Thales Blog

Oracle's EU Sovereign Cloud and Thales CipherTrust: A New Era of Digital Sovereignty

December 14, 2023

Scotti Woolery-Price Scotti Woolery-Price | Partner Marketing Manager, Thales More About This Author >

Earlier this year, Oracle launched its External Key Management Service with Hold Your Own Key (HYOK) functionality from Thales. Oracle’s initiatives include the EU Sovereign Cloud service as well as Distributed Cloud Services such as Oracle Alloy and Dedicated Region – Cloud at Customer solutions.

As an industry stalwart, Oracle is asserting itself as a thought-leader in this conversation by positioning itself and its offerings as providing both industry-leading security and increased customer control. Oracle’s offerings sit at the foundation for most large enterprises to contain an organization’s most sensitive, critical data. Migrating to the cloud is fundamental to a 21st century strategy for most enterprises. However, for many customers the regulatory requirements covering this sensitive, critical data are a significant obstacle in making the move to the cloud.

Oracle’s EU Sovereign Cloud

Oracle’s initiative directly addresses the data sovereignty concerns of its customers as they relate to the cloud. Oracle’s EU Sovereign Cloud is 100% European, securing European customers’ legal, jurisdictional, and geographical sovereign cloud compliance with local subsidiaries, data centers, and staff running the day-to-day operations.

Why is data sovereignty such a concern in the European Union these days? The EU-U.S. Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, including limiting access to EU data by U.S. intelligence services to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC), to which EU individuals will have access. However, past agreements have been successfully challenged in courts for insufficiently protecting user privacy. It is likely that the most recent privacy framework will likely also be challenged. Organizations want to exert greater control over their data in the face of regulatory uncertainty of trans-Atlantic data transfers. No organization wants to be caught between conflicting legal obligations.

Oracle’s EU Sovereign Cloud offering will keep data 100% in the European Union. Designed around European data centers owned by European subsidiaries, Oracle avoids conflicting legal obligations. It allows European customers to ensure they are subject only to familiar European laws and their compliance obligations.

Oracle’s Distributed Cloud

OCI has several configurations where all of their features and services are available regardless of the cloud infrastructure. In addition to the EU Sovereign Cloud, OCI has introduced:

  • Dedicated Region – Cloud at Customer option, which is a complete OCI cloud region in the customer data center that offers the agility, scalability, and economics of OCI public cloud.
  • Oracle Alloy, which is a new offering enabling organizations to become cloud providers and offer cloud services built on OCI to their own customers.

Thales CipherTrust Cloud Key Management

Oracle opted to work with Thales to ensure customers have an even greater level of control. As the industry leader in encryption and key management technology, Thales is well placed to support organizations in securing their data, ensuring control of that data, and demonstrating that control to the auditors or regulators of their choice. Thales joins Oracle’s EU Sovereign Cloud launch with (Hold You Own Key - HYOK) functionality on its CipherTrust Cloud Key Management (CCKM) multi-cloud key management platform.

HYOK from Thales CCKM gives organizations the ability to store their Oracle Cloud Infrastructure keys externally from the Oracle Cloud. Offered initially on Thales’ virtual or physical CCKM appliances (and later in CipherTrust Management as a Service), organizations will be able to determine themselves where they would like their encryption keys to be stored. By using Thales CCKM, organizations will have the flexibility to decide if they would like to store their keys in a FIPS 140-2 Level 3 appliance to meet industry specific requirements. They will have the flexibility to choose where to locate encryption keys to ensure their data can’t be read outside of certain national boundaries. And organizations will have the ability to store and manage those keys in addition to keys they may be using for other on-prem or cloud use cases.

Customer ownership and control of encryption used in the cloud is important because it keeps customers at the center of any conversation regarding their data. As a service provider, Oracle may receive legal requests for customer data. By controlling the encryption keys to their own data, customers ensure that data will remain encrypted until they provide the necessary encryption key. Therefore, customers can continue to retain the ultimate control and ensure that decisions about their data can’t be made without them. Traditionally, organizations enjoyed this level of control over their data as it resided in customer-controlled data centers. Now, through the Thales - Oracle partnership, organizations can use encryption and key management to ensure that same level of control as they use Oracle’s EU Sovereign Cloud.

Digital sovereignty is just another way of expressing the customer’s desire to be in control of their destiny. Fortunately, Oracle is leading the way with its EU Sovereign Cloud offering and with collaboration with industry leaders such as Thales.

Download the Thales CipherTrust Cloud Key Management for Oracle Cloud Infrastructure Solution Brief or contact a cloud security expert.

You can also visit us in 2024 during the Oracle Cloud World Tour in Dubai, London and Milan.