The sovereign cloud: VMware plays by the rules

But are those rules the best solution for Europe?

The sovereign cloud: VMware plays by the rules

VMware aligned its European sovereign cloud offering with Europe’s rules. This means the American player is partnering with European providers to ensure data remains within Europe. The European ambitions were once greater, but they have been firmly scaled back as they proved to be impossible (for now) in reality. Where are the problems?

The European sovereign cloud and VMware’s role are intrinsically linked in this piece. In this article we report on the event “The European Sovereign Cloud Day” that took place in the center of Europe: Brussels. VMware largely took care of the organization, cementing its position as a key enabler of the sovereign cloud in Europe.

Last year, we published an extensive article on VMware’s strong footing in this domain. At that time, Broadcom’s acquisition of VMware was merely on the horizon, making it worthwhile to revisit the situation now with Martin Hosken, Chief Technologist for cloud in EMEA at Broadcom. Hosken operates within the VMware division, though his official title is listed under Broadcom.

Moving away from public cloud

With VCF 9, Broadcom is clearly distancing itself from the public cloud. “The more you move toward public cloud, the less sovereign it is,” Guy Bartram, Director of Product Marketing at VMware, bluntly said last year. While the public cloud is often associated with the major hyperscalers, this is not entirely accurate. What matters is where the data resides. If this is not in an in-house data center and, therefore, management is outsourced to an external party, then the data is in the public cloud.

A gap with the public cloud now follows at VMware as the company is taken under the leadership of Broadcom. The new direction is reflected in VMware’s focus on its offerings. The company’s attention is now firmly concentrated on one side, whereas it was previously divided between striving for a hybrid solution.

That said, investments already made in public cloud integration have not been abandoned. “The need for Broadcom solutions on public clouds has not suddenly gone away. The strategy of some customers, for example, would not allow it. We are just rebuilding the underlying so that it becomes a private cloud offering on a public cloud,” Hosken stated. While the company’s vision is clear, the details regarding the underlying infrastructure remain somewhat murky, as the product is yet to reach the beta release stage.

Three pillars for a sovereign cloud

Revamping the platform is the first major task the VMware team can work on under Broadcom’s ownership. The new parent company has already applied its own expertise to streamline and contain VMware’s offerings. “We used to have a list of criteria for the sovereign cloud. We have narrowed this down to three basic criteria,” says Laurent Allard, lead sovereign cloud EMEA at Broadcom. From now on, it’s about the sovereignty of three key elements: data, operations, and infrastructure.

“A cloud that meets these may now call itself a sovereign cloud according to our values,” Allard states. The public hyperscalers are argued to fall short, as they are “not EU-native.” However, the hyperscalers themselves would likely provide a detailed explanation of how they are building sovereign cloud capabilities in Europe. The billions invested in building European data centers will undoubtedly come up in this answer.

Wondering how AWS is building a sovereign cloud in Europe? Read it here: AWS delivers cloud how and where customers want it, also in Europe

“They will never fully close the gap because they do not partner with European partners,” notes Allard critically. Yet, the hyperscalers do not claim to be building a sovereign cloud unfairly. Not as long as Europe fails to put a clear definition on paper. The Data Governance Act is supposed to bring order to chaos, but is running behind schedule.

Lack of structure in Europe

The general sentiment conveyed at the conference is that the sovereign cloud in Europe is far from where it should be. This has created chaos, as individual countries like France and Germany have established their own legal frameworks. Until regulation is harmonized across Europe, smaller cloud players struggle to meet all the legal requirements.

Not that we are not otherwise overflowing with regulation in Europe, and Brussels knows that by now. “The general idea among politicians in Brussels is that there is enough regulation,” says Manuel Mateo Goyet, Deputy Director of the Cloud and Software DG CONNECT unit at the European Commission. Few companies will disagree with that statement. Regarding data storage and cloud regulations, six key regulations can be identified: GDPR, European data strategy, the data law, NIS2, the European Cloud Initiative, and the Cloud Rulebook.

Cloud players then already face administrative burdens from the EU to ensure compliance with the various legislations. There is even more to it for cloud players than being compliant. As Allard argues, “Security, interoperability, and privacy have to come together.” Mere compliance with the regulations is not enough. The laws are perceived as focusing on interoperability while underemphasizing security and privacy.

Why not a European cloud?

Despite the lack of a clear regulatory structure, European policymakers remain skeptical of cloud solutions from hyperscalers. The primary concern raised by European regulators is the US CLOUD Act, a legislation that grants the US government access to data stored with American providers. “That law takes into account the location of an organization’s headquarters. So providers can build offices in Europe, but essentially that solves nothing.”

An alternative approach would be to establish a national or European cloud initiative. However, the challenge lies in the substantial cost, as well as the question of who will bear the financial burden. Goyet concretizes the challenge with figures from Mario Draghi’s report on Europe’s competitiveness earlier this year. “To boost the cloud, 15 billion euros are needed over the next 10 years.”

Tip! European competitiveness under pressure from overly strict and complex policies

VMware’s position under Broadcom

The currently preferred way in Europe to shed a cloud provider’s American roots is to establish local partnerships. OVHcloud is one of VMware’s local partners. It is just one of 30 VMware Cloud Service Providers from EMEA. As such, VMware’s largest partner network is in our region. Hosken clarified that Europe has the most potential for partnerships, as there are many more local cloud providers compared to the American market.

For a long time, these partners had stability under the wings of VMware. However, since the acquisition by Broadcom, the media often hints at a tougher approach to partners. What benefits they will gain from the acquisition remains an open question. “The question will be how Broadcom helps partners grow. We don’t have an answer to that at this moment,” Hosken said.

Despite the Broadcom acquisition, VMware remains a strong player within the European sovereign cloud story. Promoting its own offerings at the event against a backdrop of European regulatory chaos, VMware emerged as a natural leader in this domain.