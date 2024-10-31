Building on our longtime work with clients in regulated industries and the continued growth of our enterprise cloud for highly regulated industries, we recognize the growing needs around sovereign cloud—and have been working with partners and clients to support requirements in regions such as the EU, Saudi Arabia, India, Abu Dhabi (link resides outside ibm.com) and Africa for years. For example, we are working with Bharti Airtel, a major telecom provider, to offer edge cloud services to organizations in India, helping companies looking to leverage edge services and keep their data in-country by meeting the Ministry of Electronics and IT empanelment requirements.

As regulations evolve, we are committed to helping enterprise clients navigate their unique country requirements.

1. Data sovereignty: The importance of privacy and residency

As clients address data residency requirements, we are helping them as they manage customer data in region and specific geographies, and in the location of their choice. We provide clients with the flexibility of choosing the country or regions where they want to build and host their workloads and continue to expand our global data center footprint with new locations, for example, our new Multizone Region (MZR) in Madrid, Spain.

We are also committed to helping clients meet their data privacy requirements and offer innovative confidential computing, encryption capabilities and key management controls. For example, IBM Cloud Hyper Protect Crypto Services offers “Keep Your Own Key” encryption capabilities, designed to allow clients to have exclusive key control and helping them to address their privacy needs, including meeting their requirements such as GDPR in the EU. Additionally, IBM Cloud clients can utilize the advanced confidential computing data security capabilities to protect data even while in use—leveraging virtual servers built on Intel SGX, as well as confidential computing environments provided by IBM Hyper Protect Virtual Servers built on IBM LinuxONE. This allows them to protect what matters most and to host workloads in a secure environment.

The IBM Cloud Data Security Broker solution is data privacy focused and has field level encryption, tokenization and anonymization at a granular level such as PII data in databases to help shield sensitive data from cloud administration and is designed to help clients with their data privacy needs. With these capabilities, we aim to enable clients to control who has access to their data while still leveraging the benefits of the cloud. IBM Cloud’s enhanced data protection capabilities aim to help strengthen clients’ sovereign posture in the public cloud.

2. Operational sovereignty: A focus on resilience and operational controls

At IBM, operational sovereignty is critical to everything we do and we believe it is key to allow clients to have resilience and transparency at all times. For example, the Madrid MZR is designed to deliver European and region resiliency between our Frankfurt MZR and Madrid MZR, and vice versa. For clients using IBM Cloud, any client data provided is stored and processed locally in the selected region—such as our EU-based MZRs in Frankfurt and in Madrid. With the IBM Cloud Security and Compliance Center, clients can gain operational insights about their security and compliance posture. This includes monitoring of how the deployed workloads and data configurations meet their enterprise security policies, detect any drifts in this configuration posture, as well as workload protection and detection of their deployments—available across cloud native workloads, VMs, containers and cloud services. This includes the recently introduced IBM Cloud Security and Compliance Workload Protection capabilities to help clients protect workloads and assess vulnerabilities via quick identification and remediation. We also offer an EU support model that is designed to provide an extra layer of protection for our clients deploying their workloads in Europe.

Finally, our distributed cloud capabilities are designed to focus on running cloud services and applications where data resides—whether it is an on-premise data center or edge location so that not only data, but also compute can be in customer-controlled locations.

3. Digital sovereignty: Addressing regulatory requirements and certifications

We are also working to help clients meet their geographical specific compliance as sovereignty requirements evolve. For example, last year our cloud services in both our MZRs in Frankfurt and Madrid received Spain’s National Security Framework (ENS) High certification. Similarly, in Germany, our C5 attestation can be used by clients and their compliance advisors to help them understand security controls implemented by IBM Cloud, designed to help them meet their C5 requirements as they move their workloads to the cloud. In Australia, we have completed the IRAP assessment across a number of key services, as well as being ISMAP Certified in Japan.

Additionally, the IBM Cloud Security and Compliance center includes pre-defined geospecific profiles of controls, based on industry standards, providing clients with the capability for automated monitoring of compliance and security to help them get a unified view of their posture related to different domains of sovereignty such as data privacy, data residency and resiliency. Late last year, we released multiple profiles supporting regional standards, such as ENS High (Spain), BSI C5 (Germany), ISMAP (Japan), industry specific profile like PCI DSS v4 and AI Infrastructure Guardrails.