Microsoft Cloud for Sovereignty: maintain control over strategic digital assets

Governments and organizations are focusing on digital transformation to fundamentally transform the way they operate and deliver services to their customers. Cloud adoption has increased tremendously in the last couple of years, also due to the COVID-19 pandemic. But as they move to the cloud, organizations want to maintain the same level of control over their IT resources as they have in their data centers. Concerns about cloud sovereignty, which include data, operational, and technical issues, are not new and have been increasing because of rising geopolitical tensions, changing data and privacy laws in different countries, the dominant role of cloud players concentrated in a few regions, and the lessons learned through the pandemic. As a result, governments and organizations are reevaluating their external exposure and looking for ways to maintain physical and digital control over strategic assets.

To adhere to these concerns, Microsoft has released a new solution called Microsoft Cloud for Sovereignty. This solution is aimed to meet compliance, security, and policy requirements that governments and organizations are facing. With the addition of Microsoft Cloud for Sovereignty, governments and organizations will have more control over their data, and it will increase the transparency of operations and governance processes of the cloud.
Microsoft Cloud for Sovereignty is designed to be a partner-led solution, where partners will play a vital role in delivering the solutions. One ofMicrosoft’s European Cloud principles is that Microsoft will provide cloud offerings that meet European government sovereign needs in partnership with local trusted technology providers. Also, Capgemini and Orange have been working closely together with Microsoft, and will start supporting clients in preparing for their migration by the end of 2022.

With Microsoft Cloud for Sovereignty, Microsoft is focusing on the following pillars

Data residency

Data residency is the requirement that data must be stored within a specific geographic boundary, such as a national boundary. Azure offers data residency for many services in over 35 countries with over 60 different data center regions worldwide (and growing). This enables residency options for Azure, Microsoft 365, and Dynamics 365, where many clients can store and process their data locally. By implementing policies, clients can meet their regulatory requirements to store their applications and data in the required geographical boundary. For Europe, the forthcoming EU Data Boundary will ensure that data will be stored and processed in the EU and European Free Trade Association.

Sovereign controls

In addition to the specific regions and geographic boundaries where applications and data are stored and processed, Microsoft also offers a set of sovereign controls that provide additional layers to protect and encrypt sensitive data. These controls span the entire Microsoft cloud: SaaS offerings such as Power Platform, Microsoft 365, and Dynamics 365, as well as the cloud infrastructure and the PaaS services that are available in Azure.

The following offerings can be leveraged by clients for sovereign protection:

  • Azure Confidential Computing: Azure confidential computing consists of confidential virtual machines and confidential containers. This enables data to be encrypted in rest, but also in use. Specialized hardware is used to create isolated and encrypted memory, which is called a trusted execution environment (TEE). TEEs guarantee that data and code that are processed cannot be accessed from outside the TEE. Client-owned encryption keys are released directly from a managed HSM (hardware security module) into the TEE. The client keys are secured, also when in use, and it ensures that data is encrypted in use, transit, and in rest.
  • Double Key Encryption (DKE): DKE uses two keys together to access protected content. One key is stored in Azure and the other key is held by the client. It comes with Microsoft 365 E5, and it is intended for the most sensitive data that is subject to the strictest protection requirements.
  • Customer Lockbox: Customer Lockbox ensures that Microsoft can’t access client data and content without explicit approval from the client during service operations. Customer Lockbox is offered for Microsoft 365Microsoft AzurePower Platform, and Dynamics 365.
  • Azure Arc: Azure Arc extends the Azure services, management, and governance features and capabilities to run across data centers, at the edge, and in multicloud environments. Clients can centrally manage a wide range of resources, including Windows and Linux servers, SQL Server, Kubernetes clusters, and other Azure services. Virtual machine lifecycle management can be performed from a central location. Governance and compliance standards can be met by implementing Azure Policy across these different resources. And services such as Azure Monitor and Microsoft Defender for Cloud can be enrolled as well.
  • Sovereign Landing Zone: Microsoft Cloud for Sovereignty will include a Sovereign Landing Zone. This landing zone is built upon the enterprise scale Azure Landing Zone and will make deployments automatable, customizable, repeatable, and consistent. This landing zone will extend into Azure Information Protection, which also enables policy and labeling for access control and protection on email and document data. Clients can also define custom policies to meet specific industry and regulatory requirements.

Governance and transparency

The Government Security Program (GSP) provides participants from over 45 countries and international organizations, represented by more than 90 different agencies, with the confidential security information and resources they need to trust Microsoft’s products and services. These participants have access to five globally distributed Transparency Centers, receive access to source code, and can engage on technical content about Microsoft’s products and services. Microsoft Cloud for Sovereignty will expand GSP to increase cloud transparency, starting with key Azure infrastructure components.

Wrap up

In this article I wanted to focus on what Microsoft Cloud for Sovereignty has to offer for clients who want to leverage the Microsoft cloud for their digital transformation journey, but also want to maintain the same level of control over their IT resources as they have in their own data centers. Cloud adoption has accelerated enormously in the last couple of years, which also makes cloud sovereignty much more important for governments and organizations. Microsoft offers the tools, processes, and transparency to partners and clients to support the increasing sovereignty requirements that clients have on their transformation journey.

Due to these increasing sovereignty requirements, Capgemini has conducted research to look deeper into organizational awareness and key priorities when it comes to cloud sovereignty and the role it plays in overall cloud strategy. We have released a whitepaper with our findings, which can be downloaded here.

At Capgemini, we have a lot of experience in implementing cloud solutions across all industries. If you would like more information about how we do this for our clients, you can contact me on LinkedIn or Twitter.

You can also read my other articles here.

Adapt and thrive with Microsoft Azure for Industries – Part 1

The way we work and live has changed. As a result of the recent global health crisis, many organizations are accelerating their digital transformation efforts to meet the challenges that they were exposed to. Employees around the world shifted to remote work, stores needed to shift to a buy online, pick up in-store model. In manufacturing, remote capabilities became key. Digital transformation has now become a requirement for business continuity, and digital technology has universally become key to business resilience and transformation.

This enormous pressure on digital transformation since the pandemic struck has affected all industries. A recent study from the Economist and Microsoft shows that organizations that had already started their digital transformation before the pandemic were able to adjust more quickly to meet customers’ new needs. The digital infrastructure that these industries already had in place allowed them to not only remain competitive in the market, but also to respond to societal disruption in a nimbler way. To meet the challenges of a rapidly changing economy across all different industries, merely adopting technology will no longer suffice. They need to build their own technology to compete and grow. And this makes every company a technology company.

We’ve seen two years’ worth of digital transformation in two months. From remote teamwork and learning, to sales and customer service, to critical cloud infrastructure and security – we are working alongside customers every day to help them adapt and stay open for business in a world of remote everything.”

Satya Nadella,

Over the past year, Microsoft has been working closely with leaders in every industry to help them navigate the crisis. They equipped them with the technology and tools to accelerate the digital transformation. Industry-specific solutions are the key to ensure business resiliency and accelerating growth.

In this first of a series blogs on industry solutions built on the Microsoft Azure platform, I’m going to focus on retail and healthcare solutions. We will focus on certain use cases and the solutions and tools that Microsoft has to offer to build the different practices.

Azure for retail

Gone are the days when retailers chose when, where, and what to sell. In this changing world, retailers are being challenged to figure out how best to engage with customers within new constraints. One example of this is adapting business processes to provide BOPIS (buy-online-and-pickup-in-store  services). Also, many retailers who are driving a more sustainable data proliferation model are including the ability to deliver remote sales and services and addressing the need to better equip store associates with technology.

With Azure for retail, organizations are capable of building personalized experiences, optimizing their supply chains, and reimagining multichannel retail using Microsoft Azure. This includes predictive AI, machine learning, IoT, hybrid cloud, computer vision, and analytics.

Azure for Retail includes the following tools and services:

  • Azure Synapse Analytics: With Azure Synapse for Analytics, retailers can gather, store, process, analyze, and visualize data of any volume, variety, or velocity to pave the way to intelligent retail.
  • Azure AI and Machine Learning: With these tools, retailers can build intelligent, personalized customer experiences and optimized systems powered by the proven, responsible, and secure AI that Microsoft Azure offers.
  • Azure Cognitive Services: Bring AI within the reach of every developer, without the need to require machine-learning expertise.
  • Azure IoT: Enabling smart retail through Azure IoT. Retailers can securely connect their assets and equipment to the retail cloud with the different IoT solutions that Azure has to offer to unlock real-time insights and enable system interoperability.
  • Azure Mixed Reality: Blend the digital and the physical worlds to create immersive and collaborative experiences.
  • Azure Stack: Build and run hybrid applications across datacenters, edge locations, and the cloud.
  • Azure Virtual Desktop: Deploy virtual desktops and apps to enable secure remote work.
  • SAP on Azure: Run your organizations retail operations with SAP workloads on Azure to increase agility, drive strategic innovation and perform at scale.

In the next section, we’ll take a look at what Microsoft Azure has to offer for healthcare organizations.

Azure for healthcare

The healthcare industry is highly regulated. In this field, digital change is driven by the need to lower the risk of delivering patient care while doing so at scale. The rapidly changing world is pressuring healthcare organizations to evolve how they deliver patient care as well. One example of this is that healthcare organizations are increasingly using technology platforms to shift to more telehealth services. This example is very spot on in the current pandemic. By meeting patients virtually, healthcare professionals can threat (more) patients while minimizing the risk of exposure to themselves and to others.

With Azure for healthcare, healthcare organizations can deliver better health insights and outcomes as they enhance patient engagement, empower health team collaboration, and improve clinical informatics and operational insights – all backed by a secure and trusted cloud. This includes hybrid cloud, mixed reality, AI, and IoT – to drive better health outcomes, improve security, scale faster, and enhance data interoperability.

Azure for Healthcare includes the following tools and services:

  • Azure Healthcare APIs: With Azure healthcare-specific APIs, organizations can securely manage different formats of protected health data, accelerate machine learning, and enable a secure exchange of health data within a global infrastructure.
  • Azure AI and Machine Learning: Deliver better healthcare outcomes with personalized, preventative care and intelligent systems powered by proven, secure, and responsible AI.
  • Azure Synapse Analytics: With Azure Synapse for Analytics, healthcare organizations can gather, store, process, analyze, and visualize clinical data of any volume, variety, or velocity to pave the way towards smart healthcare.
  • Azure IoT: Deliver personalized care, empower care teams and employees, and improve operational outcomes. Securely connect health devices and equipment to the cloud with healthcare solutions to unlock real-time insights and enable system interoperability.
  • High Performance Computing: Accelerate insights in genomics precision medicine and clinical trials with near-finite high performance bioinformatics infrastructure.
  • Azure Stack: Build and run hybrid applications across datacenters, edge locations, remote clinical facilities, and the cloud.
  • Azure Mixed Reality: Blend the digital and the physical worlds to create immersive, and collaborative experiences, across the operating room and other health facilities.
  • Azure Security: Protection from the edge to the cloud and stay ahead of risks with intelligent monitoring tools built with powerful AI.

Wrap up

Microsoft offers a comprehensive toolset for the retail and healthcare industries.

Implementing these cloud solutions on a large scale and embedding them into your organization, involves a structured approach, a cultural shift, and a solid and secure architecture. This also includes setting up a Cloud Center of Excellence, and embracing cloud-native technologies and the Microsoft Well-Architected Framework, which I describe in more detail in the following articles:

At Capgemini, we have a lot of experience implementing cloud solutions across different industries. If you’d like more information about how we do this for our clients, contact me on LinkedIn or Twitter.

You can read my other articles here.

Exit mobile version