Amazon Web Services (AWS) is undercutting the competition by pledging to abide by global data storage legislation.
- Vonage Accepted into AWS ISV Accelerate Program
- Tech Data Launches AWS Programme for Resellers
- Zoom Joins AWS Marketplace in US
Countries from around the world have been increasingly cracking down on business data storage requirements, such as storing data abroad. Ultimately, cloud providers like AWS have been forced to get on board or face losing customers to local providers.
AWS is not the first cloud provider to bend its knee to international data laws. Microsoft and Google both offer data governance tools for their customers, but AWS has gone further, making digital sovereignty one of the core pillars of its cloud strategy. This could result in it stealing some big contracts away from competitors, as well as securing its own customer base.
Matt Garman, SVP, AWS Sales and Marketing at Amazon, said: “We’ve always believed that for the cloud to realize its full potential, it would be essential that customers have control over their data.
“Giving customers this sovereignty has been a priority for AWS since the very beginning when we were the only major cloud provider to allow customers to control the location and movement of their data.
“The importance of this foundation has only grown over the last 16 years as the cloud has become mainstream, and governments and standards bodies continue to develop security, data protection, and privacy regulations.
“Today, having control over digital assets, or digital sovereignty, is more important than ever.”
As digital sovereignty policies have been rapidly changing over the past 12 months in places like Europe, AWS says its customers are concerned that they will be forced to choose between AWS and a lesser sovereign cloud solution.
To allow its customers to continue using its services, AWS is expanding on its data protection features, contractual commitments, and accreditations to provide customers with control over their data without compromising on the overall quality of service.
The company has pledged investments in four key areas. First, it will expand on its existing services and features to provide greater data residency controls and transparency.
Second, it will continue building access restrictions that limit access to customer data unless requested by a customer or trusted partner. AWS has already delivered the AWS Nitro System to protect data from outside access and enforce restrictions to prevent anybody from accessing customer workloads.
Third, AWS commits to invest in additional controls for sovereignty and encryption features. Currently, its services already support encryption, with most including customer-managed keys that are not even accessible to AWS.
Finally, AWS will enable customers to partition applications over multiple AZs in the same AWS Region. It will also provide services that offer capabilities for offline data, remote computing and storage. The company claims already to have the highest network availability of any cloud provider.
Garman outlines its partners’ contributions to ensuring digital sovereignty: “Helping customers protect their data in a world with changing regulations, technology, and risks takes teamwork.
“We would never expect our customers to go it alone. Our trusted partners play a prominent role in bringing solutions to customers.
“For example, in Germany, T-Systems (part of Deutsche Telekom) offers Data Protection as a Managed Service on AWS.
“It provides guidance to ensure data residency controls are properly configured, offering services for the configuration and management of encryption keys and expertise to help guide their customers in addressing their digital sovereignty requirements in the AWS Cloud.
“We are doubling down with local partners that our customers trust to help address digital sovereignty requirements.”
Recently, Office 365 and Google Workspace were banned from French schools due to concerns about privacy rules, competition, and data sovereignty.
In July this year, Microsoft announced Microsoft Cloud for Sovereignty, which Corey Sanders, Corporate Vice President, Microsoft Cloud for Industry and Global Expansion Team, describes as “a new solution that will enable public sector customers to build and digitally transform workloads in the Microsoft Cloud while meeting their compliance, security and policy requirements”.
Last year, Google set out a similar goal of meeting EU data protection requirements by creating a “Sovereign Cloud” offering. According to Adaire Fox-Martin, Vice President, EMEA, Google Cloud, “Customers in other markets [as well as Germany] across Europe will be able to use these trusted partner offerings or use Google Cloud’s controls to exercise autonomous control over data access and use; exercise choice over the infrastructure that is used to process that data; and avoid cloud vendor lock-in.”
In October 2022, President Biden signed an executive order to add further safeguards, mandate handling requirements for personal information, require US Intelligence Community elements to update and review their policies and procedures, and more.
