Microsoft Cloud for Sovereignty
In July 2022, Microsoft announced Microsoft Cloud for Sovereignty, a new solution that enables governments to deploy workloads in Microsoft Cloud while helping meet their specific sovereignty, compliance, security, and policy requirements. Microsoft Cloud for Sovereignty creates software boundaries in the cloud to establish the extra protection that governments require, using hardware-based confidentiality and encryption controls.
Microsoft Cloud for Sovereignty provides more tools, guidance, and guardrails for public cloud adoption with appropriate sovereign controls. It helps to extend the amount of control while maximizing the value and capabilities of the hyperscale Microsoft Cloud. Adopting cloud computing while meeting digital sovereignty requirements is complex and can differ greatly between organizations, industries, and geographies.
Microsoft Cloud for Sovereignty addresses the sovereignty needs of government organizations. Further, Microsoft Cloud for Sovereignty is customizable and adheres to evolving local policies and regulatory requirements around the handling of data. Governments need not choose between digital innovation and control over their data, and digital workloads. They can implement secure, consistent, and compliant environments and adhere to evolving local regulations while taking full advantage of the cloud.
The benefits and value of running your applications in the Azure public cloud are substantial and include scalability, elasticity, resiliency, compliance, agility, and unmatched cybersecurity. With Microsoft Cloud for Sovereignty, you can meet digital sovereignty and compliance requirements and still gain the benefits of the public cloud.
Cloud for Sovereignty aims to simplify, standardize, and improve confidence in the digital sovereignty of the public cloud by providing tools and guidance throughout the cloud implementation lifecycle for IT professionals, information security officers, and decision makers. Cloud for Sovereignty supports both green field scenarios, such as migration of on-premises workloads to the cloud, and brownfield implementations, such as aiming to improve the digital sovereignty and compliance of existing cloud workloads.
Microsoft Cloud for Sovereignty capabilities
Microsoft Cloud for Sovereignty provides capabilities across different layers.
- Built on top of the Azure public cloud capabilities.
- Regulatory compliance and transparency into the cloud operator's activities.
- Sovereign guardrails through codified architecture, workload templates, localized Azure Policy Initiatives, tooling, and guidance.
- Advanced sovereign control services like Azure Confidential Computing and Azure Key Vault Managed HSM.
Sovereign control portfolio
With the sovereign control portfolio, customers can add extra protection over sensitive workloads to prevent operator access to their data and resources, providing them with more data sovereignty. The portfolio includes Azure Confidential Computing, customer-managed keys, Azure Managed HSMs, and other Azure services. Sovereign Controls for Dynamics 365, Encryption and Key Management, and Confidential Computing sections have relevant links to more detailed information.
Sovereign guardrails and guidance
Microsoft Cloud for Sovereignty provides access to codified architectures, workload templates, and tooling to help create compliant environments that meet sovereignty, privacy, and regulatory requirements. Additionally, Cloud for Sovereignty reduces the complexity of cloud implementations by providing capabilities that make the process simpler, predictable, and repeatable by design.
Cloud for Sovereignty capabilities capitalizes on existing concepts and services such as Infrastructure-as-Code, Azure Policy, and Policy-as-Code. The capabilities are:
The Sovereign Landing Zone, a variant of the Azure landing zone opinionated towards digital sovereignty (data residency, confidential computing, and more customer control over data).
Workload templates that accelerate the deployment of Azure workloads that are compatible with the SLZ policies by design.
A policy portfolio including the Sovereignty Baseline policy initiatives and policy initiatives with their mappings specific to a given country/region.
Compliance and transparency
Governments require confidence in the security and privacy of their data and the ability to keep innovating while protecting that data. They must also be able to meet their legislative or regulatory obligations and have more insights into the cloud operator's activities.
Microsoft Cloud for Sovereignty builds on top of the compliance and transparency capabilities that Microsoft already provides. Eligible customers can also take advantage of increased transparency over – and into – their environment's operations with tools and programs such as source code review, access to technical data, and transparency reports.
For qualified customers and government agencies, Microsoft Cloud for Sovereignty provides More transparency into Microsoft activities through transparency logs. Additionally, eligible government agencies can take advantage of the Government Security Program.
Public cloud capabilities
The foundation of Microsoft Cloud for Sovereignty is Azure hyperscale public cloud that delivers innovation, scale, and security significantly beyond private or on-premises data centers. Additionally, with the Azure public cloud, customers can benefit from the global security signal that analyzes trillions of signals daily to protect against cyber-attacks while adhering to their regional requirements. For more information, read Why sovereignty in Microsoft Azure public cloud.
Microsoft's Trusted Cloud and Cloud for Sovereignty augmentation
Microsoft provides a comprehensive and secure cloud platform that prioritizes your trust. Our cloud services are built on several key principles:
Security: Azure, our cloud service, offers multi-layered security across physical data centers, infrastructure, and operations. With an investment of over 1 billion USD in security research and development, Microsoft actively monitors and protects business assets and data.
Privacy: Our core privacy principle is that you own your data. We never use it for marketing or advertising purposes.
Compliance: Azure provides the most extensive compliance coverage among cloud service providers, with over 100 compliance offerings. This proactive approach helps safeguard data and streamline compliance for enterprises, governments, and startups.
Microsoft Trusted Cloud aims to earn and maintain your trust by providing secure, compliant, and privacy-focused cloud services. You can achieve your goals with confidence.
For some sovereign customers, however, trust isn't enough. Microsoft's investments to provide Sovereignty controls in the public cloud augment our industry-leading security, privacy, and compliance capabilities as follows:
| Trusted Cloud Commitments | Cloud for Sovereignty augmentation |
|---|---|
| You control your data | Provides recommendations, best practices, and tools to help you meet your sovereignty requirements |
| We maintain transparency about the location and usage of data | Provides increased transparency into the storage, processing, and access of your data by Microsoft and its partners |
| We secure data at rest and in transit | Ensures that your data remains where you want it, subject to service region availability |
| We defend your data | Offers capabilities with confidential computing to encrypt your data while in use to help you adhere to your security, privacy, and sovereignty requirements |
| We offer a range of options to choose from based on your data residency, performance, scalability, and regulatory needs | Provides guidance, guardrails, automation, and transparency to help you meet your specific sovereignty goals |
For more information, see Trust your cloud | Microsoft Azure and Cloud Data Integrity and Compliance | Microsoft Trust Center.