Many companies are already relying on cloud infrastructure. They have discovered that many potential use cases with excellent business advantages turn out to be more challenging with a second look – since hyperscaler clouds are not easily deployed. Additional time and costs for legally compliant usage delay digitalization projects – or prevent them entirely. It's no wonder the call for sovereign clouds is getting louder and louder. This is one of the goals of Europe's GAIA-X initiative: the sovereign and legally compliant usage of cloud resources.
The T-Systems Sovereign Cloud powered by Google Cloud is the first of its kind on the German market. As a joint product from T-Systems and Google Cloud, it offers full compliance with the requirements of German regulations – while retaining the public cloud functionality of a hyperscaler. This will enable the drastic acceleration of digitalization projects.
The Sovereign Cloud is available in two versions: the Sovereign Cloud Platform, a Google Cloud platform monitored by T-Systems, and the Sovereign Private Cloud. The latter is based on Google Cloud technology and is operated by T-Systems in a private data center (such as the T-Systems data center in Biere, Magdeburg, or on-site at client premises). This offer is specifically oriented to clients with particularly sensitive workloads. Both versions fulfill the core GAIA-X provisions for cloud sovereignty.
In the first phase, all cloud service data is encrypted by T-Systems. At the same time, extended checks ensure that this data is only decrypted for authorized end-user requests. In addition, the data center is audited to ensure that there is no unauthorized access to hardware and that physical threats can be ruled out. In the second phase from 2023, T-Systems will take over the management of user identities and thus ensure that any PII data in the form of user accounts no longer must be stored in the Google Cloud itself. This also includes audits and logging of access to all customer data, including authorization changes. In the third step after 2024, T-Systems will take over end-to-end operations, including the Root Certificate Authority (RCA) for encrypting data in transit and at rest.
The T-Systems Sovereign Cloud solution powered by Google Cloud addresses all three aspects of sovereignty right from the start: data sovereignty, operational sovereignty, and software sovereignty. Adherence to these principles is continuously monitored by T-Systems. This means that companies from regulated industries such as healthcare, the public sector, and finance can use cloud services in compliance with GDPR and Schrems II.
T-Systems takes on the encryption management from the Google Cloud Platform – meaning that Google is unable to access the key or client data, neither from Europe nor the USA. T-Systems is also responsible for all identity and access management, which means that clients in regulated markets and/or clients working with personally identifiable data can use the Google Cloud ecosystem to successfully implement their digital transformation without any reservations.
The Sovereign Cloud solution is based on a consistent zero-trust model. Encryption processes and administrative access are 100 per cent transparent; clients can even audit these using tamper-proof logs. The same applies to changes in security configurations. Only admins from within the EU can access the cloud resources as they have control.
The Sovereign Cloud is designed as an open platform. This means effective prevention of vendor lock-in. Workloads can be consistently orchestrated across multi-cloud landscapes – and thus can be moved away from the Sovereign Cloud to other platforms at any time. All services are based on open-source software and open APIs. They are compatible with widely used standards such as Spark, Hadoop, MySQL, Kubernetes, Terraform, etc.
