Поділитися через


Microsoft Cloud for Sovereignty

In July 2022, Microsoft announced Microsoft Cloud for Sovereignty, a new solution that enables governments, public sector, and heavily regulated organizations to deploy workloads in the Microsoft Cloud while helping meet their specific data sovereignty, compliance, security, and regulatory policy requirements. Microsoft Cloud for Sovereignty creates software boundaries in the cloud to establish the additional protection that regulated organizations require, using cloud guardrails, policy, hardware-based confidentiality and encryption controls.

Microsoft Cloud for Sovereignty provides tools, guidance, and guardrails for public cloud adoption with appropriate sovereign controls. It helps to extend the amount of control while maximizing the value and capabilities of the hyperscale Microsoft Cloud. Adopting cloud computing while meeting digital sovereignty requirements is complex and can differ greatly between organizations, industries, and geographies.

Microsoft Cloud for Sovereignty addresses the sovereignty needs of government organizations. Further, Microsoft Cloud for Sovereignty is customizable and adheres to evolving local policies and regulatory requirements around the handling of data. Organizations need not choose between digital innovation and control over their data, and digital workloads. They can implement secure, consistent, and compliant environments and adhere to evolving local regulations while taking full advantage of the cloud.

The benefits and value of running your applications in the hyperscale public cloud are substantial and include scalability, elasticity, resiliency, compliance, agility, unmatched cybersecurity, and access to the latest innovation in Artificial Intelligence services. With Microsoft Cloud for Sovereignty, you can meet digital sovereignty and compliance requirements and still gain the benefits of the public cloud.

Cloud for Sovereignty aims to simplify, standardize, and improve confidence in the digital sovereignty of the public cloud by providing tools and guidance throughout the cloud implementation lifecycle for IT professionals, information security officers, and decision makers. Cloud for Sovereignty supports both green field scenarios, such as migration of on-premises workloads to the cloud, and brownfield implementations, such as aiming to improve the digital sovereignty and compliance of existing cloud workloads.

Microsoft Cloud for Sovereignty capabilities

Microsoft Cloud for Sovereignty provides capabilities across different layers.

List of Cloud for Sovereignty capabilities

Public cloud capabilities

The foundation of Microsoft Cloud for Sovereignty is the Azure hyperscale public cloud that delivers innovation, scale, and security significantly beyond private or on-premises data centers. Additionally, with the hyperscale cloud, customers can benefit from the global security signal that analyzes trillions of signals daily to protect against cyber-attacks while adhering to their regional requirements. For more information, read Why sovereignty in Microsoft hyperscale public cloud.

Compliance and transparency

Governments require confidence in the security and privacy of their data and the ability to keep innovating while protecting that data. They must also be able to meet their legislative or regulatory obligations and have more insights into the cloud operator's activities.

Microsoft Cloud for Sovereignty builds on top of the compliance and transparency capabilities that Microsoft already provides. Eligible customers can also take advantage of increased transparency over – and into – their environment's operations with tools and programs such as source code review, access to technical data, and transparency reports.

For qualified customers and government agencies, Microsoft Cloud for Sovereignty provides More transparency into Microsoft activities through transparency logs. Additionally, eligible government agencies can take advantage of the Government Security Program.

Sovereign guardrails and guidance

Microsoft Cloud for Sovereignty provides access to codified architectures, workload templates, and tooling to accelerate the creation of compliant environments that meet sovereignty, privacy, and regulatory requirements. Additionally, Cloud for Sovereignty reduces the complexity of cloud implementations by providing capabilities that make the process simpler, predictable, and repeatable by design.

Cloud for Sovereignty capabilities capitalizes on existing concepts and services such as Infrastructure-as-Code, Azure Policy, and Policy-as-Code. The capabilities are:

  • The Sovereign Landing Zone, a variant of the Azure landing zone opinionated towards digital sovereignty (data residency, confidential computing, and more customer control over data).

  • Workload templates that accelerate the deployment of Azure workloads that are compatible with the SLZ policies by design.

  • A policy portfolio including the Sovereignty Baseline policy initiatives and policy initiatives with their mappings specific to a given country/region.

Sovereign control portfolio

With the sovereign control portfolio, customers can add extra protection over sensitive workloads to prevent operator access to their data and resources, providing them with more data sovereignty. The portfolio includes Azure Confidential Computing, customer-managed keys, Azure Managed HSMs, and other Azure services. Sovereign Controls for Dynamics 365, Encryption and Key Management, and Confidential Computing sections have relevant links to more detailed information.

Microsoft's Trusted Cloud and Cloud for Sovereignty augmentation

Microsoft provides a comprehensive and secure cloud platform that prioritizes your trust. Our cloud services are built on several key principles:

  • Security: Our cloud services offers multi-layered security across physical data centers, infrastructure, and operations. With an investment of over 1 billion USD in security research and development, Microsoft actively monitors and protects business assets and data.

  • Privacy: Our core privacy principle is that you own your data. We never use it for marketing or advertising purposes.

  • Compliance: Microsoft provides the most extensive compliance coverage among cloud service providers, with over 100 compliance offerings. This proactive approach helps safeguard data and streamline compliance for enterprises, governments, and startups.

Microsoft Trusted Cloud aims to earn and maintain your trust by providing secure, compliant, and privacy-focused cloud services. You can achieve your goals with confidence.

For some sovereign customers, however, trust isn't enough. Microsoft's investments to provide Sovereignty controls in the public cloud augment our industry-leading security, privacy, and compliance capabilities as follows:

Trusted Cloud Commitments Cloud for Sovereignty augmentation
You control your data Provides recommendations, best practices, and tools to help you meet your sovereignty requirements
We maintain transparency about the location and usage of data Provides increased transparency into the storage, processing, and access of your data by Microsoft and its partners
We secure data at rest and in transit Ensures that your data remains where you want it, subject to service region availability
We defend your data Offers capabilities with confidential computing to encrypt your data while in use to help you adhere to your security, privacy, and sovereignty requirements
We offer a range of options to choose from based on your data residency, performance, scalability, and regulatory needs Provides guidance, guardrails, automation, and transparency to help you meet your specific sovereignty goals

For more information, see Trust your cloud | Microsoft Azure and Cloud Data Integrity and Compliance | Microsoft Trust Center.