Microsoft attempts to woo governments with Cloud for Sovereignty preview
Sovereignty = you’ll run on Azure and you’ll be told when our engineers access your resources
Microsoft has taken another step to address regulatory worries regarding its cloud ecosystem with a public preview of the Microsoft Cloud for Sovereignty.
Governments and the cloud have long been uneasy bedfellows. While lawmakers might have envied their commercial cousins heading cloudwards, a similar digital transformation in the public sector can be fraught with specific national and regional requirements and compliance regulations.
Microsoft reckons that its cloud already meets most government needs, with the extra capabilities provided with the Microsoft Cloud for Sovereignty "designed specifically for countries with jurisdictional requirements around sensitive data," according to the company.
Steinar Sonsteby, CEO at Atea, among the largest resellers in Europe, said Microsoft will still host the services but with a "technical mechanism to lock the data, so no one else than the customer can actually unlock it."
Of data sovereignty he added: "There are there are technical reasons, there are legal reasons, there are financial reasons." He said the "project" with Microsoft was two years in the making, and understandably reckons "customers need to worry about their data…. We have to protect it."
With the release of the preview, Microsoft is shipping the Sovereign Landing Zone (SLZ) – a variant of the enterprise-scale Azure Landing Zone and built from Infrastructure-as-Code and Policy-as-Code.
Interestingly, the deployment technology selected for the SLZ is Bicep rather than Terraform. Microsoft did not elaborate on why it chose the former, although since Bicep is very much geared towards Azure, it's not too surprising.
Microsoft has also unveiled Transparency Logs, where sovereignty customers are given visibility into occasions where Microsoft engineers accessed their resources. A handy tool, for sure, and we're not sure why this could not be extended to all customers – Customer Lockbox, for example, is a paid service. Microsoft said: "These transparency logs give sovereign customers visibility above and beyond what the Azure commercial cloud currently provides."
- Microsoft kills classic Azure DaaS, because it isn't really Azure
- UK IaaS market: Deeper probe by competition regulator lands soon
- Uncle Sam mulls spying on clouds being used to train AI
- Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
This sounds very much like an acknowledgment that stashing one's data in the Cloud for Sovereignty will not exempt it from prying eyes, although Microsoft insisted: "The access is typically required in response to customer support requests. In such situations, Microsoft engineers can be granted temporary access with valid business justification."
We're not sure privacy activists would regard storing data in places where Microsoft engineers can access it is in the spirit of sovereignty.
For its part, Microsoft said: "We understand that sovereignty can mean different things for different scenarios, and as we work with customers and partners around the world the common thread is a need to determine for themselves where their data resides and how it's protected, including who has access to that data."
In 2022, Frank Karlitschek, CEO of NextCloud, criticized Microsoft for misusing the term "sovereignty."
He told The Register: "Digital sovereignty means that people or organizations are in full control of their data, applications, privacy, and digital life."
Karlitschek noted that requirements for sovereignty included being able to run the cloud infrastructure where and how a customer wanted, and that the code needed to be fully auditable.
While Microsoft will point to the multiple regions available to customers, it is still Azure running behind the scenes on the company's own servers, and governments heading its way run the risk of being locked into the company's ecosystem. ®