Already a leader in Malaysia’s burgeoning cloud services and solutions sector when it was acquired by Time dotCom, one of the region’s largest fixed-line communications companies in 2021, AVM Cloud recently became one of the select group of providers who offer VMware Cloud Verified Services to earn the VMware Sovereign Cloud distinction.

Originally known as Integrated Global Solutions Technologies, AVM Cloud has a long relationship with VMware going back to 2010.

David Chan, CEO, AVM Cloud

AVM Cloud

AVM Cloud’s CEO David Chan explains that “being named VMware’s Hybrid Cloud Provider of the Year FY 2018 reflected our commitment to provide customers with choices that enable them to optimize their unique cloud journey and in many ways our decision to pursue and earn the VMware Sovereign Cloud distinction is a natural progression of that effort. Now our customers can choose to have their data safely and securely kept, maintained, and safeguarded by Malaysian citizens in Malaysian territory.”

Chan notes that AVM Cloud’s commitment to providing enterprises with choices is readily apparent in the depth and breadth of the company’s portfolio. This includes not only its hybrid cloud products, but also the private AVM Cloud offered in multi-tenant and dedicated versions, Infrastructure-as-a-Service and Platform-as-a-Service, the company’s Fusion backup to cloud solution, and AVM’s Cloud-In-A-Box – a ready-made offering that lets organizations deploy a private cloud with robust security features on premises or in a co-located data center.

Notably, AVM Cloud also offers a number of custom cloud solutions. This includes an ever-growing portfolio of cloud-native applications based on VMware Tanzu.

Chan says AVM Cloud’s top priority in achieving its status was to be able to cater to full spectrum of customers’ workloads, including those that are best served when data resides in, is safeguarded in, and is managed and maintained within sovereign territory without intervention from foreign entities

Sovereignty is increasingly a priority for many organizations in Malaysia. In the case of AVM Cloud, this includes customers in numerous industries, including financial services and manufacturing.

“The regulatory requirements on sovereign cloud are still nascent and developing in Malaysia,” he says. Data sovereignty is reflected in existing legal and policy frameworks which encompass a comprehensive, cross-sectional framework to protect personal data in commercial transactions and play an important role in helping companies address data sovereignty issues.

These issues are directly addressed by the five criteria and numerous requirements that must be met to achieve the VMware Sovereign Cloud distinction: data sovereignty and jurisdiction control, data access and integrity, data security and compliance, data independence and mobility, and data innovation and analytics. AVM Cloud addresses each of them.

“Our sovereign clouds are architected and built to deliver security and data access that meets the strict requirements of regulated industries and local jurisdiction laws on data privacy, access, and control,” Chan says. “We deliver this national capability for digital resilience while still enabling our customers to access a hyperscale cloud in another region for ancillary workloads or analytics. In this way, Malaysian companies can demonstrate to their customers that they value their trust and treat their personal data with the utmost care. Ultimately, this commitment will benefit all Malaysian citizens.”

Learn more about AVM Cloud and its partnership with VMware here.

Cloud Management, IT Leadership

With massive global and geopolitical changes and significant increases in data privacy laws and regulations, the focus on data sovereignty and protecting consumer value has never been higher. Safeguarding highly sensitive, proprietary data and workloads have become a top priority to ensure their usage as a national asset and protection from foreign access. Because VMware has deep expertise in delivering solutions that are secure, cost-efficient, and future-proof, we provide a best-in-class solution – the sole, non-hyperscale, sovereign cloud solution that allows customers to maintain who can access data, whom has jurisdictional control over your data, where data is physically & geographically stored so that it is locally secured.  

So to start, let’s define what a sovereign cloud is. Sovereign cloud is a data protection methodology that:

Ensures that all data (including metadata) remains on sovereign soilPrevents foreign access to critical national, corporate and personal data, especially when resident outside of your sovereign country (known as jurisdictional control or data sovereignty)Keeps data access, control, and legal oversight secure

To provide a truly secure sovereign cloud, customers and organizations are looking for cloud provider partners who have all the tools in place to help them navigate and comply with regulations and are familiar with how to build sovereign clouds. Cloud providers are not only adept at understanding the laws of their own local jurisdiction, but they provide value-added services to consumers and are valuable business partners that help grow their local businesses and national economies. 

From the customer’s perspective, sovereign clouds ensure that their cloud is:

Compliant with national security standardsProtected against other jurisdictions’ authority over data stored beyond their national bordersRealized as a protected asset that provides value  

Secure and Trusted Sovereign Cloud from VMware

While data protection is a common goal for customers and cloud providers, there are numerous possible approaches. VMware has the only truly sovereign cloud solution available because of our vetted cloud partners and local operations backed by cloud choice, continuous compliance, and industry support. The VMware Sovereign Cloud Framework is based on a set of 20 Sovereign control guidelines that include: data sovereignty & jurisdictional controls, data independence & interoperability, data security & continuous compliance, and data access & integrity.

VMware Sovereign Cloud Partners are attested to be compliant with the highest level of certification in regional policies and governance. They are also certified in building world-class, enterprise-grade clouds with decades of experience in delivering secure, quality solutions. These sovereign cloud solutions are operated by a sovereign entity, block foreign authority, provide jurisdictional control, are operated by national staff, and are in compliance with local laws and security standards.

The result is a trusted data protection system in a locally-built, secure and attested platform that can be customized and maintained. The VMware solution is a best-in-class, enterprise-grade cloud that is built from trusted code to be compliant, portable, and interoperable. A sovereign cloud built with VMware products (Cloud Verified), the Sovereign Cloud Framework and attested partners provides the ultimate solution for Sovereign Cloud choice and control.  When a solution is built on a robust framework like VMware’s, it simply and seamlessly works across VMware-based multi-cloud platforms. This makes it easier to lift and shift from on-premises to cloud, allows for vendor flexibility with a comprehensive sovereign ecosystem of services, and allows for continuous modernization to provide a low(er) total cost of ownership and future-proof operations.

Sovereign clouds not only provide control and privacy for customers, but they can also benefit citizens and local economies in a number of ways. Let’s explore a few use cases. 

Innovation from Secure Data Sharing 

Many organizations have data they could be analyzed to gain new insights from…but they don’t due to fears of violating privacy regulations. With a sovereign cloud, an organization can collect data to share securely with vetted research firms who can then study the data to uncover new trends and info.  This trusted ecosystem can even be utilized by other trusted groups, such as sharing anonymized or encrypted data, without risking a privacy breach from foreign entities. 

A real-life example of realizing data comes from the UK’s National Health Service. Hospital researchers used sovereign cloud to securely analyze patient records of over 2.5 million people. Previously, that data had gone unused due to privacy concerns. However, with a new, secure way to utilize data, teams were able to collaborate and uncover new insights about COVID-19.1

Government-Backed Ecosystems 

Many governments, commonly working with highly sensitive or nationally protected data, are trying to create systems that make life easier for their citizens. One such way is by compelling data standardization and secure sharing. The UK government initiated ‘Open Banking’ in 2017 to increase competition in retail banking. Part of this package included the ability for consumers and small and medium-sized businesses to share their bank and credit card transaction data securely with trusted third parties in real-time to get personalized offers, streamlined lending, and cardless transactions.2

Collaboration between banks, third parties, and technical providers use a secure and regulated framework to protect sensitive data. An ecosystem of Sovereign Clouds could create similar types of sharing infrastructures that benefit citizens without the need to invest in new frameworks. 

Data Repatriation 

A recent study found that 81% of organizations are repatriating some or all their data from public clouds.3 Those repatriating in order to meet data sovereignty requirements provide a growth opportunity for local cloud providers. Companies moving out of public cloud need somewhere secure and local to store their data, and cloud providers are investing in local Sovereign data centers to assist them.

There’s also a need for additional employees skilled in compliance laws, frameworks, and controls. A recent survey found that 50% of respondents had skills gaps in their organizations around these functions.4 It’s an opportunity to train people for new, in-demand jobs. 

Small Business

For smaller businesses, complying with data sovereignty requirements can be daunting. They lack the personnel and resources to operate multiple data centers, and private cloud is too expensive (not to mention they still need compliance experts). Sovereign cloud providers can offer their expertise to multiple clients, creating economies of scale for smaller customers. For small organizations, sovereign cloud may be the best way to stay in business. 

While data privacy and sovereignty can be a tricky issue to navigate, a sovereign cloud can help you comply with regulations without adding IT burden, excessive cost, or risk of compliance fines. Engaging with a trusted VMware Sovereign Cloud provider with expertise in privacy, data security, and data mobility can help guide you toward a robust data protection plan.

Learn more about sovereign cloud or connect with a provider in your region.

Sources: 

Unified Networking, Sovereign Clouds: Elevating Data Integrity to New Heights, April 2022 UK Competition & Markets Authority, Update on Open Banking, November 2021 IDC, commissioned by VMware, Deploying the Right Data to the Right Cloud in Regulated Industries, June 2021 ISACA, Privacy in Practice 2022, March 2022 
Cloud Management, IT Leadership

Fundaments, A VMware Cloud Verified partner operating from seven data centers located throughout the Netherlands, and a team of more than 50 vetted and experienced experts – all of whom are Dutch nationals – is growing rapidly. With an expanding customer base that includes public and private-sector leaders, demand for the company’s solutions is being driven by enterprises that must monitor their data and ensure that it remains on Dutch soil at all times.

We recently connected with Larik-Jan Verschuren, chief technology officer at Fundaments, to learn more about the company’s recently announced honor of being the first to earn the VMware Sovereign Cloud distinction in the Netherlands, find out what’s driving the demand for sovereign approaches to data management, and get his thoughts on future demand.

“One of the unique things about Fundaments is that we offer a mission-critical, sovereign cloud and Infrastructure-as-a-Service for managed service providers and independent software companies as well as other private-sector businesses and government agencies,” says Verschuren. “Sovereignty means having true control from A to Z – from the physical hardware and services that are located here in the Netherlands, to the engineers operating workloads, and everything that is under their orchestration and management. At Fundaments, all data is stored in the Netherlands and we have a completely Dutch organization. Customers’ data is not exposed to any foreign input in any way.”

Verschuren notes that Fundaments, which operates a network of seven tier-3 datacenters across the nation, chose to achieve the VMware Sovereign Cloud distinction after seeing a significant increase in demand for data to be stored in the Netherlands. Just as importantly, these same enterprises had to be able to demonstrate certification and compliance with sovereignty requirements.

“Due to the increase in globalization and digitization more and more data is being used in the cloud, and more and more companies find it important to know that this data, their most important asset, is accessible and safe on a Dutch cloud platform,” adds Verschuren. “The introduction of the General Data Protection Regulation (GDPR) also prompted companies to think carefully about where their data is stored and the sovereignty issues that must be considered to be compliant.”

Verschuren also notes that compliance officers and chief information security officers are increasingly mindful of data integrity and demand the strongest levels of protection. Simultaneously, the pandemic accelerated digitization and contributed to the growing demand for innovation, analytics, and the capabilities the cloud delivers. Both factors directed organizations to Fundaments.

“By virtue of our VMware Sovereign Cloud status and the innovation and focus on compliance inherent in our work, Fundaments fulfills all of these needs,” he says. “Our customers know that their data sovereignty requirements will be met and that they are compliant with all relevant regulations here in the Netherlands – all on a platform that enables them to transform their businesses with the power of the cloud.”

Notably, Fundaments has worked extensively with VMware for years while serving its customers.

“We of course aren’t new at offering sovereign cloud services,” says Verschuren. “For two decades we’ve built our hosting operation around geographically dispersed, high security data centers in the Netherlands,” says Verschuren. “We wanted our cloud offerings to be a fully certified, all Dutch answer to the large hyperscalers, and we wanted them to be utterly stable, reliable, and scalable – qualities that differently reflect the VMware technologies we use in our platform and services.”

Verschuren believes that the demand for sovereign cloud services will only grow in light of geopolitical events and efforts to protect personal information. He also predicts that Fundaments’ ability to provide highly personalized service 24/7 will remain a significant differentiator for organizations that need to manage sensitive workloads that demand sovereignty.

“Our customers can consult with one of our engineers within minutes on any day and at any time,” he says. “With our focus on technology, processes, and people we are able to embrace and address the constantly evolving IT needs of our customers and our partners in an environment that is purpose-built to meet and exceed the most demanding sovereignty requirements.”

Learn more about Fundaments and its partnership with VMware, here.

Cloud Computing, IT Leadership

In a bid to help enterprises and institutions in the European Union navigate data privacy, residency, and other regulatory guidelines, Oracle plans to launch two sovereign cloud regions for the European Union this year.

Unlike a generic cloud region, a sovereign cloud region is designed to offer secure data access to both private and public entities while meeting the stringent regulatory guidelines of a particular region.

Oracle’s sovereign cloud, which is a subset of its Oracle Cloud Infrastructure (OCI) portfolio, will not move customer content from the regions the customers select for their workloads and will restrict operations and customer support responsibilities to EU residents, said Scott Twaddle, vice-president of OCI product at Oracle.

“These sovereign cloud regions are also designed to further enable customers to demonstrate alignment with relevant EU regulations and guidance,” Twaddle wrote in a blog post.

The sovereign cloud regions will be logically and physically separate from the existing public OCI Regions in the EU, Oracle said.

OCI currently operates six public OCI Regions located in the EU in Amsterdam, Frankfurt, Paris, Marseille, Milan, and Stockholm.

The company is planning to migrate customers using Oracle Fusion Cloud applications within the existing EU Restricted Access cloud service to the new OCI sovereign cloud regions.

Oracle, which has said that it will continue investing in its cloud business, has planned the first two sovereign regions in Germany and Spain for the EU with both being operational by the end of this year.

The company has other sovereign regions in the UK, US, and Australia along with separate cloud regions for the UK and US defense departments. Oracle, which also runs a classified US national security cloud region, competes with the likes of AWS, Azure, IBM, and VMware in the sovereign cloud space. Last month, the company announced that it was reducing the price of its OCI dedicated region in a bid to expand its customer base.

Cloud Management, Cloud Security, Government, Government IT, Managed Cloud Services