Sovereign clouds are architected and built to deliver security and data access that meets strict requirements of regulated industries and local jurisdiction laws on data privacy, access and control. They protect and unlock the value of critical data for both private and public sector organizations.

Data residency refers to the physical and geographic location where customer data is stored and processed. This may be dictated by policy, tax or performance reasons.

Data sovereignty refers to data being subject to privacy laws and governance structures within the nation where that data is collected.

Generally, commercial public clouds provide data residency by building out regions in specific countries. While customer data may be resident locally, account information and metadata may not be. Resident data may be subject to compelled access by a foreign authority.

Sovereign clouds ensure data sovereignty in two ways:

1. Data is subject to the jurisdictional control and authority of the nation or pan-national entity (such as the EU) where that data was collected, and other jurisdictions are unable to assert authority over the data.

2. All data (e.g., customer data, metadata, etc.) is resident or controlled within that jurisdiction.

Some may think sovereign clouds are synonymous with “GovClouds” that target the public sector, but the concept of sovereign cloud is broader and applies equally to industry vertical or private sector services.