This blog is part 2 of our multipart series on data sovereignty in the cloud.
In the first post of this series, Choose where your data is located, we discussed the importance of location in relation to data sovereignty. The article provided an overview of the Oracle Cloud Infrastructure (OCI) public and dedicated deployment models and the growing customer demand for more control over the physical location where data is stored. For some customers, the need for data residency ties back to business objectives around data availability, while others are subject to regulations that mandate geographic restrictions.
Where you locate your data is only one piece of a larger digital sovereignty strategy. The next factors to consider are assurances that your data remains in the physical and logical environments that you selected. OCI provides this technical assurance by grouping regions and then separating these groups of regions through strict geographic separation and physical and logical network isolation. This separation allows OCI to implement different operational processes, further enhancing customers’ ability to maintain sovereignty over their data. At OCI, we refer to these separated groupings of cloud regions as realms.
A realm is a logical collection of cloud regions that are isolated from each other and do not allow customer content to traverse realm boundaries to a region outside that realm. Each realm is accessed separately. OCI has multiple realms, including a commercial public cloud realm, multiple government cloud realms for the US and UK, and the Dedicated Regions from each customer are contained within their own separate realm. Later in 2023, Oracle EU Sovereign Cloud will exist within its own realm, separated from other cloud realms.
A realm enables Oracle to provide defined capabilities across regions that meet the specific regulatory requirements of different organization classifications.
OCI’s unique isolated realm architecture simplifies and strengthens data sovereignty and controls, where other cloud providers might rely on customer-controlled policies or confidential computing. While OCI also offers these features, we make sovereign cloud governance simpler with operations, support, and policies that can be distinct from Oracle’s commercial operations.
You access cloud resources and services through your cloud tenancy. Your cloud tenancy is a secure and isolated partition of OCI, and it only exists in a single realm. Within this tenancy, you can access services and deploy workloads across all regions within that realm by default, although you can set policies to restrict this access.
By design, however, you can never access regions outside the realm of your tenancy. For example, if you have a tenancy in OCI’s commercial public cloud realm, you can run workloads in any of the commercial regions. However, you can’t access OCI’s EU Sovereign Cloud regions because they’re in a separate realm.
Regardless of which deployment model or realm your tenancy resides, Oracle’s Everything Everywhere approach ensures that the same OCI services, regardless of realm, are available to accelerate your cloud innovation strategies.
From the start, you select the data region in which you locate your tenancy. By design, a tenancy exists in a single realm and can access all regions within that realm. Each realm has its own control plane and data plane, and so you can’t access regions that aren’t in your realm. Hosted data remains within the cloud regions of a realm by default and can’t be moved to a different region outside of that specific realm.
Oracle government and defense customers trust OCI’s realm architecture to provide the capabilities to meet their specific security and compliance needs, and we’ve applied this same methodology across public and dedicated cloud realms.
The number of regions in the following table is current as of May 2023. OCI is regularly opening new cloud regions. For the latest details, refer to Public Cloud Regions.
For Oracle’s EU Sovereign Cloud, launching in 2023, its realm is initially comprised of two cloud regions in Germany and Spain. These regions are completely separated from all other Oracle Cloud realms, including the seven other commercial regions already operating in the EU.
As depicted in the following image, the data flow (identified by green arrows) doesn’t extend beyond the logical confines of the realm itself and is limited to within the realm. The isolation of the EU Sovereign Cloud realm from the commercial public cloud realm allows Oracle to restrict support and operations personnel to EU residents, including physical and logical access to the realm. The hardware and assets used to provide these cloud regions are owned, operated, and managed by EU legal entities that are separate from the existing global Oracle entities, including those in the EU. This design provides added assurance that all aspects of managing and hosting data in the EU Sovereign Cloud stays within the EU.
Now let’s talk about the technical benefits a customer, such as a government agency or EU member state, could expect when running their workloads in the EU Sovereign Cloud realm.
One common risk that blocks EU member states from migrating workloads to the public cloud is losing control of their data locality. In fact, EU organizations might be concerned with data flowing out of the EU or getting replicated to a physical resource, such as a server or a backup drive located outside the EU, and the potential implications of extraterritorial laws, such as the US CLOUD Act.
Thanks to the Oracle EU Sovereign Cloud realm, EU organizations can have access to a unique architecture that provides a clear, simple separation of operations from commercial regions to help meet heightened compliance requirements. The technical mechanisms of realm isolation and governance are in place to maintain hosted cloud content within the EU.
The EU Sovereign Cloud realm contains two regions at launch. You can choose to run in a specific single region of the EU Sovereign Cloud realm or run in both regions, depending on your specific business requirements. A low-latency network between regions allows applications to span multiple regions and offers resilience if a geographical region-wide disaster occurs, while still maintaining hosted data within the boundaries of the EU, despite the disaster.
As organizations’ data sovereignty needs vary, so too do the approaches they take to satisfy them. For some, the ability to control the geographical location where the data is stored might be sufficient. Others might find that their data sovereignty strategy requires more layers of control. As mentioned in our previous post in the series, data sovereignty ultimately revolves around this idea of control—giving access to data to people who need it and restricting access to those who don’t. Oracle’s use of realms falls into the second category by limiting the flow of data between the realms of different deployment models. If they don’t need to be connected, why connect them?
Realms are just one of many sovereign-enhancing options, though. Oracle Cloud Infrastructure offers many solutions for customers looking to implement a strong data sovereignty strategy, whether in a public or dedicated cloud deployment.
Our next blog in the series, Control over your data with access management, discusses the importance of having control over who can access your data and ensuring data availability and portability for authorized users. Both Oracle’s public and dedicated deployments have features that can support these sovereignty objectives.
If you have any questions about realms or want to learn more about Oracle sovereign cloud solutions, contact one of our representatives. To learn more about the various deployment models that Oracle offers, see the following resources: