Oracle Sovereign Cloud: Is it the answer to your privacy concerns?

When we think about the cloud, we usually associate it with the ability to access our data from anywhere – it seems to encompass us and is always easily reachable. However, this is something of an illusion. In reality, this information doesn’t “live” in clouds – every byte of data has to exist on a physical server somewhere. We may never see or touch that machine, but we know it’s there, and our apps or websites won’t work without it.

For many companies, this weirdly disconnected nature of the cloud meant potential issues. That’s when someone came up with the idea of digital sovereignty – and a while back, Oracle brought it fully into life with its new sovereign cloud services.

What is digital sovereignty?

Digital sovereignty refers to a nation’s or entity’s control over its digital assets, data, and technology – to create, access, and govern digital information and infrastructure without undue external influence. Local regulations might require data to remain in an area within a certain jurisdiction and be operated only by personnel from within this area. In some cases, digital sovereignty rules might be more specific and complex, requiring comprehensive data protection or the use of separated clouds, disconnected operations, etc.

Let’s imagine that you’re running a business in one of the European Union countries. You don’t want your data (including the personal data of your customers) to leave the EU – not only because of European regulations but also your company’s security policies. The ideal situation would be that the servers with your data are located in the EU, they are maintained by EU citizens employed in a company registered in EU, and everything works according to the European regulations (both the present ones and those that will probably soon come into life). That’s exactly what the sovereign cloud promises.

How can the Oracle Sovereign Cloud help you?

The Oracle sovereign cloud is a service – or rather a group or services because there are several different options – that allows companies to access the power of the cloud while meeting regulatory, compliance and legal requirements specific to their region or field of work. It offers the following capabilities:

• Control over data infrastructure and localization (for example, the servers the data is stored on can be in the same country/area the company operates in)
• Control over data access and information flows
• Local operations and support (you can be sure data will only be accessed by local personnel and not outsourced outside the country)
• Servers configured appropriately to specific demands (network isolation, encryption, and so on)
• A dedicated team making sure that the servers are maintained according to local regulations

Specifics depend on the service – Oracle provides several sovereign cloud options (as shown in the image below), each designed for slightly different purposes.

Image source: Oracle

What are the sovereign cloud’s use cases?

Here are some use cases for the sovereign cloud:

• Companies that need to handle sensitive data with the utmost care – Industries such as banking and healthcare can’t operate without constantly moving very private and sensitive information and need to adhere to very strict regulations specific to their field. Sovereign cloud helps address such compliance requirements
• Organizations with global reach – When you operate in one country, meeting local compliance laws is relatively easy, but it gets more complicated with each new international branch. The sovereign cloud service can be a huge help here, handling some of these issues for you
• Government and public sector entities – A sovereign cloud can help adhere to local digital sovereignty compliance frameworks and meet strict requirements enforced on government and public sector organizations (e.g., US FedRAMP, Canadian Protected B).

What is our experience with the Oracle Sovereign Cloud?

But let’s get down to specifics, taking our case as an example. We needed the sovereign cloud for our MonkeyJar product, a sales commission platform based on Oracle APEX. The service that interested us was the EU Sovereign Cloud, which currently offers servers in Frankfurt (Germany) and Madrid (Spain). We’ve chosen the former.

The main idea here was that we want to provide services for companies from the EU financial sector – banks, insurance businesses, etc. – that must adhere to local laws and compliance regulations such as GDPR. This meant that the data MonkeyJar handles could not be transferred outside the EU – our cloud server had to be housed somewhere on the continent. Moreover, it also meant the cloud’s support couldn’t be outsourced to a country outside the EU (because support often also needs to access data to provide help).

The EU Sovereign Cloud guarantees we meet these security and privacy requirements –and, as a result, allows us to sell our service to customers from the European Union. Since the server is in Frankfurt, it’s also close enough to us to help us avoid performance problems, and the support operates in the same time zone. Moreover – and this is one of the coolest things about the EU Sovereign Cloud – it doesn’t cost us extra money.

The pricing is the same as for the regular Oracle public cloud.

It would’ve been easy to make the sovereign cloud a separate premium product with a higher price tag, but Oracle didn’t do this. Instead, getting the EU Sovereign Cloud is as easy as choosing a server location for your OCI account – because that’s precisely what it boils down to (though enabling it for older accounts requires jumping through some additional hoops on Oracle’s part – it’s easier for newer accounts, which is a potential consideration). Seems like a very smart, business-conscious way of approaching this subject, one that the customers are bound to appreciate.

Summary: Is the Oracle Sovereign Cloud good for you?

Oracle’s sovereign cloud services seem to be a simple answer to a complex problem. The EU Sovereign Cloud, in particular – because that’s what we can speak about from our experience – offers companies an easy and cost-effective way to address at least a few important issues:

• Your servers are located in a specific region
• Only employees from this region handle the servers
• The companies maintaining the servers are registered in this region
• No entity (either a company or a government) outside of this region can access your data
• Everything is done according to the local regulations (either the general ones or those regarding specific areas like healthcare or finance)
• And the cherry on the top is that it doesn’t cost you any additional money

The Oracle Sovereign Cloud is still a quite new service, so we’re waiting to see what the future will bring in terms of features and opportunities. However, it’s already evident that Oracle really listens to the customers and tries to respond to their key demands.

At Pretius, we’ve been developing custom software based on Oracle technologies for almost 20 years. Are you planning a new project, or want to modernize a legacy system, and would like to consult somebody? Let us know using the contact form below or by writing to hello@pretius.com – such initial consultations are always free.