> if you're a government official in the UK, Poland or Germany, would you be recommending AWS as your cloud provider?
They don't. Sovereign cloud in EU has been progressing for a few years now.
Such that some of your mentioned "unbeatable" hyperscalers have already been positioning (e.g. ceasable infrastructure), and some interesting new players on the block. As well as old benefiting from the related market positions: https://www.oracle.com/cloud/eu-sovereign-cloud/
The way they are doing it is entirely air gapped systems, run by totally independent companies (not subsidiaries, totally separate legal entities owned and run by other people) that are effectively licensing the software.
So the US legal system can say "give us this data" but they don't have access as they are on another company's servers in another company's data center operated by another company's staff.
> So the US legal system can say "give us this data" but they don't have access as they are on another company's servers in another company's data center operated by another company's staff.
US institutions don't hesitate to demand their companies to implement secret backdoors in their hardware or software, as evidenced by Snowden's leaks (for Cisco routers) and the Lavabit shutdown (mail company ordered to implement a tap on their clients' data).
Sure, you can have all you described, but how are updates vetted?
Yeah it is a risk, but so is it a risk for anything. Can you really trust the CPU, RAM, BIOS, USB-C cable etc on your desk? Maybe those have backdoors too?
But that is adversarial and is to be expected.
At least for these sort of cooperative partnerships that I am aware of in enterprise, there are typically provisions in contracts for code-access, verifiable builds, ability to reject updates and so on and so on. I don't know if these provisions exist in the sovereign cloud contracts that the cloud companies are building, but I would be really surprised if they went to all this trouble replicating Azure/GCP/etc in entirely air-gapped data centers with duplicated staff and hardware and all that, but don't bother to vet the code they get!
The US state just ask the UK GHCQ to get the data to them instead. That's what they already do for decades, and likewise the GHCQ gets the US data. Under the national security umbrella, so they'll deny any data exchanges. With Germany the figure is known to be 10%. With the UK the figure is 100%.
The EU should really fight these illegal circumventions
Disagree, location matters. It should be technically feasible to implement a code freeze (in software, or hardware) in a sovereign system when external partners’ motives become questionable. That being said in all likelihood that capability is cost prohibitive (speculation), but still co-location is a pre-requisite.
Cloud is going be far easier to transition for most companies compared to Office, Browsers, OS and Hardware. There are basically no non-american competitors, and so many companies deeply relying on the tech don't have the IT capacity to implement something OSS like Linux.
Yes, but if the government were to spend say 10% of their GPD on defense and infrastructure (Hi, German!), some of this spending might be in grants/tax breaks to help companies make this transition.
I think you underestimate what a capitalist system can accomplish, and how quickly.
"Sovereign cloud" is AWS/G-Cloud/Oracle/Azure, but promising to put your data in London if you're the British state, or Frankfurt if you're German and so on...
It's a cute little badge that does very very little to address the real concerns.
They don't. Sovereign cloud in EU has been progressing for a few years now.
Such that some of your mentioned "unbeatable" hyperscalers have already been positioning (e.g. ceasable infrastructure), and some interesting new players on the block. As well as old benefiting from the related market positions: https://www.oracle.com/cloud/eu-sovereign-cloud/