Kathy Gibson reports from VMware Explore – As organisations move more of their mission-critical workloads to the cloud, the issue of data sovereignty and privacy is becoming more relevant than ever.

To address concerns, VMware launched its Sovereign Cloud offering just over a year ago, and has seen rapid growth in uptake of the service – particularly in verticals handling sensitive customer information such as healthcare, financial services, banking, government and more.

Sovereign Cloud has been particularly popular in the Europe, Middle East and Africa region, and Ian Jansen van Rensburg, director: systems engineering at VMware South Africa, says South African organisations are quickly cottoning on to the benefits as well.

There are currently two sovereign cloud certified companies in South Africa, Gijima and BCX, and Jansen van Rensburg believes demand for the service will rise.

“It is rapidly becoming a reality in South Africa: sovereignty is one of those things companies want more and more – they want to know exactly where their data is.”

He anticipates that, as demand grows, more Sovereign Cloud providers will be signed up. “It takes a while to get certifed, though,” he warns. “There are a lot of checks and balances required so VMware can be sure the sovereignty is 100% genuine.”

Jansen van Rensburg points out that many cloud providers offer sovereignty in that they can isolate a customer’s data, but few of them can show you which server and data store, in which physical location, is running your workload.

Sovereign cloud will likely grow in popularity as a preferred platform for Private AI takes off, Jansen van Rensburg believes.

VMware announced a number of enhancements to its Sovereign Cloud programme at VMware Explore this week, adding data services and security features.

Currently, more than 50 VMware Sovereign Cloud providers in 33 countries are part of a powerful, interconnected, and diverse ecosystem that supports customers’ sovereign cloud requirements. Together, VMware and VMware Sovereign Cloud partners are helping organisations unlock the innovative power of their data while remaining compliant with data privacy regulations.

VMware’s Sovereign Cloud initiative is a global ecosystem of CSPs committed to helping customers comply with rapidly growing and changing data privacy laws. VMware Sovereign Cloud providers must self-attest to a framework of guiding principles, best practices, and technical architecture requirements to deliver cloud services that adhere to the data sovereignty requirements of the specific jurisdiction in which that cloud operates, as mandated by the relevant government or commercial body.

In sovereign cloud, customers are seeking the utmost in control over and access to data. Owning encryption keys in the cloud allows customers to maintain the level of control they demand. VMware Sovereign Clouds now support Bring Your Own Keys (BYOK) and Bring Your Own Key Management Systems (BYO-KMS). By letting customers create and hold their own “keys” to their data, customers can be more confident that no one else, not even the CSP, can view or access their information without permission.

BYOK provides customers with greater flexibility and portability for data encryption on their terms, enables adherence to specific key management policies associated with their business and regulation, and helps address legal requirements for data within any given jurisdiction. With key ownership comes the responsibility of robust key management to avoid compromising the encrypted data or accidental loss of keys rendering the data useless.

VMware Cloud Director extension for VMware Data Solutions enables sovereign cloud customers to deliver a portfolio of on-demand caching, messaging, and database software at a massive scale to developers. CSPs can offer tenants an integrated solution, which allows them to operate and manage data-as-a-service across private clouds and sovereign clouds. VMware Cloud Director also enables sovereign cloud providers to leverage ecosystem partners to deliver integrated data services.

VMware is now adding:

* NoSQL as a Service featuring MongoDB: NoSQL databases are favoured in highly regulated industries due to their scalability, ability to handle diverse data types, and adaptability to changing data structures without extensive redesign. NoSQL databases support rapid transaction speeds, continuous data availability, and robust security measures, including encryption and role-based access. Their ability to process vast volumes of training data sets make them ideal for AI/ML applications.

* Kafka as a Service: Kafka is ideally suited to support real-time analytics applications such as real-time fraud detection in finance, patient monitoring in healthcare, and other regulated industries where data integrity, compliance, and timely decision-making are crucial.

* Greenplum as a Service: Greenplum is ideal for large-scale and comprehensive data analytics, making this solution especially pertinent in sovereign clouds where data residency and compliance with local regulations is the priority. With Greenplum, customers in regulated industries can better facilitate data-driven decision-making while enabling adherence to jurisdictional boundaries and local laws such cyber threat analysis.

* Object Storage as a Service with NetApp StorageGRID: NetApp StorageGRID enables cloud services providers to offer a wide range of high-value storage services that are resident and compliant within the sovereign domain. This fully S3-compliant storage solution supports a wide range of sovereign cloud use cases with data durability and high availability, more secure multitenancy, horizontal scalability and data protection. The solution’s universal compatibility in its native support for industry-standard APIs, such as Amazon S3 API, helps ensure smooth interoperability across diverse cloud environments. Unique innovations such as automated lifecycle management help ensure more cost-effective safeguarding, storage, and long-term preservation of customers’ unstructured data.

VMware’s approach to delivering developer-ready sovereign clouds emphasizes a unified hybrid cloud infrastructure that provides consistent experiences across various cloud environments while enabling compliance, data residency, and enhanced security. Integrating developer-centric tools such as VMware Tanzu enables rapid application deployment, while VMware NSX offers enhanced precision controls around data flow and security which are vital for data sovereignty.

VMware is expanding support for developer-ready sovereign clouds with the following:

* VMware Tanzu Mission Control Self-Managed: Now in general availability, Tanzu Mission Control Self-Managed meets the demand for advanced, compliant management tools for cloud-native applications in sovereign clouds. For customers in regulated industries with stringent regional jurisdictional requirements, Cloud Services Providers can now deliver multi-tenant Kubernetes Infrastructure as a Service in their data centres, centrally manage Kubernetes, and seamlessly apply security policies across tenant container workloads.

* Content Hub in VMware Cloud Director 10.5: VMware Content Hub for Cloud Director enables partners and their sovereign tenants to rapidly deploy vetted and pre-configured applications that are compliant and more secure. Sovereign cloud providers can deliver applications that meet jurisdictional and regulatory requirements without sacrificing agility or control while enabling consistent application experiences. Integration with VMware Cloud Director platform also helps simplify access to cloud resources.

* Integrated support for NVIDIA GPUs and NVIDIA NGC Marketplace: VMware has further improved the user experience and reduced administrative overhead for deploying GPU apps with NVIDIA GPU support in VMware Cloud Director. This helps unlock the ability for sovereign cloud customers to support artificial intelligence, deep learning, graphics-intensive visual rendering applications, and computation-heavy workloads. Customers can also now access and deploy NVIDIA applications from the NVIDIA Global Connect (NGC) Marketplace directly to a Tanzu Kubernetes Grid infrastructure with GPU operators configured automatically. Partners deploying this repository for customers can help accelerate the integration of AI models and tools for developers, helping to simplify the software development cycle for next-generation AI products.