VMware enhances Sovereign Cloud services in a push for easier compliance

A photo of VMware exec Raghu Ranghuram, Sumit Dhawan and Luigi Freguia at a panel

VMware has announced a number of new data sovereignty solutions as part of a new initiative to make cloud compliance easier to manage and monitor.

The VMware Sovereign Cloud Initiative encompasses a number of changes to existing VMware services, such as VMware Tanzu and VMware Aria Operations, as well as a new framework for ecosystem wide compliance solutions.

These sovereign software as a service (SaaS) products are intended to help companies deliver services like those found in the public cloud, remaining compliant with data regulations. The Sovereign Cloud has been drawn up in alignment with European data sovereignty project Gaia-X, and other such international regulations.


Data governance and privacy for data leaders

Create your ideal governance and privacy solution


VMware promises that in addition to the changes announced, sovereign cloud services will continue to see expansion through its cloud partners, to ease the process of maintaining data compliance and data protection across cloud services.

The cloud giant also revealed that it now has 25 Sovereign Cloud providers across the globe, more than double the number at the time the group was formed, including OVHcloud, UKCloud, Telefonica, Hitachi, and Tata Communications. In order to address customer concerns directly, VMware has additionally assembled a “consortium” of industry policymakers and cloud providers, working to define requirements across sovereign clouds.

As VMware seeks to address what it calls ‘cloud chaos’, in which businesses utilising multi-cloud are wasting resources to redundancies across multiple silos, and lack the oversight or central control to fix these issues, sovereignty has arisen as another pain point amongst its partners.

“VMware engineers made the Sovereign Cloud Initiative to address this issue, said Raghu Raghuram, chief executive officer at VMware.

“The VMware Sovereign Cloud Initiative is a set of software controls, overlaid on top of the standard VMware, infrastructure and platform to deliver sovereign security, compliance, control, autonomy and allows you to innovate on such a platform.”

As part of the update, VMware Tanzu Kubernetes Grid will offer users the enterprise-ready runtime they have come to expect from Tanzu, bolstered by open source server components such as Fluent Bit, Grafana, and Prometheus. In addition, Tanzu Application Platform will allow developers to perform air-gapped installation, dynamic API registration to ensure automation is secure, and a vulnerability dashboard through which teams can perform better pre-deployment security checks.

VMware’s multi-cloud management platform Aria, meanwhile, is being given its own Operations Compliance pack, in an effort to provide continuous compliance monitoring, reporting and remediation, with a backbone of automation that remains. It can be fully integrated with VMWare Cloud Director, and comes with a central dashboard from which users can monitor cloud-wide compliance, for compliant DevSecOps.

Research undertaken by Vanson Bourne, commissioned by VMware, has shown that 96% of of surveyed companies believe that over the next two years, data will be a source of revenue, but an almost equal figure (95%) identified data sovereignty as a point of concern.

“There is no data sovereignty without cloud sovereignty. And sovereignty does not have to come at the expense of cloud innovation,” said Rajeev Bhardwaj, vice president, cloud provider platform solutions, VMware.

Speaking to the importance of cloud sovereignty at a press event, Bhardwaj emphasised how the company’s increased efforts around sovereignty are in response to the worries of its customers:

“Sovereignty is more than just data privacy and security. What customers are concerned about is this changing geopolitical landscape, and making sure if things change customers still have access to data.

What's happening in Ukraine and Russia that kind is now bringing sovereignty to the forefront," added Bhardwaj. "The second one we heard was around jurisdiction controls. This is around foreign nations having access to data using the legal framework. So that came up as another key concern from customers.

“Additionally, customers have embraced cloud. A lot of these regulated workloads are now set in public clouds. So, there's a concern here, either foreign nations can access their data, or if the geopolitical landscape changes they may not have access to data.”

A number of tech firms have made moves to give customers greater control over data transfers, with Oracle building more sovereign cloud regions in the EU in 2023, and Google adding more data transfer controls in the EU. The moves come in part due to anticipation of the EU-US data transfer agreement, the successor to Privacy Shield, which seeks to reconcile data protection approaches across the Atlantic.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.