The cloud’s evolution has brought unparalleled convenience, but data security remains a critical concern, especially in regulated environments. In this article, we explore how AWS European Sovereign Cloud addresses this by offering enhanced privacy and control for European businesses.
Privacy evolution in the public cloud
Over the past 15 years cloud computing has evolved from a niche virtual compute hosting environment option to the primary IT infrastructure model. It enabled countless businesses to gain access to the world’s most reliable and scalable data infrastructure.
While the public cloud offers convenience, security remains a primary concern for regulated entities. This is especially true for governmental institutions or companies working in strictly regulated environments. The providers have made tremendous advances in making cloud service configurations more secure out of the box. It significantly reduced the customers’ unwanted exposure due to poor configuration. Nevertheless, practice shows that ensuring data sovereignty and the ability for it to be accessed only by its owner requires a more complex and multilayered solution.
The two most pressing and often debated topics for European companies are data residence and the cloud provider’s ability to ensure that the data remains accessible only by its owners and not the employees of the cloud provider. As the leading public cloud provider, AWS has implemented controls for its regional services. This ensures that data transfers are restricted to only the specified regions. In this whitepaper, you can read more about defining boundaries for access to regional services. Years ago AWS also introduced their Nitro-powered virtual machines. It offers hardware-assisted data encryption “in use” (in memory) resulting in hardened VMs. It prevents AWS employees from accessing the customer data on EC2. AWS has gradually increased the number of regions where these features are available.
The AWS European Sovereign Cloud
AWS strives to bring even more in terms of public cloud privacy. Back in 2023, the company announced the launch of European Sovereign Cloud as a completely separate region with multiple availability zones in Germany. The new region in Brandenburg will start operations by the end of 2025. AWS committed to investing €7.8 billion in the project through 2040.
Initially, new AWS regions may not offer the full range of services available in more established regions, such as Frankfurt. However, they will provide key compute, containers, AI, security, database, and networking services, ensuring that customers get the comprehensive set of tools to build their infrastructure and run their workloads. Beyond current offerings in AWS European regions, what benefits does the AWS European Sovereign Cloud bring? There are a few; let’s look at some of the most significant ones.
EU-based AWS teams
AWS currently operates over 33 regions all across the world that require constant support and maintenance. Standard regions might be maintained by AWS employees outside of the region, this is not the case with the AWS European Sovereign Cloud. All AWS employees who can maintain and help customers with their cloud environment will be residing in the EU. This ensures that no AWS employees from outside of the EU will have access to the customer’s environment, even when performing troubleshooting activities.
Metadata locality
Many AWS services ensure user data stays within chosen regions. However, besides data customers actively store, AWS also requires additional metadata to operate these services. Such metadata can include data labels, access permissions, or service configuration definition. It may sometimes include information (e.g. PII) that the customer still would like to keep within the EU.
The European Sovereign Cloud will ensure that even this type of data is kept separate from the global AWS management plane. This addresses one of the main concerns for data locality, which was hard to solve for the public cloud providers due to the efficient global management plane.
Increased locality for hybrid environments
A hybrid cloud is still the predominant infrastructure deployment type for many companies. Some regulatory or performance requirements can still mandate that the workloads must reside on the customer’s premises. To help customers bring the convenience of the public cloud to their on-premise infrastructures, AWS offers their Outposts service. It has physical AWS-like infrastructure being deployed on the customer’s premises with centralised control capabilities from the AWS cloud.
A dedicated management plane in the new EU Sovereign Cloud region allows customers to connect and manage their Outposts infrastructure directly from within the EU. This eliminates concerns about metadata transfers crossing geographical boundaries, a potential issue with traditional regions.
Maintain EU presence with trusted managed services partner
While a trusted cloud provider like AWS offers a solid foundation for a secure and resilient infrastructure, the real operational focus often lies in ensuring smooth application performance, managing costs, and maintaining security and compliance at the solution level. Organisations prioritising strict data control often have stringent requirements for employees and partners.
Devoteam’s Cloud Managed Services delivers expert-level managed reliability, security, and governance services for any AWS customer. With our EU-based operations teams of cloud experts, we can ensure the highest levels of operational excellence. We provide managed security and compliance services, embedding regulatory compliance and data sovereignty in the core of our offerings. With the launch of AWS European Sovereign Cloud, we’ve fully adapted our entire suite of managed services, incorporating the new capabilities and features AWS provides. This includes enhancements to our reliability, security, and governance services.
To further emphasise our commitment to sovereignty and compliance, we will operate your environment exclusively within the EU. This ensures that even the most irrelevant operational data remains within EU borders and all data processing adheres strictly to GDPR guidelines.
We believe in supporting our customers without asking them to give up control of the environment. Whether it is the enhanced model of AWS European Sovereign Cloud or a classical environment, the customer is never tied into complex ownership transfer paths and maintains full ownership of their environments throughout the partnership.
Are you ready to unlock the true value of your company’s cloud environment? Connect with our experts for a consultation.