Microsoft has launched a new service for public sector clients using its Azure cloud platform, which will guarantee their data is stored and processed within their legal jurisdiction. Microsoft Cloud for Sovereignty aims to address concerns around data sovereignty, which is increasingly a priority for national governments, particularly those in Europe who wish to remain compliant with the bloc’s stringent general data protection regulations (GDPR).
Launching the new service at the company’s Inspire conference, Corey Sanders, corporate vice president in the Microsoft cloud for industry and global expansion team, said it will give customers “greater control over their data and increased transparency to the operational and governance processes of the cloud”.
It is the latest move by Microsoft to assure public services making the transition to the cloud that by choosing the company over its public cloud rivals – Amazon’s AWS and Google Cloud – they can ensure data is kept safely and securely.
What does Microsoft Cloud for Sovereignty provide?
Cloud for Sovereignty will allow Microsoft customers to select where their data resides and where workloads are run. Microsoft has more than 60 data centre regions available. “Customers can specify the country or region for most service deployments with the ability to satisfy industry, national, or global security, privacy and compliance requirements,” Sanders explained.
A dedicated “Sovereign Landing Zone” will be set up for customers to provide a portal to manage compliance and make recommendations about changes that are required.
The service is initially launching in private preview and will be available to select customers and in a limited number of regions. A general release date has yet to be announced.
Microsoft wants to be the leader in public sector cloud
Both AWS and Google Cloud offer their own sovereignty options for customers, with Google having announced ‘sovereign controls’ for its cloud-based Google Workspace productivity suite in May. However, Microsoft has been particularly active in this area as part of its plan to provide a series of industry-specific clouds for markets which span the public and private sectors, such as healthcare.
Last year, Microsoft pledged it would store and process all data from European customers on the continent, and says it will have this data boundary in place by the end of 2022. And in May it said it was changing the policies governing its Azure following complaints from European cloud providers. Microsoft had been under fire from European rivals, who claimed it was deploying anti-competitive tactics to convince customers using Office 365 and other products to switch to Azure for their cloud services.
As part of that announcement, the company revealed five principles which it said would “guide all aspects of its cloud business, enhance transparency for the public, and help us to better support Europe’s technology needs“. These included a pledge that the company “will provide cloud offerings that meet European government sovereign needs in partnership with local trusted technology providers.”
With the vast majority of European organisations relying on US cloud providers, cloud sovereignty has been put in the spotlight by the controversy surrounding data transfers between the EU and US. Such transfers have technically been illegal since the ruling in the so-called Schrems II case in 2020, which found an existing agreement between the US and Europe, the Privacy Shield, was not compatible with GDPR. This is because US law allows its government to requisition client data from companies on national security grounds, something which is prohibited under GDPR.
This week Tech Monitor reported that Denmark is banning all Google Workspace products in its public sector over fears they are not compatible with GDPR because data is sent to US-based servers. Other European countries have taken similar action against Google Analytics.
Tech Monitor is hosting the Tech Leaders Club on 15 September. Find out more on NSMG.live