Digital sovereignty guarantees data security in the public cloud

Main visual

When companies consider migrating to the public cloud, they are sometimes held back by security risks and compliance and governance constraints. Thus the interest in digital sovereignty, Gwénaëlle Hervé, Public & Sovereign Cloud Lead at Proximus NXT, explains.

Security and compliance have, for large companies, become strategic priorities for senior management, business and IT alike. Cyber-attacks of all kinds are on the increase, while European and national authorities are introducing rules and regulations to govern the processing of sensitive data.

"With the emergence of the public cloud, organizations are realizing how fragile data protection is when it's managed by cloud providers that don't fall under European jurisdictions”, Gwénaëlle Hervé, Public & Sovereign Cloud Lead at Proximus NXT, says. That explains the emergence of the concept of digital sovereignty.

Schermafbeelding 2024 09 12 om 14 53 59

“The sovereign cloud offers a competitive advantage because it enables you to benefit from all the innovative advantages of the public cloud, including for sensitive data."
Gwénaëlle Hervé, Public & Sovereign Cloud Lead at Proximus NXT.

Three pillars

"Digital sovereignty, also known as cyber-sovereignty, is the application of the principles of sovereignty to information and communication technologies", Gwénaëlle continues.

In practice, digital sovereignty rests on three pillars:
1. Firstly, data sovereignty where customers decide who can access their data and who controls the encryption keys. The data is subject to the rules of its home jurisdiction, while the encryption solution prevents the cloud provider from accessing the data.

2. Secondly, operational sovereignty where the customer has transparency and control over the cloud provider's operations, knowing that the data is managed locally by local teams.

3. Last but not least, technological sovereignty which allows the solution to be disconnected from the cloud provider and the internet network.

Europe’s reaction

"Digital sovereignty is important given that the major cloud providers are all from the US and the US Cloud Act of 2018 allows US intelligence services to access any customer's data by court order. Fortunately, Europe has responded with various data protection shields, such as Schrems II or GDPR, thereby demonstrating the real value of European data and allowing European organizations to protect themselves," Gwénaëlle explains.

What's more, the NIS2 (Network and Information Security) directive, which will come into force in Belgium this year, further strengthens the cybersecurity of companies, which are also required to carry out regular audits and report security incidents promptly.

Other regulations and legislation are also being put in place or proposed, notably concerning digital markets and services and artificial intelligence.

Why do businesses need sovereign clouds?

"Many companies may perceive the current regulatory framework as being restrictive, wondering how to maintain the pace of innovation while meeting security and compliance imperatives. However, the sovereign cloud allows data to be managed and secured by European entities, which guarantees that data will not leave European soil. Secondly, the sovereign cloud is designed in compliance with European directives and that guarantees data governance. Finally, the sovereign cloud offers a strategic competitive advantage, as it enables us to benefit from all the innovative advantages of the public cloud, including for sensitive data", Gwénaëlle insists.

There are three steps to setting up a sovereign cloud:

1. Correctly classifying data sensitivity and the definition of sovereignty requirements according to the type of sovereignty chosen.
2. Selecting the appropriate sovereign cloud solution according to the level of sensitivity, and implementing pilot projects to ensure that the chosen solution delivers the expected results.
3. Making the sovereign cloud operational.

"But only sensitive data requires the use of a sovereign cloud. In fact, non-sensitive data can perfectly well remain in a 'classic' cloud", Gwénaëlle points out.

Gwenaëlle NXT 1000x60015

Proximus NXT as a trusted partner

As ICT partner to major corporations, Proximus NXT is positioning itself as a sovereign cloud pioneer, offering customers various options.

As part of the Microsoft Encrypted Public Cloud solution, Proximus NXT is first in the Benelux with commercially launching the MCfS (Microsoft Cloud for Sovereignty), which has been publicly available since December 2023. Proximus is also the first in Europe to make a ʽdisconnected‛ sovereign cloud available with Clarence since October 2023.

"Only sensitive data require the use of a sovereign cloud."

Gwénaëlle Hervé, Public & Sovereign Cloud Lead at Proximus NXT.

*

More specifically, data is stored in Microsoft's confidential cloud, but with strong encryption at all stages of the data journey (including ‘in use’). Data sovereignty is guaranteed through the use of an encryption key management solution, for which we have chosen to work with our partner Thalès, and the attestation solution from our partner Intel. In October 2023, Proximus and LuxConnect launched a joint venture called ‘Clarence’’, which stands for ‘Clarity’ and ‘Transparency’, and will be the first in Europe to market a disconnected sovereign cloud based on the Google Distributed Cloud Hosted (GDCH) offering.

"Our aim is to enable European organizations to continue innovating in accordance with the highest ethical standards in terms of data protection, confidentiality and regulatory compliance", Gwénaëlle adds.

The sovereign cloud is a fundamental tool

"When talking to our customers, we often see two 'recurring' challenges", Gwénaëlle notes. On the one hand, there is a genuine intent to comply with the principles of digital sovereignty.

It's true that there is a growing awareness of the need to protect European data, but the application of these principles of sovereignty must not prevent innovation. In fact, hyperscalers' solutions for protecting data while innovating, such as Google Distributed Cloud Hosted or Microsoft Cloud for Sovereignty, are still relatively recent and still very unknown in the market. The role now of European ICT !ntegrators, in collaboration with technology providers, is therefore to evangelize on available options to companies wishing to operate responsibly and to reassure."

The second challenge is about classifying data correctly. "Which data is sensitive and which is not? What applications should be hosted in a sovereign cloud? Unfortunately, there is currently no European or national regulatory scheme that can help companies classify data and determine the appropriate sovereignty level. ICT partners take on the role of advisors, helping customers to find answers to these essential questions here too", Gwénaëlle concludes.

Proximus NXT drives new sovereignty innovation in the cloud by partnering up with Microsoft, Thales and Intel.

Latest insights & stories

Schermafbeelding 2024 10 03 om 13 50 32

CLEAN POWER FOR TRANSPORT

To fulfil climate targets, we need to make mobility greener. In doing so, we need to focus not only on making current mobility solutions greener, but also on shifting to more environmentally friendly forms of transport. Thus, the Clean Power for Transport action plan focuses on greening the vehicle fleet across all segments and rolling out the necessary infrastructure. For this, the Department of Mobility and Public Works also works together with foreign partners where possible for knowledge exchange and cross-border solutions.

Schermafbeelding 2024 09 26 om 13 59 47
Smart Mobility & Logistics

MOBILITY AS A SERVICE

To promote sustainable combimobility, we are working on Mobility as a Service (MaaS) in Flanders. MaaS gives users access to multimodal transport solutions with greater user-friendliness, putting the end user at the centre. But organising mobility is a complex task. Users want control and reliability, but also freedom and flexibility. For this, we need reliable apps and agreements with providers and all MaaS actors. A full-fledged MaaS ecosystem, as it were. We are on the lookout for international knowledge sharing and cooperation to ensure combimobility reaches far beyond our own borders.

Vandersanden 6
Smart Buildings & Infrastructure

Vandersanden's new Pirrouet® factory extracts up to 2280 tons of CO₂ annually

Vandersanden, Europe's largest family-owned brick manufacturing company, has officially opened the first Pirrouet® factory in Lanklaar. It involves an investment of 32.5 million euros. The plant produces 20 million CO₂-negative Pirrouet® facing bricks annually when at maximum capacity. One ton of these bricks absorbs 60 kg of CO₂ during curing, and the entire production process is powered by green energy from the factory’s solar panels and wind turbine. “With the plant, we are making a significant contribution to CO₂ reduction and reinforcing our ambition to operate completely CO₂ neutral by 2050,” said Johan Deburchgrave, CEO of Vandersanden.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Drag
0%