What does the sovereign cloud mean?
A sovereign cloud is a cloud computing architecture designed and built to provide access to data in accordance with local laws and regulations. A sovereign cloud service provider will ensure that each subscriber’s data, including its metadata, is protected from foreign access and stored in accordance with the privacy mandates of the country of origin.
Cloud sovereignty requires the provider to monitor its cloud service and data storage and prove compliance with local privacy and data security laws. Sovereignty claims are established with regular record assessments that record access permissions and data movement over a defined period of time. If a cloud provider fails its sovereignty assessments, it may have to pay a penalty or reimburse subscribers for damages caused by unauthorized access.
The standards of a sovereign cloud can vary widely depending on the location of servers and cloud data. For example, some countries and nation states have strict requirements to protect data sovereignty, while in other countries businesses and individuals can determine for themselves how private data will be secured in transit and at rest.
Techopedia Explains Sovereign Cloud
Data access and protection standards may vary depending on the type of data stored. For example, financial and medical data often require higher standards for cloud storage than other types of data.
Determining the start of government intervention in the state of cloud and user data is tricky. However, two events in particular in the early 2010s can be seen as the origins of national and international cloud sovereignty laws: the Prism program incident, where it was revealed that the US NSA was mining data from users held by large private companies (like Apple and Google) and Microsoft’s involvement with the Justice Department in 2013, where Microsoft went to court to challenge an FBI warrant over information held on non-US servers , namely emails from a target account stored in Ireland.
Both cases highlighted the importance of having clear laws and standards on what organizations and governments can do with user data. In the United States, the Stored Communications Act (SCA) of 1986 regulates the storage and use of data stored in communications and transactional records held by third-party organizations. The law provides statutory privacy protection for customers of network service providers.
The CLOUD Act of 2018
The CLOUD Act (Clarifying Lawful Overseas Use of Data) amends the SCA of 1986 to include modern communication in an international context. The CLOUD Act allows the US government to require access to cloud data from companies subject to US jurisdiction.
This law not only includes strictly US companies and organizations, but also foreign entities that operate in the United States or with US citizen data and information. But to avoid a repeat of previous privacy invasion incidents, the CLOUD Act specifies the need for an ongoing criminal investigation before the US government can demand access to the sovereign cloud.
Access and power
It’s no surprise that data is considered the “oil of the future”. Data is extremely valuable because it has the power to influence entire markets, as well as policies and economic policies. landscapes. Without proper laws in place, personal information can be used for profit and influence.
Yet instead of repressing data in hopes of protecting its owners, there are ways the massive amounts of data stored in the cloud can be incredibly beneficial for future projects and innovation. For example, the International Data Spaces Association aims to use sovereign data in Internet of Things (IoT) and Artificial Intelligence (AI) projects across Europe.
Gaia-X is also working to develop a sovereign, efficient, competitive, yet secure and trustworthy data infrastructure federation.