A sovereign cloud can be a restricted cloud.

The need to satisfy regulatory compliance and/or local data privacy legislation has typically been the main driver for organizations seeking sovereign solutions.

In research conducted by IDC in 2022, when asked how their technology investment and partnership priorities related to digital sovereignty will affect the use of different types of cloud partners, most organizations globally told us that they expected to switch more of their cloud workloads  to local cloud providers (source: IDC’s Future Enterprise Resiliency and Spending Survey  —  Wave 4 [May 2022]; N = 814).

Working with local providers can support an organization's needs for data residency and data localization. But the downside is that they are likely to face compromises when it comes to leveraging cloud's full potential.

Indeed, when asked which business outcome they have found most difficult to achieve, one-fifth of organizations currently utilizing sovereign cloud solutions in Europe identified the full use of the features and functionalities of cloud as their top obstacle (source: IDC’s 2023 EMEA Cloud Survey [August 2023]; n = 470).

Arguably, many local cloud providers are unable to match the innovative capabilities of their global counterparts or offer the same level and range of products and features. This results in limited scalability, hampering the user organization’s ability to take full advantage of the agility cloud offers.

Furthermore, when compared to global cloud providers, local players may not be able to compete on other services and facilities, such as offering best-in-class cybersecurity protection, datacenters that cover a wide footprint and utilize the latest sustainability practices, and in-house personnel that have the highest levels of technical skills and experience.

Does all of this mean local cloud providers should be dismissed?

Far from it — and those who do so risk sovereignty failure.

IDC believes that for sovereignty to succeed, partnerships between global and local cloud providers are essential to help ensure organizations balance their need for sovereign controls with cloud’s innovation potential.

A combined 84% of the organizations IDC polled for its 2023 EMEA Cloud Survey said they were either already using sovereign cloud solutions or plan to do so in the next 12 months.

We consider Europe to be in the digital sovereignty vanguard. This is why many big name global cloud providers have formed alliances with trusted local partners to deliver their sovereignty offerings on the continent.

It may seem the major global cloud players have the odds stacked in their favor.  But many acknowledge that a trusted ecosystem of partners is needed if their sovereign solutions are to work at scale.

That means they need to team with the right regional and in-country partners to help boost local credibility and trust, and to deliver local services, local expertise, and leverage local knowledge.

For local service providers, partnering with global players will help deliver innovation and scalability, as well as a wider range of services.

Global SaaS providers need to work across all partners to develop and deliver customized offerings within sovereign frameworks, boosting the range products and services available to sovereign cloud users.

Vendor lock-in is one pitfall all parties need to be mindful of.

Asked by IDC why their organization decided to stop using public cloud, of the small number of those who responded, 30% cited a high level of dependency, or vendor lock-in, which they said limited their flexibility.

Among organizations in Europe that are planning to use sovereign cloud solutions in the next 12 months, almost one-quarter said they will seek a balance of customization and interoperability to mitigate vendor lock-in risks.

How does your organization primarily balance the need for customization and the risks associated with vendor lock-in when selecting a cloud provider for application migration and modernization?

EMEA Cloud Survey

Source: IDC’s 2023 EMEA Cloud Survey (August 2023); n = 879

Nearly one-fifth (18%) of these organizations also expressed concerns about a lack of data portability in a separate question that asked about their main challenges in using a sovereign cloud solution.

IDC believes open source solutions can help here, particularly when it comes to technical sovereignty.

According to IDC's Worldwide Digital Sovereignty Taxonomy, 2023: Cloud Sovereignty, technical sovereignty refers to digital infrastructure located in a sovereign environment.

It includes datacenters plus all servers, IT hardware, software, and XaaS used for cloud-based data and workloads.

All of this infrastructure should be shielded from non-sovereign digital infrastructure, as well as protected from extraterritorial interference and scrutiny.

Organizations cannot afford to lock themselves into custom-built solutions that become legacy systems in their own right.

For technical sovereignty to succeed, we advise organizations to work with platform players that can deliver plug-and-play capabilities. This includes open source solutions that lend themselves well to interoperability, portability, transferability, and cloud “reversibility.”

For more about the challenges sovereign cloud users face, see our next blog: "Incorporating a Sovereign Cloud into a Multicloud Strategy.”



About the author

Rahiel Nasir is responsible for leading and contributing to IDC's European cloud and cloud data management research programs, as well as supporting associated consulting projects.

Read full bio