Plan and prepare for Microsoft Cloud for Sovereignty in 2023 release wave 2

  • Article

Important

The 2023 release wave 2 plan covers all new functionalities planned to be delivered to market from October 2023 to March 2024. In this article, you'll find the product overview and what's new and planned for Microsoft Cloud for Sovereignty.

Overview

The Microsoft Cloud for Sovereignty enables public sector customers to build and digitally transform workloads in the Microsoft Cloud while supporting a variety of compliance, security, and policy requirements. It features broad platform capabilities that unlock greater resiliency, agility, and security while offering greater control over data and increased transparency to the operational and governance processes of the cloud.

Sovereignty challenges in the public cloud

Technology decision-makers must weigh a variety of risks when selecting technology platforms. Operational risks can include a platform's resiliency, agility, and security, while sovereignty risks can include data and operational sovereignty.

Data Sovereignty means retaining ownership of your data and control over the storage, usage, and transmission of your data. Data Sovereignty may also imply Data Residency.

Operational Sovereignty includes having systems, processes, and personnel that can continue operations without interruption despite geopolitical events or foreign policy actions. Autarky is often a component of Operational Sovereignty.

Data Residency refers to the storage, transmission, and usage of data within the boundaries of a given political, national, or federal region.

Autarky, when used in the context of cloud computing, usually refers to being able to run independent of external networks and systems.

The challenge for public sector organizations is that the ways of mitigating operational and sovereignty risks are often contradictory. Reliability risks are usually mitigated using fault-tolerant designs that include redundant systems that are geographically dispersed. However, this often becomes difficult when data residency requirements limit how far distributed systems can be located from each other. Security risks can be mitigated by enhancing security operations with global threat intelligence and data analytics and by designing automation to identify threats and restore systems. But these capabilities are expensive to develop, deploy, and operate in a way that provides operational sovereignty and autarky. Conversely, systems that offer autarky to protect against external threats often require expensive on-premises infrastructure that hampers agility and scalability. Moreover, solutions that provide data sovereignty usually rely heavily on data residency and perimeter security controls to control access to data, and this can increase reliability and security risks by limiting geographic diversity and introducing single points of compromise.

When public sector organizations accept operational risks to mitigate sovereignty risks, they often only consider the potential impact of those threats. A clandestine nation-state seeking data about a foreign adversary or a disruption to utilities due to warfare are certainly catastrophic scenarios to consider. However, many other types of lower-impact risks are more likely to happen, and these risks can be challenging to mitigate when a platform has been designed through the traditional lens of sovereign platform design.

##Sovereign Capabilities in the Hyperscale Cloud Hyperscale cloud can provide an alternative to this perimeter-centric approach to sovereignty by allowing organizations to use the cloud to mitigate common operational risks while incorporating new technologies and approaches to mitigate sovereignty risks.

The Microsoft Cloud for Sovereignty provides a resilient, scalable, and agile platform for public sector customers to deploy their sovereign workloads by combining the power of the global Azure platform with several sovereignty capabilities that are designed to help mitigate sovereignty risks:

  • Automated Policy Enforcement provides tools and automation to deploy infrastructure and apply security and compliance policies across an organization’s Azure environment.
  • Confidential Computing delivers platform attestation and data-in-use encryption for highly sensitive workloads.
  • Enhanced Transparency provides additional assurance regarding key software and related processes used to operate the cloud platform.
  • Data Residency features give customers greater control over where their data is stored.
  • Local Governance helps governing entities exercise operational oversight over cloud environments.