Data sovereignty is trendy, but what exactly does it mean? How sovereign are hyperscaler solutions, and how important is that really? The demand for control over one’s own data is high, but the supply remains fragmented, and a truly clear European answer is still awaited.
“Digital sovereignty has been on the agenda for more than a decade”, says Dirk Deridder, CTO at Smals. This IT organization serves government social security institutions and observes with above-average interest how providers handle data.
Sovereignty Washing
“Even then, cloud providers made promises”, he continues. “Were they not that strong after all? Because now everyone is suddenly adjusting with new solutions. In my opinion, a new trend is emerging: Sovereignty Washing.”
Deridder refers to greenwashing and suggests that the emphasis on data sovereignty in some new solutions is pushed forward more as a sales argument than as a genuine solution for data protection.
The rest of the participants at the round table on cloud, organized by ITdaily, chuckle at that suggestion. Deridder dissects the topic together with four other experts: Mario Casier, Business Unit Manager Cloud & Security at Copaco, Koen Claesen, Cybersecurity Advisor at SAP, Tobias Pauwels, Sales Director for Ctac, and Luc Costers, Country Lead Nutanix Belux and Eastern Europe for Nutanix.
High demand
The demand for data sovereignty is certainly no illusion. “Since January, when President Trump came to power in the US, we’ve been constantly receiving questions about it,” says Claesen. “The public sector is the most sensitive, but other clients also want to know exactly where their data is located and what risks are associated with it.”
How important absolute data sovereignty is depends heavily on the sector in which a company operates. “Sovereignty is viewed differently by everyone”, Claesen adds. “And the precise requirements vary by industry.”
Sovereignty is viewed differently by everyone.
Koen Claesen, Cybersecurity Advisor SAP
No EU Hyperscalers
Anyone who is very concerned about the location where data is stored certainly doesn’t have infinite options. When cloud is synonymous with the convenience offered by hyperscalers like AWS, Google, and Microsoft, there is no local competition. Deridder is blunt about it: “At the level of those parties, we have 0.0 competitors in Europe today. There are few strong alternatives to their offerings.”
Costers immediately thinks of the French OVHcloud. That provider comes close in terms of infrastructure, and that’s a rarity. “The EU is looking at OVHcloud, among others, as an alternative”, says Costers. “Since sovereign cloud has been discussed in Europe, their stock price has doubled.”
Deridder somewhat nuances the importance of a European hyperscaler. “The marketing of the big players makes you believe you can’t survive without them, but that is fundamentally untrue. I haven’t yet encountered an application that I can’t run in my own data center.”
He does admit that such a thing is often more complex and requires more effort, knowledge, and in-house staff. “Technology is increasingly viewed as a commodity”, Costers adds.
Absolute Sovereignty Does not Exist
Even when you run everything in your own data center, you are still dependent on external parties. For example, there is no major European hypervisor. “The discussion about sovereignty quickly becomes an emotional debate”, says Claesen. “In practice, you simply cannot go fully sovereign across the entire stack.”
Pauwels sees merit in a hybrid model. “The data structure itself can be hybrid”, he notes. “Today, anything is possible. For example, you can acquire an SAP ERP system, but store your data on a separate system. If you place your data everywhere, you do add more complexity. Then the question is how you deal with that. Too often, the move to the cloud is seen as a step towards greater simplicity, while potential complexity only then emerges.”
Today, anything is possible.
Tobias Pauwels, Sales Director Ctac
Therefore, according to Pauwels, it’s not a good idea to simply opt for maximum data sovereignty. “It is our role to engage in dialogue with the client and see where the real needs lie to achieve the best solution or combinations.”
Claesen confirms this: “SAP is a Swiss Army knife when it comes to cloud. We offer all forms, from private to public and everything in between, and also sovereign. If you opt for a more complex solution, it goes without saying that the pace of innovation will necessarily be somewhat slower.”
Gaia-what?
When we ask what exactly Gaia-X is in the context of data sovereignty and the European cloud, the table laughs again. Claesen takes up the gauntlet and cautiously ventures a definition. “Correct me if you see it differently, but in my opinion, Gaia-X is a kind of ecosystem based on certain principles. It tries to enable cooperation between different entities.”
Deridder adds: “It is a long-term EU initiative for a European cloud, but focused on cooperation, which is precisely not simple.” “Meanwhile, non-EU players are also in the ecosystem”, Claesen further notes. “So that’s a bit of a strange story, but SAP is certainly a founding member.”
None of those present seem to think that Gaia-X will offer a solution to local cloud needs in the short term. Casier has his doubts about the whole approach. “Macro-level cooperation is not currently on the agenda. The EU cannot be a pioneer in this. It is more interesting to first develop agreements and collaborations at the micro-level, and we are already doing that today.”
It is more interesting to first develop agreements and collaborations at the micro-level.
Mario Casier, Business Unit Manager Cloud & Security Copaco
“For every MSP, for example, we offer a personalized and tailor-made story based on the needs”, he illustrates. “This can involve outsourcing data center services to our VMware cloud, whether or not in combination with Azure or Modern Work projects via Copaco Professional Services.”
Micro-level Cooperation
“The political stance is what it is”, he continues. “But that doesn’t mean there are no possibilities for businesses. You can perfectly combine complexity and the need for sovereignty into a working whole through collaborations at a lower level.”
He refers to Copaco’s role. “We can take on that complexity because we have the knowledge. This way, we can offer a mix of what is needed, tailored to the client.”
Deridder also sees merit in a different approach. “You have to look at the reasons for sovereignty”, he believes. “We are part of a global economy. Going completely local is not possible. In fact, there are no major problems with collaborations with American hyperscalers, as long as we can make good agreements and create a legal framework.”
Who’s in Charge?
“Sovereignty is about whether you are in charge of your IT in its entirety”, he continues. “In practice, the issue revolves around legal and judicial aspects, control mechanisms, and contracts.”
According to Deridder, it is smarter to work on the future instead of trying to rework the past with an EU sticker on it. The consensus around the table is certainly that not every company should suddenly opt for maximum sovereignty. In practice, many levels of data protection are available, with a multitude of guarantees. How far you should go in this differs for each organization.
This is the third article in a series of three following our round table discussion on cloud computing. Click here to visit the theme page with the other articles, the video and our partners.