In conversation: Broadcom and Telia on sovereign cloud

Across Europe, increasingly complex national data governance and protection regimes, combined with the value of data to the region’s economic growth, are causing a spike in demand for sovereign cloud technology. Despite surging interest, there are still several challenges the industry must address to build out harmonized sovereign cloud solutions. An agreement on the European Cybersecurity Certification Scheme for Cloud Services (EUCS) is a potential route forward, but industry efforts to influence these negotiations could result in lopsided definitions. Broadcom’s Laurent Allard and Telia’s Zakaria Bennani share in the following discussion to get a better sense of where we stand on sovereign cloud technology and how to best bring these solutions to market in Europe.

What do you see as the main drivers for sovereign cloud demand across Europe?

National security – and that extends beyond public sector customers. Regulation and compliance requirements also impact heavily controlled sectors like banking and private firms that support the public sector. The underlying threat for all these customers is a cybersecurity breach, often from state-sponsored actors.

The broader threat of geopolitical crises is also creating a demand by government agencies to be able to maintain national autonomy of critical data during moments of economic or security uncertainty. Security is often tied to trust, and our customers trust suppliers that follow the same national and/or European laws and regulations as they do. This has increased demand for on-shore or near-shored services from partners with long-term commitments toward sovereign service delivery. That trust is also centered on the ability to deliver a simplified solution for complex needs that combine data centers, connectivity and security.

Security is often tied to trust, and our customers trust suppliers that follow the same national and/or European laws and regulations as they do.

The sensitivity of supply chain attacks is also driving customers to add higher levels of security to their systems, which is often in the form of a sovereign cloud solution.

What are the roadblocks for European firms looking to implement sovereign cloud?

Today, there is no common European legal definition for sovereign cloud. The European Commission and the member states are addressing this through the ongoing EUCS negotiations.

The industry often equates sovereign cloud technology with data center location. However, there is more to it than that. There is a need for connectivity services to ensure end-to-end sovereignty. Telia & Telia Cygate can provide cloud, WAN and LAN services that provide end-to-end solutions, simplifying and addressing the full scope of customer needs. Security services are also frequently needed, which must cover the full six tenets of the NIST framework. This all creates major roadblocks for companies. It requires expertise as a customer and the ability to find a service provider that provides a complete, unified and scalable delivery.

The industry often equates sovereign cloud technology with data center location. However, there is more to it than that.

Layered on top of all this are the specific requirements many global companies and public sector institutions demand, deviating from standard solutions. This is a massive challenge for services that are meant to scale. But because Telia, including Telia Cygate, act both as an operator and a system integrator, we can combine carrier grade services for cloud, connectivity and security, with the ability to deliver customized solutions. This is a major differentiator on the European market.

via IDC EMEA Cloud Survey, August 2023. N=1,610

Is sovereign cloud harder to scale given the geographic limitations?
The concept of sovereignty includes limitations in where the data is stored, and who can access it, but this doesn’t necessarily translate into difficulties in scaling. Scaling is a function of the service provider’s technical design, but also their market position and future outlook. The world’s biggest technology firms won’t have a technically hard time creating scalable sovereign clouds.

One of the more challenging parts of scaling sovereign cloud solutions, though, is establishing long-term service and support to your customers as a service provider. This requires the strategic initiative to invest enough in capacity to scale with customer demand. I come back again to trust, but this time from a customer relationship perspective. Telia has worked with some of our customers for close to two centuries. If we offer sovereign cloud, we are confident our customers know they will have this service far into the foreseeable future.

Is there a Telia specific vision for sovereign cloud?

We hear a lot about public clouds versus private clouds, regulations and national security concerns. These are all valid considerations when looking at sovereign cloud technology, but there is something deeper that often goes into technology choice.

So, trust is at the heart of everything we do: our brand, our customer relationships, and the products and services we deliver.

Offering sovereign cloud solutions is a privilege, which is why I have spoken so much about trust. We see it as our north star at Telia. Technology evolves and regulations change, but trust is earned over time and requires continuous delivery excellence to be maintained.

Telia, including Telia Cygate, has a unique position in Swedish society. We provide mission critical services to many of Sweden’s leading companies and public sector organizations. We are a part of Swedish Total Defence, the country’s plan to defend itself in wartime. So, trust is at the heart of everything we do: our brand, our customer relationships, and the products and services we deliver.

Can a cloud offering truly be sovereign if it relies on public cloud platforms?
This depends mainly on the definition of “sovereignty.” If we look at sovereignty strictly from the geographical location of stored data, then yes, public cloud platforms can offer sovereign solutions.

via IDC EMEA Cloud Survey, August 2023. N=1,610

However, if we consider “sovereignty” as autonomy from foreign jurisdictions, a distinction should be made between native European sovereign cloud providers and providers whose headquarters or main operations are outside Europe. As long as the data in the sovereign cloud is accessible by entities belonging to cloud operators residing outside of Europe, the data sovereignty can no longer be guaranteed.
So, the answer is not a simple “yes” or “no,” but a hybrid approach is necessary, an approach based on the customer requirements, laws and regulations, as well as type of data that is being processed.

What should organizations look for when choosing a sovereign cloud partner?
We hear three central themes when we talk to our customers:

1. Compliance with laws and regulations for both the customer and the sovereign cloud partner while maintaining entire control of the data via a full jurisdiction control.
2. Ability to manage complex, end-to-end requirements and meet data center, connectivity and security needs that offers resilience and independence with cloud service providers.
3. Long-term strategy, financial stability and ability to execute over time. None of these should compromise on the quality, scalability or capacity for innovation of the product offered.

You’ve recently joined Broadcom’s Advantage Partner Program as a Pinnacle Tier Partner. Why does VMware appeal to you as a partner as you grow your cloud offering?

Continued success in growing our cloud offering is key to us at Telia. We need to decide what we think is the best technical platform to drive our future growth, which is based on several considerations.

We launched our sovereign cloud offer on the Swedish market last year, and we see the need for secure and trusted cloud infrastructure services growing in the years to come. Our customers instill their trust in Telia, including Telia Cygate, as their partner for the future. We instill the same trust in VMware by Broadcom as the partner platform to advance sovereign cloud adoption in our markets.

Our customers are looking for modern, scalable, secure, and sovereign cloud services for their data center needs. But soon they will also want a trustworthy platform that enables them to start using AI services in a sovereign context.