Since 2005, cloud technology hasn't just grown; it's revolutionized how we handle data. I personally felt the impact of the cloud a decade later, in 2015. But let’s go back in time.

In the early 2000s, cloud technology was in its nascent stages, primarily used by tech giants and early adopters. Its evolution over the next decade laid the groundwork for the explosion in cloud services we see today. The three hyperscalers - AWS, Azure, and GCP - have become increasingly prominent, consistently rolling out features focusing on Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS). IaaS offers a virtual datacenter, while PaaS provides developers with tools to expedite software development.

The dual rise

On May 25th, 2018, Europe’s GDPR came into effect, ensuring world-class privacy for the personal data of European citizens and organizations. It was a wake-up call to any organization consuming our personal data. GDPR wasn't just a regulation; it was a significant shift. Concepts like ‘the right to be forgotten’ and ‘requesting personal data in an open format’ compelled a reevaluation of data collection, processing, and storage. As a product owner at the time, I recall the intense discussions and strategy shifts it prompted in our software development approach.

As the years have passed since 2018, Europe has not backed down on legislation when it comes to information protection. Europe produces more and more directives, like NIS2 and DORA, to ensure data protection. This impacts the hyperscalers as the top 3 are US-based, processing European data.

So, we are witnessing a dual rise: the increase in cloud adoption by European companies and the growth in European legislation to counter unlawful data access and processing. This tension field deeply impacts cloud technology.

Enter sovereign cloud

Although there’s no formal definition of a sovereign cloud, the objective is to provide cloud services (both IaaS and PaaS) in such a way that sensitive data remains protected from unlawful data extraction and processing.

There are various levels of sovereignty and various dimensions of sovereignty. Each resolves a specific need. This means there is no ‘the sovereign cloud’, as if there’s only one implementation. In a later article, I’ll come back to the various levels and dimensions of a sovereign cloud.

Europe’s growing legislative pressure forced the hyperscalers to adapt their offering and incorporate new technology like confidential computing to encrypt data in memory. A few examples:

• Microsoft Azure is working on MCfS (Microsoft Cloud for Sovereignty)

• Google has their GDCH (Google Disconnected Cloud Hosted) offering

• Amazon Web Services has their Nitro portfolio

Conclusion: Redefining Cloud Computing

Europe’s legislative push on data protection is redefining cloud computing for the European market. The hyperscalers are now providing controls to protect against unlawful data extraction and processing. This marks the rise of the ‘sovereign cloud’, a concept that isn't just a trend; it's a cornerstone in the new era of digital sovereignty and data protection. It's a space that's constantly evolving and one that I'll be observing and discussing in future articles.

How do you see the future of cloud technology evolving in light of these legislative changes? Share your thoughts in the comments below.

Jetro WILS is the founder of BlueDragon Security, where he helps organizations operate safely in this cloud era by strengthening their digital security and compliance.

Disclaimer: This article is written in a personal capacity, and the views expressed are solely mine. They do not represent the positions, strategies, or opinions of my clients, who bear no responsibility for this content.