Engaging in a European dialogue on customer controls and open cloud solutions
Thomas Kurian
CEO, Google Cloud
At last year’s Europe-focused Google Cloud Next event, we outlined our commitment to European customers, sharing ways Google Cloud is helping European organizations transform their businesses in our cloud and address their strict data security and privacy requirements. This included expanding our existing cloud regions on the continent, growing our ecosystem of local partners, and adding compliance certifications, to name a few. Since then, we have made significant progress on all these fronts and are deeply committed to delivering additional capabilities.
In recent months, European customers and policymakers have placed an even greater emphasis on working with cloud service providers to protect customers’ most sensitive information. Based on our conversations, this focus is driven by concerns about government access to sensitive European public and private sector data, and concerns about European customers’ reliance on global cloud service providers to support critical services and workloads.
Today, Google Cloud’s baseline controls and security features offer strong protections, meet current robust security requirements, and, in most cases, fully address customer needs. We have a long history of supporting features that are most important to customers globally. This includes critical features such as data residency controls, default encryption for data-at-rest, organization policy constraints, and VPC Service Controls, among many others. Our whitepaper includes more details on the capabilities you can take advantage of with Google Cloud Platform.
Through our close partnership and work with European customers and policymakers, we understand that they strive for even greater security and autonomy. At Google Cloud, we take these issues—often discussed under the umbrella term of digital sovereignty—seriously. We are working diligently across three areas: data sovereignty, operational sovereignty, and software sovereignty, to help address digital sovereignty in the cloud computing context. And we continue to listen to customers and policymakers and incorporate their feedback on the best potential path forward.
Key to our approach is our commitment to open source-based software solutions that offer control and autonomy, high capability, usability and flexibility, and robust data protection, as well as solutions that expand opportunities to partner with European cloud service providers to build local skills. You can read more about our open, partnership-oriented approach here.
Working together to address concerns
In our engagement with European customers and policymakers about their sovereignty needs, they describe several core requirements: control over all access to their data by the provider, including what type of personnel can access and from which region; inspectability of changes to cloud infrastructure and services that impact access to or the security of their data, ensuring the provider is unable to circumvent controls or move their data out of the region; and survivability of their workloads for an extended period of time in the event that they are unable to receive software updates from the provider.
These requirements reflect three distinct pillars of sovereignty: data sovereignty, operational sovereignty, and software sovereignty.
By engaging with customers and policymakers across these pillars, we can provide solutions that address their requirements, while optimizing for additional considerations like functionality, cost, infrastructure consistency, and developer experience.
Data sovereignty provides customers with a mechanism to prevent the provider from accessing their data, approving access only for specific provider behaviors that customers think are necessary. Examples of customer controls provided by Google Cloud include storing and managing encryption keys outside the cloud, giving customers the power to only grant access to these keys based on detailed access justifications, and protecting data-in-use. With these capabilities, the customer is the ultimate arbiter of access to their data.
Operational sovereignty provides customers with assurances that the people working at a cloud provider cannot compromise customer workloads. With these capabilities, the customer benefits from the scale of a multi-tenant environment while preserving control similar to a traditional on-premises environment. Examples of these controls include restricting the deployment of new resources to specific provider regions and limiting support personnel access based on predefined attributes such as citizenship or a particular geographic location.
Software sovereignty provides customers with assurances that they can control the availability of their workloads and run them wherever they want, without being dependent on or locked-in to a single cloud provider. This includes the ability to survive events that require them to quickly change where their workloads are deployed and what level of outside connection is allowed. This is only possible when two requirements are met, both of which simplify workload management and mitigate concentration risks: first, when customers have access to platforms that embrace open APIs and services; and second, when customers have access to technologies that support the deployment of applications across many platforms, in a full range of configurations including multi-cloud, hybrid, and on-premises, using orchestration tooling. Examples of these controls are: platforms that allow customers to manage workloads across providers; and orchestration tooling that allows customers to create a single API that can be backed by applications running on different providers, including proprietary cloud-based and open-source alternatives.
In working to deliver these capabilities, they must align with how we support customers’ efforts to provide operational transparency and documentation to regulators (e.g., for audits in regulated industries). Our work is an important part of the commitments we make to European customers and policymakers including our core commitment to customer control. My blog has more details on what we are doing to enhance customer control in the cloud.
Building on an open source foundation to enable interoperability and survivability
Certain customers and policymakers don't want to be solely dependent on a single cloud provider to protect sensitive information and deliver critical services. This is an important part of their survivability requirement, particularly in the event that a provider is forced to suspend or terminate cloud services or software licenses.We do not believe it is possible to fully address survivability requirements with a proprietary solution. Instead, solutions based on open source tools and open standards are the route to addressing customer and policymaker concerns and, more importantly, giving customers the flexibility to deploy--and, if necessary, migrate--critical workloads across or even off public cloud platforms.
An open source approach is highly differentiated from vendor solutions that keep customers tethered to a cloud service provider’s proprietary technology stack. At Google Cloud, we collaborate with the open source community to develop many of our services on open source technology and advance solutions that promote interoperability, and we also create new technologies for--and contribute to--the open source ecosystem. We are able to do this by leveraging decades of experience in open source and operating cloud services at scale, including creating and maintaining Kubernetes and Istio. This approach benefits customers by offering greater flexibility and provides ecosystem benefits, such as enabling and empowering innovation and workforce development outside Google. It is also consistent with our belief that openness enables faster innovation, tighter security, and offers freedom from vendor lock-in.
Google Cloud’s open source approach is evidenced in products like Anthos, our hybrid and multi-cloud platform that provides a consistent development and operations experience for multi-cloud and on-premises environments. This approach makes it possible to leverage advanced cloud technologies with the safety net of migrating back to on-premises and operating without provider assistance if necessary.