Google Cloud recently released the Digital Sovereignty Explorer, a free online and interactive tool to determine a digital sovereignty strategy on the cloud using a multiple-choice format. The tool currently focuses on European organizations and deployments.
The Digital Sovereignty Explorer covers three distinct pillars: data sovereignty includes control over encryption and data access, operational sovereignty covers visibility and control over provider operations, and software sovereignty focuses on the ability to run and move cloud workloads across providers, avoiding vendor lock-in. Robert Sadowski, director at Google, explains why designing a digital sovereignty strategy is usually difficult:
Foundational concepts are not always well-understood, including regulatory requirements, legal safeguards, and risk management. Many organizations struggle to articulate specific requirements, particularly when it comes to how sovereign strategies enable digital transformation.
The new tool focuses on European organizations and drives the user through multiple interactive questions on each of the three domains before providing guidelines.
Source: https://cloudsovereignty.withgoogle.com/questions
According to the cloud provider, the tool provides key recommendations and tradeoffs in digital sovereignty, suggests available options, and allows developers and companies to make more informed choices during the deployment of cloud workloads. Sadowski suggests possible use cases:
A manufacturer could determine which safeguards they might employ to limit insider access to intellectual property. A government agency could learn about options for disconnected operations for cloud infrastructure processing their most sensitive data.
In a previous article about European data security and privacy requirements, Thomas Kurian, CEO of Google Cloud, highlighted the main requirements of a digital sovereignty solution:
In our engagement with European customers and policymakers (...) they describe several core requirements: control over all access to their data by the provider, including what type of personnel can access and from which region; inspectability of changes to cloud infrastructure and services that impact access to or the security of their data, ensuring the provider is unable to circumvent controls or move their data out of the region; and survivability of their workloads for an extended period of time.
The Digital Sovereignty Explorer is not the first Google project to address European requirements and concerns: under the "Cloud. On Europe’s Terms" initiative, the cloud provider introduced partnerships with local technology providers to build cloud offerings for private and public sector organizations. Other cloud providers claim digital-sovereignty solutions and goals too: AWS recently announced a Digital Sovereignty Pledge while Azure introduced Microsoft Cloud for Sovereignty, a solution for public sector customers to build cloud workloads meeting compliance, security, and policy requirements.
The Digital Sovereignty Explorer is available at no charge and does not require a Google Cloud account but a form has to be filled out to receive the final report. The tool is currently available in English, French, and German, with other languages expected to be supported in the next few weeks.