IBM Cloud provides enterprise sovereign cloud capabilities.

As enterprises increasingly face sovereignty-related geographic requirements, IBM Cloud® is committed to helping customers rise above complexity and drive real change through innovative hybrid cloud technologies. We believe this is especially important with the rise of generative AI. While AI can undoubtedly provide a competitive advantage to organizations that utilize its capabilities effectively, we have identified unique concerns by industry and region to consider, particularly when it comes to data. We strongly believe that the influx of AI-related data will fuel tremendous business transformation. However, strategic considerations are required, including where the data resides, data privacy, resiliency, operational controls, regulatory requirements and compliance, and certification.

With a long history of working with customers around the world, especially those in highly regulated industries, we understand the unique needs your business faces and are ready to help you address new regulatory requirements. Whether your clients in Europe are considering how they can meet the European Cybersecurity Certification Scheme (EUCS) for their proposed cloud services, or your clients in India need to keep their data in-country, we provide the latest updates from regulators. I am continuing to follow. We support our customers by monitoring draft legislation as they make informed decisions based on their specific use cases, risk appetite, data types, threat landscape, business drivers, security requirements, and more.

IBM’s enterprise cloud for regulated industries

With our expertise working with enterprise customers in industries such as financial services, government, healthcare, and telecommunications, we have identified the need for a cloud platform designed with the unique needs of highly regulated industries in mind. We introduced IBM Cloud for Financial Services, which includes an ecosystem of partner banks including BNP Paribas and CaixaBank, to help clients mitigate risk, address regulations, navigate compliance and accelerate cloud adoption. In just a few years, we have helped transform some of the world’s leading banks. And our work doesn’t end here. As our customers continue to face industry-specific challenges, IBM Cloud continues to innovate to help them succeed in areas related to trade finance, payments, high-performance computing, and more.

At the heart of the enterprise cloud for regulated industries is the IBM Cloud Framework for Financial Services®. It was created as a common set of pre-configured automation controls in collaboration with financial institutions to help customers adapt to new industry requirements and compliance obligations. Reduce costs and complexity in an evolving regulatory environment. The framework is continuously informed by the IBM Financial Services Cloud Council, a network of more than 160 CIOs, CTOs, CISOs and risk and compliance officers from more than 90 financial institutions, including CaixaBank, Virgin Money, Westpac and BNP Paribas. It has been evolving. Address new risks and opportunities related to resiliency, third-party and fourth-party risk management, multicloud governance, and data sovereignty.

As we help our customers in highly regulated industries transform with resiliency, performance, security, and compliance as their top priorities, we remain committed to strong compliance with key industry standards, including alignment with the Cloud Security Alliance’s Cloud Controls Matrix, our cybersecurity controls framework. showed. Cloud computing.

IBM Enterprise Sovereign Cloud capabilities designed to help customers manage their regulatory obligations

Building on our long-standing collaboration with customers in regulated industries and the continued growth of enterprise cloud for highly regulated industries, we recognize the growing demand for sovereign cloud and are working with our partners and customers to support the needs of regions such as the EU. came. Saudi Arabia, India, Abu Dhabi, Africa. For example, we are working with Bharti Airtel, a leading telecom provider, to provide edge cloud services to organizations in India, meeting Electronics and IT Ministry requirements to enable businesses looking to leverage edge services and keep their data in-country. Help.

As regulations evolve, we are committed to helping our corporate customers meet their unique country requirements.

1. Data Sovereignty: The Importance of Privacy and Residency

As our customers address their data residency requirements, we are helping them manage their data locally, in specific geographies, and in locations of their choice. We give our customers the flexibility to choose the country or region in which they want to deploy and host their workloads, and we continue to expand our global data center footprint with new locations, such as our new Multizone Region (MZR) in Madrid, Spain.

We are also committed to helping our customers meet their data privacy requirements and provide innovative confidential computing, encryption capabilities, and key management controls. For example, IBM Cloud Hyper Protect Crypto Services has a “Keep Your Own Key” encryption feature designed to help customers have exclusive control of their keys and address privacy requirements, including meeting requirements such as the EU’s GDPR. Provides: IBM Cloud customers can also take advantage of advanced confidential computing data security features to protect their data while it’s in use. This means leveraging the confidential computing environment provided by virtual servers built on Intel SGX as well as IBM Hyper Protect Virtual Servers built on IBM LinuxONE. This helps you protect what matters most and host your workloads in a secure environment.

The IBM Cloud Data Security Broker solution focuses on data privacy and protects sensitive data from cloud management and customers’ data privacy needs through granular field-level encryption, tokenization and anonymization, such as PII data in databases. Designed to support: With these features, we aim to enable our customers to control who can access their data while leveraging the benefits of the cloud. IBM Cloud’s enhanced data protection capabilities aim to help strengthen customers’ sovereignty in the public cloud.

2. Operational Sovereignty: Focus on resilience and operational control

At IBM, operational sovereignty is critical to everything we do, and we believe that ensuring our clients have resilience and transparency at all times is key. For example, the Madrid MZR is designed to provide European and regional resilience between the Frankfurt MZR and the Madrid MZR and vice versa. For customers using IBM Cloud, all provided customer data is stored and processed locally in the region of your choice, such as our EU-based MZR in Frankfurt and Madrid. The IBM Cloud Security and Compliance Center provides customers with operational insights into their security and compliance posture. This includes monitoring how deployed workloads and data configurations meet enterprise security policies, detecting drift in the state of these configurations, protecting workloads, and detecting deployments across cloud-native workloads, VMs, containers, and cloud services. Can be used. This includes the recently introduced IBM Cloud Security and Compliance Workload Protection capabilities that help customers secure their workloads and assess vulnerabilities through rapid identification and remediation. We also offer an EU support model designed to provide an additional layer of protection for customers deploying workloads in Europe.

Finally, distributed cloud capabilities are designed to ensure that not only data but also compute are in the customer’s control, with a focus on running cloud services and applications where data resides, whether in an on-premises data center or at an edge location. It is done.

3. Digital sovereignty: Addressing regulatory requirements and certification

We are also committed to helping our customers comply with geo-specific regulations as sovereignty requirements evolve. For example, last year MZR’s cloud services in Frankfurt and Madrid received Spain’s National Security Framework (ENS) High certification. Similarly, in Germany, customers and compliance advisors can use C5 attestations to help them understand the security controls they have implemented on IBM Cloud, which are designed to meet C5 requirements when moving workloads to the cloud. In Australia we have completed an IRAP assessment for a range of key services and in Japan we are ISMAP certified.

Additionally, the IBM Cloud Security and Compliance Center includes predefined regional control profiles based on industry standards, providing customers with automated monitoring of compliance and security to gain a unified view of the health associated with different domains. We support you to do so. Sovereignty such as data privacy, data residency and resilience. Late last year, we launched several profiles supporting regional standards, including ENS High (Spain), BSI C5 (Germany), and ISMAP (Japan), as well as industry-specific profiles such as PCI DSS v4 and AI Infrastructure Guardrails.

looking ahead

Our progress to date and our commitment to forward-thinking initiatives highlight our expertise in building and delivering the most powerful and resilient enterprise-grade cloud, helping to address the evolving needs of the enterprise and government sectors. By implementing these measures, we aim to bring a greater level of transparency to the adoption of cloud services and help our customers not only comply with but exceed the standards set by increasingly stringent compliance developments.

Learn more about IBM’s enterprise standalone cloud capabilities

Statements regarding IBM’s future direction and intent are subject to change or withdrawal without notice and represent goals and objectives only.