11 min to read

Digital sovereignty: How AWS and SoftwareOne can help

Jacek Falatowicz
Jacek FalatowiczAWS Architect and Product Owner
digitale-souveraenitaet-blog2-GettyImages-1009838734-blog-hero

For anyone needing an introduction to the topic of digital sovereignty, Alex Galbraith's recent blog provides an excellent briefing. Building on that foundation, we take a deeper dive into which AWS services and frameworks can help to meet those digital sovereignty requirements today.

The AWS approach

AWS provides data controls and digital sovereignty capabilities through a comprehensive suite of services. While future solutions such as the AWS European Sovereign Cloud are in development (more on that in a future article), there are already many AWS services available that help organisations support and strengthen their digital sovereignty. These solutions enable organisations to maintain control over their data, comply with local regulations, and protect business continuity.

It’s a broad topic so I’ll break it down into four key areas, before sharing a few thoughts on the future of digital sovereignty and some suggestions on how SoftwareOne can help you get the most from AWS.

1. Data control and security

At the heart of digital sovereignty lies the fundamental need for robust data control and security, making it the logical starting point for our exploration of AWS solutions.

AWS offers several services specifically designed to enhance data control and security, giving clients confidence and peace of mind as well helping them stay compliant.

This table shows some of the ways AWS could help you comply with local laws, manage encryption keys, use dedicated infrastructure, and benefit from high availability and resilience.

Service Description
AWS Control Tower Enables setting up and governing secure, multi-account AWS environments with built-in best practices and governance guardrails, including data residency controls. Automates security baselines across AWS accounts to support compliance with regional data requirements.
AWS Key Management Service (KMS) Enables the creation, control, and management of cryptographic keys used to protect data, ensuring data security and compliance with various regulatory standards. Integrates with most AWS services that encrypt data.
AWS Nitro System Enhances data security in EC2 instances, providing strong physical and logical security boundaries, essential for protecting the most sensitive workloads and ensuring data integrity.

AWS Shield (DDoS Protection)


AWS WAF (Web Application Firewall)

AWS Shield protects organisations against DDoS incidents, while AWS WAF secures applications from web attacks, enhancing security with automated mitigation and customisable rules. In combination, these services protect customers from internet-based intrusions, ensuring robust protection of critical data.
AWS Identity and Access Management (IAM) Manages access to AWS resources securely, enabling fine-grained permissions, role-based access and identity controls across accounts, ensuring data access is compliant with security standards.
AWS Cloud Trail Records AWS API activity for auditing, compliance, and operational monitoring, storing logs in Amazon S3 or streaming to Amazon CloudWatch.

2. Location flexibility and data residency

These are cornerstones of digital sovereignty, allowing organisations to maintain control over where their data is stored and processed, ensuring compliance with local regulations and safeguarding national interests.

Responding to this, AWS provides tools and features allowing clients to manage their data according to specific needs and regulatory requirements—including the geographic regions where their data is stored and processed.

AWS offers a choice of Regions and Availability Zones (AZs) to meet differing compliance requirements. Each AWS Region consists of multiple AZs, which are isolated locations within a region, enabling high availability and fault tolerance while ensuring data remains within designated geographical boundaries.

Building on this foundation of Regions and AZs, additional services allow clients to further customise their approach to data residency and sovereignty. By offering this level of granular control and flexibility over data location, AWS helps organisations tailor their digital sovereignty strategy to specific regulatory landscapes and business needs.

Service Description
AWS Dedicated Local Zones Provide dedicated AWS infrastructure for exclusive use, meeting stringent security and compliance requirements in customer-specified locations. Bring services closer to end-users, ensuring low latency and local data processing, helping meet data residency requirements. This contrasts with standard Local Zones because Dedicated Local Zones offer exclusive use, enhanced security, and customisation to meet specific regulatory needs.
AWS Outposts Extend AWS infrastructure and services to on-premises locations for consistent hybrid cloud operations. Useful for organisations needing to keep sensitive data within specific physical locations. Support digital sovereignty by enabling complete control over data locality and processing.
Disabling specified regions AWS allows this so customers can prevent data from being stored or processed in those regions. This can be configured through AWS Organizations, enabling centralised management of multiple AWS accounts and applying Service Control Policies (SCPs) to restrict specific regions. Disabling regions can support digital sovereignty policies by enforcing strict geographical data controls.

3. Operational resilience and disaster recovery

AWS takes a comprehensive approach to these disciplines, fundamental to maintaining digital sovereignty in general and meeting regulatory requirements—such as the Digital Operational Resilience Act (DORA)—in particular.

DORA:
Strengthening digital resilience

The Digital Operational Resilience Act (DORA) is a key piece of EU legislation aimed at strengthening digital resilience—primarily within the financial sector but with implications for many other industries too. As digital sovereignty becomes increasingly important, DORA effectively sets a new standard for operational resilience.

What it is

DORA is a comprehensive framework designed to ensure that organisations can withstand, respond to and recover from all types of ICT-related disruptions and threats. It covers banks, insurance companies, investment firms, and critical ICT third-party service providers.

What it mandates

  1. ICT Risk Management: Requires financial entities to have a robust ICT risk management framework.
  2. ICT Incident Reporting: Mandates standardised reporting of major ICT-related incidents.
  3. Digital Operational Resilience Testing: Calls for regular testing of digital resilience.
  4. ICT Third-Party Risk Management: Introduces an oversight framework for critical ICT third-party service providers.

Why it matters for digital sovereignty

DORA strengthens digital sovereignty by ensuring that critical financial infrastructure is resilient and secure. It reduces dependence on external service providers and enhances the EU's ability to control and protect its financial data and systems. As with GDPR, DORA is likely to influence similar regulations worldwide, potentially setting a global standard for digital operational resilience.

The comprehensive services portfolio offered by AWS addresses regulatory mandates like these, giving organisations the tools they need to achieve and maintain digital operational resilience.

Here’s an at-a-glance guide to some of the most important services involved and how they map to relevant mandates.

Service Description Addresses
AWS Resilience Hub Manages application resilience by defining, validating, and tracking resilience goals and improvements. ICT risk management
AWS Elastic Disaster Recovery Enables fast, reliable recovery of applications, minimising downtime and data loss using affordable storage and minimal compute, ensuring data protection and continuity during recovery.
AWS Security Hub Aggregates security alerts, automates compliance checks, and prioritises issues for improved AWS security posture management. Incident reporting
AWS Fault Injection Simulator Simulates faults to test application resilience, enhancing performance and observability through controlled experiments, ensuring systems remain robust and secure under stress. Resilience testing
AWS Audit Manager Automates audit evidence collection, streamlining compliance assessments and risk management. It continuously tracks your environment against industry standards, simplifying audit preparation with ready-made reports. Third-party risk management
AWS Artifact On-demand access to a library of AWS compliance reports, certifications, and legal documents, supporting customers audits and helping meet regulatory requirements transparently, end-to-end.

This integrated service ecosystem empowers organisations to build resilient infrastructures that comply with regulations like DORA while enhancing overall digital sovereignty. But to make the most of these capabilities, clients must understand how responsibilities are divided between AWS and its customers— an area of regulatory compliance and digital sovereignty that falls under the heading of the “Shared Responsibility Model.”

4. Shared Responsibility Model

The Shared Responsibility Model is fundamental to the AWS approach to digital sovereignty, delineating security and compliance responsibilities between AWS and its clients.

The basic principle is very simple—and very sensible.

AWS takes charge of the "security of the cloud," safeguarding the global infrastructure, managing the virtualisation layer, and ensuring physical security of data centres. Customers, on the other hand, are responsible for "security in the cloud," which encompasses data management, access control, guest operating system security, and regulatory compliance.

digital-sovereignty-how-softwareone-and-aws-can-help-content1

This model underpins digital sovereignty because it empowers customers with full data control, encryption management, and geographic choice for data storage and processing. AWS supports this approach through comprehensive compliance tools, transparent documentation, and the Well-Architected Framework, providing best practices for secure and resilient cloud environments.

The future of digital sovereignty

AWS European Sovereign Cloud

AWS's commitment to digital sovereignty continues to evolve beyond the robust Shared Responsibility Model and all the supporting services outlined above.

The upcoming AWS European Sovereign Cloud, set to launch in Germany by the end of 2025, represents another significant step forward. This new offering builds upon AWS's established practices with true regional isolation, localised management, and metadata residency, aiming to provide enhanced autonomy and compliance for EU-based operations.

Complementing current options like AWS Dedicated Local Zones, the Sovereign Cloud reflects the growing need for tailored cloud infrastructures to meet diverse regulatory requirements.

As AWS expands these sovereignty-focused services, organisations may find value in expert guidance to effectively integrate these advanced solutions into their IT strategies.

As an AWS Premier Tier Services Partner, SoftwareOne is ready to help with a combination of global presence and local expertise.

SoftwareOne: AWSome support

Our team of certified AWS professionals is dedicated to guiding you through every stage of cloud adoption, making sure AWS solutions match up with your specific sovereignty requirements. From initial assessment to full implementation, we offer comprehensive support to create a robust and resilient digital environment.

With our range of cloud managed services and expert advice, we’ll help you harness the full potential of digital sovereignty, turning potential challenges into strategic advantages for your business.

Aerial view of a green forest.

Secure your digital sovereignty today

Quickly learn about robust digital sovereignty solutions from AWS—with help from SoftwareOne. Ensure compliance, maintain control, keep your data secure.

Secure your digital sovereignty today

Quickly learn about robust digital sovereignty solutions from AWS—with help from SoftwareOne. Ensure compliance, maintain control, keep your data secure.

Author

Jacek Falatowicz

Jacek Falatowicz
AWS Architect and Product Owner

AWS Architect and Product Owner holding certifications as an AWS cloud practitioner, professional solutions architect, security specialist, professional DevOps engineer and developer