Many companies are already relying on the cloud and have discovered that many potential use cases with excellent business advantages turn out to be more challenging with a second look – since hyperscaler clouds are not easily deployed. Additional time and costs for legally compliant usage delays digitalization projects – or prevents them entirely. It's no wonder the call for sovereign clouds is getting louder and louder. This is one of goals of Europe's GAIA-X initiative: the sovereign and legally compliant usage of cloud resources.
Launching in mid 2022, the Sovereign Cloud powered by Google Cloud will be the first of its kind on the German market. As a joint product from T-Systems and Google Cloud, it offers full compliance with the requirements of German regulators – while retaining the public cloud functionality of a hyperscaler. This will enable the drastic acceleration of digitalization projects.
The Sovereign Cloud is available in two versions: the Sovereign Cloud Platform, a Google Cloud platform monitored by T-Systems, and the Sovereign Private Cloud. The latter is based on Google Cloud technology and is operated by T-Systems in a private data center (such as the T-Systems data center in Biere, Magdeburg, or on site at client premises). This offer is specifically oriented to clients with particularly sensitive workloads. Both versions fulfill the core GAIA-X provisions for cloud sovereignty.
The Sovereign Cloud will launch in 2022; its level of sovereignty will be continuously increased until 2024. In the first phase, starting in 2022, T-Systems will take over control of external key management (EKM) and the key access justifications (KAJ). The first phase comprises checking and logging access to personally identifiable information (PII). During the second phase, starting in 2023, T-Systems will take on identity and access management. This also includes audits and logging access to all client data, including permission changes. In the third step, starting in 2024, all relevant platform controls will be transferred to T-Systems, including the root certificate authority (RCA) for the encryption of data in transit and data at rest.
The Sovereign Cloud powered by Google Cloud addresses all three aspects of sovereignty right from the start: data sovereignty, operational sovereignty, and software sovereignty. Adherence to these principles is continuously monitored by T-Systems. This means that companies from regulated industries such as healthcare, the public sector, and finance can use cloud services in compliance with GDPR and Schrems II.
T-Systems takes on the encryption management from Google – meaning that Google is unable to access the key or client data, neither from Europe, nor the USA. T-Systems is also responsible for all identity and access management, which means that clients in regulated markets and/or clients working with personally identifiable data can use the Google Cloud ecosystem to successfully implement their digital transformation without any reservations.
The Sovereign Cloud is based on a consistent zero-trust model Encryption processes and administrative access are 100 percent transparent; clients can even audit these using tamper-proof logs. The same applies to changes in security configurations. Only admins from within the EU can access the cloud resources.
The Sovereign Cloud is designed as an open platform. This means effective prevention of vendor lock-in. Workloads can be consistently orchestrated across multi-cloud landscapes – and thus can be moved away from the Sovereign Cloud to other platforms at any time. All services are based on open source software and open APIs. They are compatible with widely used standards such as Spark, Hadoop, MySQL, Kubernetes, Terraform, etc.
