News this week that Microsoft will make available its Microsoft Cloud for Sovereignty offering across all its Azure regions reflects, at its core, the growing consumer demand for data sovereignty.
No surprise there.
The last few years have seen a kind of reverse tidal wave in the field of data storage, with government and enterprise clients the world over flocking from public clouds back to on-prem solutions in a bid to reassert control of sensitive information.
The fact that Microsoft will roll out the service across all of its 60-plus Azure regions worldwide tells you something about the scale of this trend.
The cultural and political forces that have compelled Microsoft to invest in sovereign-cloud initiatives will intensify as consumer concern around data security grows. This will have a corresponding impact on lawmakers who must respond to the concerns of their constituents.
Long story short: increased data control isn’t a blip, it’s the long-term direction of travel in jurisdictions all over the world.
At first blush, Microsoft’s Sovereign Cloud measures up reasonably well.
Aimed primarily at public sector clients, or clients subject to country-specific regulatory burdens, Microsoft’s Sovereign Cloud will allow customers to store data in one of its 60-plus Azure regions while complying with whatever data hosting requirements they might be subject to.
Microsoft will do this by creating so-called Sovereign Landing Zones within its Azure ecosystem. Sovereign Landing Zones are effectively carve-out zones within Azure programmed to comply with specific country requirements.
As Microsoft explains in its official blog: “Organizations can leverage landing zones as a repeatable best-practice for secure and consistent development and deployment of cloud services. As many government organizations face a complex and layered regulatory landscape, utilizing sovereign landing zones makes it much easier to design, develop, deploy, and audit solutions while enforcing compliance with defined policies.”
In other words, the government of Fiji will be able to store data in Microsoft’s Auckland data center, but still, call its data “sovereign” because the Sovereign Landing Zone in which it is located has been configured to comply with Fiji’s data storage laws.
It’s a great idea, except for the fact that, well, your data is still thousands of kilometers offshore in another country’s jurisdiction and managed by a third party.
Microsoft’s offering is designed to combine the ease, scale, and convenience of the hyperscalers with the growing requirement that data be kept on a tight leash.
And to be fair for a lot of customers this will be fine. But there are 195 countries on the planet and Microsoft doesn’t have data centres in all of them.
It’s a bit of a stretch to call a Sovereign Landing Zone a true sovereign cloud experience.
Firstly, there’s the point touched on above - if you’re a client located outside those 60-odd policy zones your data still lies outside your domestic legal jurisdiction. Can data stored in those circumstances really be called “sovereign"? I would argue that’s stretching the definition to breaking point.
Then there’s the security of the data itself. Microsoft promises it will make available “transparency logs”, alerting customers to instances where Microsoft engineers have accessed customers’ resources. This is presumably when engineers need to conduct maintenance on cloud infrastructure or (as Microsoft notes), in response to a customer request.
Again, in most instances, this won’t be a problem. Microsoft is a reputable company with a fine record of corporate governance, particularly as it relates to public sector clients.
But the fact that Microsoft employees can gain access to a customer’s workload in what is sold as the equivalent of a private cloud demonstrates the inherent vulnerability of the public cloud. No matter how many guardrails you install, the fact is your data is still sitting next to someone else’s on commercial infrastructure accessible by anyone.
But perhaps the biggest limitation is vendor lock-in. Microsoft’s Cloud for Sovereignty locks customers into the Microsoft ecosystem, obliging them to use the full suite of Microsoft products, like Azure Confidential Computing. This leaves customers beholden to the whims of their provider, who may increase prices or licensing fees. Obviously, this risk increases the deeper you go and the longer you stay.
This isn’t a side effect of life with the hyperscalers, by the way; it’s part of the business model. By increasing the cost of leaving, either financially or through disruptions to services or access to data, the Microsofts of the world increase customer retention.
It also leaves data hidden behind layers of opaque proprietary software.
Microsoft might call its new product “sovereign", but it still falls well short of what customers might expect from the term - data held on-premises and managed by the customer.
For customers looking for a truly sovereign product the best option remains an on-premises private cloud, preferably one configured with open-source software to eradicate vendor lock-in. For the gold standard SoftIron’s own HyperCloud, which is physically manufactured in either the US or Australia, is even more secure.
Hyperscalers like Microsoft do public clouds very well but they should stick to their knitting. A true sovereign cloud doesn’t live overseas in a public data center the size of a city block.
It’s in your basement under lock and key being managed by your own people.
Close Microsoft, but no donut.