Oracle sovereign cloud solutions: Implement more personnel requirements

This post is part 4 of our multipart series on data sovereignty in the cloud.

In the first three posts of this series, we primarily focused on the technology behind Oracle Cloud Infrastructure (OCI) and how it can support an organization’s sovereign cloud strategy. The most recent article, Control over your data with access management, examined the cloud services that organizations can use to implement a least-privileged access model to enhance their security posture.

We also outlined ways that OCI restricts and monitors the personnel who develop, administer, and support the OCI platform. But when we say “personnel”, who do we mean? Increasingly, customers are interested in knowing who’s on the other side of the keyboard providing cloud support and operations. The short answer is it depends on how you want to use OCI’s distributed cloud to satisfy your business, regulatory, and performance requirements.

As described in our previous posts, Oracle offers various cloud deployment models to meet the diverse business objectives and sovereignty requirements of our customers. Different sovereignty requirements can call for added restrictions on the actual humans working on an organization’s cloud environment. In this article, we focus on the people who perform operations and support at OCI and how they compare between the different cloud offerings.

The difference between operations and support

Before we get into the different deployment models, it might be useful to define what we mean by operations and support. Though they’re often grouped together, these functions are distinct.

Cloud operations provides continuous monitoring of performance and proactively addresses security issues through tactics like logging and patching. For example, one of the teams that is part of OCI cloud operations is the OCI Security Operations team, which is responsible for monitoring and securing the OCI hosting and virtual networking technologies. This team works directly with OCI Engineering to remediate security-related issues. The team monitors emerging internet security threats and implements appropriate response and defense plans to address risks to OCI and its customers. When the security operations team responds to a security threat, they act according to documented processes, and all actions are logged in a secure ticketing system. They apply a high standard of care to protect service and data integrity, privacy, and business continuity.

Cloud support ensures customers can rely on OCI for consistent availability, performance, and management of cloud resources. Based on industry-leading service level agreements (SLAs), Oracle delivers the support and engineering services needed to resolve any issues that prevent consistent performance or customers’ ability to manage, monitor, or modify their cloud resources. The most visible part of this group provides OCI tenants with 24/7 support through the My Oracle Support ticket management application and the skilled personnel needed to triage and resolve support requests in alignment with SLA commitments. Unlike other cloud providers, this level of customer support comes at no extra cost to customers using OCI services.

Understanding OCI’s operations and support models

OCI operations and support models vary between distributed cloud deployment offerings. As mentioned in our second blog about OCI’s realm architecture, Oracle’s realm isolation allows us to offer role-based personnel services based on the customer’s use case and regulatory requirements.

The number of regions in the following table is current as of June 2023. OCI is regularly opening new cloud regions. For the latest details, refer to Public Cloud Regions.

When looking into the various operations and support models that OCI offers, customers want to know which one is the “best.” Ultimately, the answer to the question varies depending on your requirements and the needs of your organization. OCI offers a global team consisting of highly trained cloud engineers that provide 24/7 operations and support to commercial public cloud regions and Dedicated Regions. For most cloud customers, this global team is more than sufficient to meet their business objectives.

However, we recognize that many organizations have unique data sovereignty requirements that might require more restrictions when it comes to who provides cloud operations and support and where they are physically located. For example, regulators in the EU are focusing on data sovereignty and cross-border data transfer issues, which impacts how support is provided, particularly for sensitive workloads.

Let’s look at some of our cloud deployment models and their respective operations and support attributes.

Oracle EU Sovereign Cloud offers cloud regions that are located exclusively within the geographic boundaries of the EU. Both commercial and public sector organizations can use these regions to host their cloud applications and customer data within the EU to meet data protection and sovereignty requirements.

EU Sovereign Cloud operations and support personnel have completed identical training and skills curriculum as OCI’s global operations and support team and have the following attributes:

• EU residency: Personnel that provide customer support, data center support, and data center operations for EU Sovereign Cloud are required to be EU residents.

• Employed by separate legal entities: Personnel are employed by Oracle EU Sovereign Cloud entities located throughout the EU that are responsible for customer support, data center support, and data center operations needed to support the EU Sovereign Cloud data regions.

• Separate support request system: Personnel provide customer support for issues, such as troubleshooting, password reset, and ticket management. This ticketing system is contained within the EU Sovereign Cloud realm and separate from other OCI realms.

EU data residency combined with realm isolation and local support and operations provides customers enhanced separation from OCI’s other public commercial cloud regions and increased protection from extraterritorial law enforcement requests.

Oracle Cloud for Government is a cloud deployment model providing the full OCI service portfolio, designed to comply with the specific security, compliance, and sovereignty requirements of national governments. OCI operates cloud regions for the US, UK, and Australian governments.

Government region cloud operations and support personnel have completed identical training and skills curriculum as OCI’s global operations and support team and have the following attributes:

• Residency: Personnel must comply with residency requirements set by the government

• Security clearance: Personnel might need to hold specific security clearance requirements, such as SC Level Security Clearance in Oracle Cloud’s UK government regions.

• Separate support request system: Local security-cleared personnel provide customer support for issues such as troubleshooting, password reset, and ticket management. This system is separate from other OCI realms.

These restrictions offer government and public sector organizations added trust in the individuals who are providing support and operations.

Oracle Cloud Isolated Region is a secure, air-gapped OCI solution designed to meet the highest demands of global customers’ mission-critical classified workloads. Isolated Regions deliver compute, security, storage, and networking services in an on-premises environment, which is disconnected from the internet at the location of the customer’s choosing. These regions offer the same services as public Oracle Cloud Regions. Dedicated to serving governments and safeguarding global defense missions at hyperscale, this innovative cloud solution includes a fully integrated infrastructure with infrastructure, platform, and software as a service (IaaS, PaaS, and SaaS).

Isolated Region operations and support personnel have completed identical training and skills curriculum as OCI’s global operations and support team, plus more training to function within a government’s classified and air-gapped environment. Unique differences with the Isolated Region support model include the following examples:

• In-country residency: Personnel are physically located within the country in which the region is located.

• Citizenship: Personnel are citizens of the customer’s respective country.

• Security clearances: Personnel might require and maintain the customer-defined security clearance level.

• Dedicated team: Personnel provide exclusive support and operations for a single customer.

• Separate support request system: Local security-cleared personnel provide customer support for issues such as troubleshooting, password reset, and ticket management. This system is separate from other OCI realms.

• Joint operations: The customer can provide staffing for joint operations for all roles in the country in which the region is located.

Isolated Regions offer government organizations OCI’s highest level of control for their operations and support model. This approach is designed to ensure that a government’s most critical and classified data is safeguarded, SLAs are achieved, and the customer is mission ready 24/7.

Getting started with Oracle sovereign cloud solutions

Having tightly implemented access controls is only one aspect of imposing personnel requirements. Going a layer deeper and selecting who performs operations and support, including where they’re located, can also be vital components of an organization’s sovereign cloud strategy.

For years, US and UK government customers have trusted OCI to provide sovereign operations and support for their sensitive workloads. We’re now taking this expertise and applying the same methodology and rigor to deliver sovereign operations and support for other cloud offerings like our newly launched EU Sovereign Cloud regions. We already provide a separate operations and support model, and we will adapt our model to other requirements that may arise as EU data sovereignty regulations and requirements evolve.

OCI was built with security at its core, and we’re committed to supporting our customers to mitigate and manage any compromises to their data sovereignty. In our next article of this series, Secure your data with enhanced cryptographic solutions,  we explore OCI’s enhanced hardware and software security and how they protect our virtual and on-premises assets.

If you have any questions about sovereign operations and support or want to learn more about Oracle sovereign cloud solutions, contact one of our representatives. To learn more about the various deployment models that Oracle Cloud Infrastructure offers, see the following resources:

• Oracle Public Cloud Regions

• Oracle EU Sovereign Cloud

• OCI Dedicated Region

• Oracle Cloud Isolated Region

• Oracle Alloy