In contrast to Amazon Web Services, Microsoft Azure, and Google Cloud, Oracle’s EU Sovereign Cloud is physically separate from its existing ten cloud regions in the EU. Credit: Magdalena Petrova Oracle on Tuesday said it is opening its EU Sovereign Cloud for enterprises and government bodies to help them meet evolving data residency and privacy regulations — such as the General Data Protection Regulation (GDPR) — while moving to the cloud. The new EU Sovereign Cloud will comprise two data regions or data centers located in Frankfurt and Madrid, which will be operated by Oracle-owned EU legal entities incorporated in the EU, hiring EU-based personnel only, Oracle said. Enterprises across all 27 member states would be able to access the cloud at the same cost as its other cloud regions, the company added. “Oracle EU Sovereign Cloud gives customers the services and capabilities of Oracle Cloud Infrastructure’s (OCI) public cloud regions with the same support, and service level agreements (SLAs) to run all workloads,” Oracle said in a statement. The two data centers have been put in place to manage disaster recovery, the company said. Oracle first announced its intent to launch the EU Sovereign Cloud in July 2022. The newly opened EU Sovereign Cloud has implemented practices that support compliances as prescribed under the Schrems II ruling, the European Data Protection Board (EDPB) guidelines, and evolving regulations such as NIS 2, said Leo Leung, vice president of products and strategy at Oracle. “The Sovereign Cloud regions are designed on the principles of our Government Cloud that we offer to the US and UK. In the US, we offer two different kinds of Government Cloud, separate for defense and administrative bodies with different security features,” Leung said. Oracle’s Sovereign Cloud offers physical separation In contrast to other public cloud services providers such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud that offer controls to meet data regulations within existing cloud regions or cloud services, Oracle’s EU Sovereign Cloud is physically separate from its existing ten cloud regions in the EU. The new Sovereign Cloud, according to the company, doesn’t share any infrastructure with Oracle’s other regions in the EU and has no backbone network connection to any Oracle cloud region globally. Additionally, access to the Sovereign Cloud is managed separately from Oracle’s other commercial regions in order to enhance data security, Oracle said. The company claims to have added a new control layer, dubbed realm isolation, for the Sovereign Cloud, which imposes more restrictions based on security clearance and residency of personnel. “Access to Oracle Cloud Infrastructure is based upon the concept of least privilege, which means restricting role entitlements to the minimum required to perform functions and implementing strict identity authorization policies,” Oracle’s senior manager Sarah Fujita wrote in a blog post. “Access of operations staff to the infrastructure and services supporting OCI requires multifactor authentication, a VPN connection, and an SSH (Secure Shell) connection with a user account and password or private key,” Fujita added. Other mechanisms to secure data include audit logs and Vault Key Management. While audit logs can be used to monitor authentication logs for servers and network devices supporting OCI services, Vault Key Management provides centralized management of the encryption of an enterprise’s customer data with keys inside the realm. “Enterprises can create, rotate, enable or disable keys, assign keys to resources, and use keys for encryption and decryption to safeguard data,” Fujita wrote, adding that enterprises can implement Vault either as a multitenant software-based key management service or as a dedicated hardware security module (HSM). Additional measures for data security Oracle also said it is adding two new additional data security measures to its Vault Key Management feature as part of the Sovereign Cloud in the form of OCI Dedicated Key Management Service and OCI External Key Management Service. While OCI Dedicated Key Management gives enterprise customers control over their encryption keys by using a dedicated, single-tenant HSM provisioned within OCI, the External Key Management ability allows enterprises to encrypt their data using encryption keys that are created and managed by the customer outside of OCI. “These encryption keys always stay within the custody of the customer and are never imported into OCI, enabling customers to move regulated workloads to OCI that require control over the physical storage of keys outside the cloud,” Oracle said, adding that Dedicated Key Management was developed in partnership with the Thales Group. Oracle EU Sovereign Cloud to support OCI FastConnect The EU Sovereign Cloud supports Oracle’s OCI FastConnect service which can be used to transfer data to OCI’s virtual cloud network via a dedicated private connection. Currently, the new Sovereign Cloud will support FastConnect partners such as Arelion, DE-CIX, Digital Realty, Equinix, and InterCloud, Oracle said, adding that Digital Realty and Equinix were the host partners for the EU Sovereign Cloud region’s location in Madrid and Frankfurt respectively. The Sovereign Cloud adds to Oracle’s tally of 37 commercial regions and seven government regions across 23 countries. In May, the company announced its intent to open a new cloud region in Serbia. Related content news AI is driving productivity and wage increases: Report In major labor markets, including the US, the UK, Canada, Australia, and Singapore, jobs requiring AI expertise are associated with a considerable wage premium. By Prasanth Aby Thomas May 21, 2024 3 mins Salaries IT Jobs Artificial Intelligence news IBM showcases Gen AI-driven Concert to monitor and manage enterprise applications Underpinned by the watsonx platform, IBM Concert will provide enterprises insights across applications to help reduce risk and compliance processes. By Anirban Ghoshal May 21, 2024 3 mins Generative AI IBM feature IT leaders look beyond LLMs for gen AI needs Not all enterprise use cases are best suited for large language models. New multimodal generative AI models and smaller models show promise for niche needs. By Paula Rooney May 21, 2024 9 mins Generative AI IT Strategy opinion Reducing CIO-CISO tension requires recognizing the signs Given competing pressures and priorities, CIOs and CISOs often find themselves at odds. Knowing where tensions flair and how your partner operates is essential to maintaining a productive partnership. By David Gee May 21, 2024 6 mins CIO CSO and CISO IT Leadership PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe