Sovereign clouds, designed to keep a nation’s data firmly within its borders, are upending traditional approaches to cloud computing for global enterprises operating in the Asia-Pacific.
From Sydney to Seoul to New Delhi, a new type of cloud is casting a long shadow over technology strategies.
Sovereign clouds, designed to keep a nation’s data firmly within its borders, are upending traditional approaches to cloud computing for global enterprises operating in the Asia-Pacific (APAC).
Although it’s still in the early days, IDC’s survey shows that 19% of APEJ (Asia Pacific except Japan) organizations expect to increase their spending on sovereign cloud this year. According to Capgemini’s research, in Australia alone, 64% of organizations are actively investigating a sovereign cloud strategy, compared to 52% globally.
The concept of sovereign cloud is not unique to Asia. However, the region’s unique geopolitical climate presents specific challenges that compel global companies to reevaluate everything from their cloud vendors to compliance strategies. It’s crucial not just to adhere to current laws but also to prepare for a future where data sovereignty could become critical for businesses in the region.
Behind the Asian sovereign cloud boom
The motivations are “complex,” according to Louise Francis, country manager for New Zealand at IDC.
“In APAC, most significant drivers are growing geopolitical disruptions, the rapidly expanding footprint of cyber threats to national infrastructure and digital assets, changes in the regulatory landscape around data protection, and changes in digital trade partners’ regulations,” Francis said.
Microsoft sees governments as key drivers of this trend. In a blog post, the company said that governments want the power and scalability of the public cloud but with the control and transparency that sovereignty models promise.
“Governments are obligated to meet specific requirements for varying data classifications including data governance, security controls, the privacy of citizens, data residency, sovereign protections, and compliant operations following legal regulations like the GDPR [in the case of Europe],” Microsoft said.
Who’s going sovereign first?
Don’t expect every industry to take the leap at once. Heavily regulated sectors like government, healthcare, and utilities are the early adopters. Data residency laws and a desire to future-proof their operations in an uncertain regulatory landscape are pushing them towards sovereign solutions.
“The strongest interest we are seeing are in highly regulated sectors, particularly the public sector but also the adjacent industries that are impacted by sovereignty style policies, such as utilities and healthcare who are seeking to become future-ready for anticipated changes to regulations and government policies, such as data residency requirements,” Francis said.
About 48% of public sector organizations in APAC are planning to include cloud sovereignty as part of their cloud strategy in the next 12 months, said Edouard Laroche-Joubert, APAC head of Cloud Centre of Excellence at Capgemini. The move towards cloud sovereignty is driven by the need to secure sensitive data, comply with regulations, and protect organizations against cyber threats.
“Potential use cases in the public sector include smart cities services which connect data infrastructure in areas such as mobility, health, administration, energy, and education,” Laroche-Joubert said. “In addition, chatbots can be used to provide citizens with 24/7 digital assistance for digital public administration.”
Security, compliance, and the cloud giants
In light of global policymaking trends, companies are compelled to adapt. Major enterprise tech firms, such as cloud service providers like Microsoft and database solution companies like Oracle, are adjusting to their substantial presence in the APAC region by ensuring they meet regional data sovereignty requirements.
Oracle touts its distributed cloud model, allowing companies to determine where data and services reside.
“To help ease this burden for our customers, Oracle Cloud Infrastructure’s (OCI) distributed cloud solutions give them the flexibility to choose where and how cloud services – or even entire cloud regions – are delivered to help meet digital sovereignty and other business needs,” said Karan Batta, senior VP of Oracle Cloud Infrastructure. “What’s more, our distributed cloud offerings are all built on the same foundation, meaning customers have access to the same services, pricing, performance, and SLAs, regardless of where they are in the world.”
Microsoft Cloud for Sovereignty takes a slightly different tack. It’s hyper-focused on giving governments granular policy controls, offers more than 60 cloud regions, sovereign controls to protect and encrypt sensitive data, and sovereignty-focused Azure policy initiatives to address the complexity of compliance with national and regional regulatory requirements.
“When we talk with government customers, we hear common questions in terms of achieving data sovereignty in the cloud. These often include questions around (1) residency, security, and compliance of the hyperscale cloud; (2) controls for data access; and (3) the complexity of addressing regulations that vary by country,” Microsoft said in one of its blog posts.
The road to sovereign success for enterprises
Enterprise tech companies confront considerable obstacles and concerns as they transition to sovereign clouds. Francis pointed out that the main problem was the prevailing uncertainty about whether these clouds would remedy current issues or engender unforeseen complications.
Additionally, concerns center on the substantial costs associated with implementation and the acute shortage of skilled professionals.
Moreover, integration presents a formidable challenge. According to a survey by IDC, 40% of participants expressed significant worries about the steep initial expenses and the lack of available expertise, both internally and externally, required to merge sovereign clouds with pre-existing hybrid and multi-cloud setups—endeavors that have already demanded extensive investment and time.
There is also apprehension that the widespread adoption of sovereign clouds could suppress innovation.
“Interestingly, there is also a big pushback happening from digital innovation teams and line of business over fears of the reduced speed of innovation, with 36% saying seeing sovereign cloud as potentially putting a handbrake on innovation,” Francis said. “With cross-industry and border data flows seen as critical to accelerating innovation, it is unsurprising to see this stat rising to the top.”
Picking the right cloud horse
How do you know who to work with? Analysts suggest that the most reliable partners are “sovereign cloud providers who have established use cases specific to the local environment.” This approach ensures that the chosen providers are well-versed in addressing the unique needs and challenges pertinent to the area.
“Follow the leading and transparent adopters, particularly in government,” Francis said. “The reason for this is the largest and earliest projects are happening there with some genuinely innovative or ‘hybrid’ approaches to the sovereign cloud. Let them do the heavy lifting and show the path organizations in those countries will follow, balancing the best innovation qualities of sovereign cloud, with appropriate guardrails that overcome perceived concerns associated with the technology.”
Of course, companies vary in their approach and offerings. Oracle’s pitch, for instance, stresses consistency. Unified platforms and global pricing aim to take some of the guesswork out of managing clouds across diverse APAC markets.
“We’ve built our dedicated cloud offerings in such a way that we don’t need to make different versions for different regions but can instead offer the same platform, pricing, and experience across all regions,” Batta said.
Microsoft Cloud for Sovereignty doubles down on “governance, security, transparency, and sovereign technology — combined with strategic partners.” Oracle Alloy adds another twist, letting cloud partners build localized sovereign solutions – a sign that the market is maturing rapidly.
Francis added that enterprises can learn from the public sector, where many early sovereign cloud projects are taking shape. Companies like Oracle and Microsoft are offering guidance and tools to streamline the process, but the reality of increased complexity remains.
What does the future hold?
Fast growth and then a shakedown, is what experts expect of the sovereign cloud landscape. As with other technologies, once the sovereign cloud has moved beyond the hype and become a viable solution for customers, the ecosystem will mushroom out very quickly.
“But eventually, this ecosystem, as we have seen will all new tech, will be whittled down through consolidation, acquisitions, and weeding out the weaker offerings,” Francis said. “The key is to build partnerships with those with a solution and partner network that will stay the distance and provide robust future-proof solutions.”
For enterprises, the long-term challenge lies in selecting cloud partners with both a strong sovereignty track record and the flexibility to adapt as regulations inevitably evolve. The days of a one-size-fits-all cloud are fading fast in APAC.
Need for reassessment of cloud strategies
In short, sovereign clouds aren’t just a compliance headache. They necessitate a fundamental reassessment of cloud strategies by global enterprises in the Asia-Pacific region.
As geopolitical factors shape cloud technology adoption, organizations must meticulously select providers that offer robust solutions tailored to local requirements. Enterprises must balance innovation with the complexities of regulatory compliance and data sovereignty as they navigate this shifting landscape. Successfully integrating sovereign clouds requires strategic foresight and adaptability to thrive in the dynamic and challenging future of cloud computing.