Microsoft Cloud for Sovereignty helps customers configure and protect their data and resources in ways that comply with their specific regulatory and sovereignty requirements. It includes ensuring that parties outside the customer's control, including Microsoft, can't access customer data. With the sovereign control portfolio, customers can add extra protection over sensitive workloads to prevent operator access to their data and resources, providing them with more data sovereignty. The portfolio includes Azure Confidential Computing (ACC), customer-managed keys, Azure Managed HSMs, and other Azure services.
ACC enhances customer sovereignty by removing or reducing privileged data access for a cloud provider operator and other actors, including software such as the hypervisor. ACC helps protect data throughout its lifecycle in addition to existing solutions, which protect data at rest and in transit. For more information, see Azure Confidential Computing.
Sovereign guardrails and guidance
Microsoft Cloud for Sovereignty provides access to codified architectures, workload templates, and tooling to help create compliant environments that meet sovereignty, privacy, and regulatory requirements. Additionally, Cloud for Sovereignty reduces the complexity of cloud implementations by providing capabilities that make the process simpler, predictable, and repeatable by design.
Cloud for Sovereignty capabilities capitalizes on existing concepts and services such as infrastructure as code and Azure Policy as Code. The capabilities are:
The Sovereign Landing Zone, a variant of the Azure landing zone opinionated towards digital sovereignty (data residency, confidential computing, and more customer control over data).
Workload templates that accelerate the deployment of Azure workloads that are compatible with the Sovereign Landing Zone policies by design.
A policy portfolio including sovereignty baseline policy initiatives and local policy initiatives (along with their mappings) to help meet region-specific compliance regulations.
To learn more about the entire set of capabilities being delivered during this release wave, check out the release plan for Microsoft Cloud for Sovereignty below: