AWS has followed Azure and Oracle Cloud in promising a “European Sovereign Cloud” starting with infrastructure based in Germany that will be “separate and independent from our existing AWS Regions” but has notably declined to give a date on when this will become available.
Despite quoting no fewer than 21 partners and regulators as welcoming the announcement, AWS offered few details in a lengthy press release beyond that the AWS European Sovereign Cloud will be physically and logically separate from existing AWS Regions and will allow customers who need this offering “to keep all metadata they create (such as the roles, permissions, resource labels, and configurations they use to run AWS) in the EU, and will feature its own billing and usage metering systems.”
The announcement puts it significantly behind rivals like Oracle Cloud Infrastructure, which in June 2023 took a European “sovereign” cloud region live, with data centres in Frankfurt and Madrid that are owned and operated by EU legal entities and operations support restricted to EU-based personnel. Oracle also promises “no backbone network connection to Oracle's other cloud regions” for its sovereign cloud.
Azure meanwhile began a private preview of a European sovereign cloud offering in June 2022. It is not yet widely available but Azure has said its Microsoft Cloud for Sovereignty will also expand its Microsoft Government Security Program (GSP) “to critical elements of our cloud offering, starting with key Azure infrastructure components" and offered more details.
Customers, like GSP participants, will get controlled access to Azure source code and Microsoft Cloud for Sovereignty will also “enable audit rights to examine Azure’s compliance processes and evidence under non-disclosure agreements and available audit terms” Microsoft said in 2022.
AWS did however quote Claudia Plattner, president, German Federal Office for Information Security (BSI) as approvingly noting that “The C5 (Cloud Computing Compliance Criteria Catalogue), which was developed by the BSI, has significantly shaped cybersecurity cloud standards, and AWS was, in fact, the first cloud service provider to receive the BSI’s C5 testate."
“All AZs in the AWS European Sovereign Cloud will be interconnected with fully redundant, dedicated metro fiber, providing high-throughput, low-latency networking between AZs. All traffic between AZs will be encrypted” said AWS in an October 25 press release. (Dear Reader: This is already the case for non-sovereign vanilla AWS too...)
The Stack will share more meaningful details when we have them.