On this episode of Six Five On the Road, host Daniel Newman is joined by Amazon Web Services’ (AWS) Max Peterson, Vice President of Sovereign Cloud for a conversation on the critical and evolving topic of digital sovereignty and how AWS is navigating these challenges and opportunities.
Their discussion covers:
- The definition and importance of digital sovereignty in today’s tech landscape
- How AWS is leading the conversation and providing solutions for digital sovereignty
- The balance between global cloud services and local data governance requirements
- Future trends and predictions for the cloud industry in the context of digital sovereignty
- Insights into AWS’s partnerships and collaborations to enhance digital sovereignty capabilities
Learn more at Amazon Web Services.
Watch the video below, and be sure to subscribe to our YouTube channel, so you never miss an episode.
Or listen to the audio here:
Disclaimer: The Six Five On The Road is for information and entertainment purposes only. Over the course of this webcast, we may talk about companies that are publicly traded and we may even reference that fact and their equity share price, but please do not take anything that we say as a recommendation about what you should do with your investment dollars. We are not investment advisors, and we ask that you do not treat us as such.
Transcript:
Daniel Newman: Hey everyone, welcome back to another Six Five podcast, Daniel Newman here, CEO of The Futurum Group sitting in as the host today for this Six Five On the Road. We’re going to be talking about navigating digital sovereignty, and we have a special guest. We have AWS’s Max Peterson joining us. Max, welcome to the show. I think long time listener, first time caller?
Max Peterson: Yeah, I think you nailed it right there. Long time listener, first time caller. I saw you at re:Invent last year.
Daniel Newman: Yeah, and I look forward to seeing you again at re:Invent each and every year, always a great one. How many hotels is it going to be this year? 3, 4, 8? Every year it just gets bigger and bigger and bigger. That just goes with the, what, 19% recent growth and tracking quickly towards $100 billion a year revenue. Very, very exciting times. But Max, we’re going to talk about something that I personally think is really important today. If anyone out there that doesn’t follow my social streams, especially X, but also LinkedIn, you know that I am deeply interested in what’s going on with data, privacy, AI, the proliferation of data is creating all kinds of opportunities and complexities. Enterprises have to figure out how to move data around, where to place it, what the rules are in different markets, and then of course they want to stay within their lanes, but at the same time deliver world-class experiences to their customers. That is really, really hard. And Max, we’re going to unpack this a bit today, but before we jump into this and we dive deep into the digital sovereignty area and space, give us a little background, talk a little bit about the work you are doing over at AWS.
Max Peterson: Yeah, sure. Well, I started in the tech industry three decades ago and for the last 12 years I’ve been here at AWS. The start of my AWS career was all around our worldwide public sector business so I’ve got a lot of experience in terms of customer requirements and compliance and security schemes and helping some of our most security conscious customers be able to move mission workloads to the cloud. While I was working in the public sector business, I was based out of the UK for about five years running our international public sector group. And then starting in 2021, I took over all of the worldwide public sector.
And then I was thrilled in October of last year to take on a new role as the Vice President of Sovereign Cloud. And I’ve got an incredible responsibility, when you talk about customer’s needs to be able to continue to innovate while also maintaining the security, the control and the sovereignty. I mean, that’s my job description, make sure that our customers have the most advanced set of sovereignty controls and privacy safeguards and security features that are available anywhere in the cloud. And it’s all to do with what you just said, it is to give customers control without compromise. They don’t want to deal with small feature limited clouds, they want all of that capability, they need the foundational security and they need to be able to keep innovating while meeting those compliance and regulatory schemes.
Daniel Newman: And for anybody out there that isn’t super familiar with all of the technical jargon that we really can’t avoid in some ways when we’re talking about this stuff, it’s kind of like tax, I’ll say, for instance or law. In different countries they have different tax codes, in different countries they have different laws, and companies that are operating globally have to respect that in every different market in which they’re participating. And so in an era of data, even we can even predate AI where you’re just offering services and people are consuming or buying from say an Amazon, when someone’s buying something in Amsterdam versus someone buying something in South Africa versus someone buying it in the US, there’s some different protocols about how data’s collected, how a transaction is completed, how the ongoing advertising that you can do with those customers needs to be managed. And so for most of your clients, and we’re going to talk about this, they need a partner, a cloud provider that actually can solve a lot of those problems without having to go to a different provider in South Africa and a different provider in the Netherlands and it’s very growth limiting. And so your job is to help solve that, your org.
So I’m sort of teasing it out and hopefully I’m not taking too much of your thunder away by trying to simplify this for people, but I imagine the fact that this role was created for you is indicative of the seriousness in this particular area. What are you hearing and what are the changes that really drove this from a need… I mean, I was hearing about sovereign cloud for a decade, Max, this isn’t new, but what has changed in the last couple of years that’s made this such a priority?
Max Peterson: Yeah, sure. I think that the thing that started this was when the free flow of data between the US and the EU was interrupted by the Schrems II challenge. And all of a sudden that was really the thing that started people thinking about digital sovereignty. It was quickly followed by Russia’s invasion of Ukraine. And so I think it was those two factors that really made this become something that organizations around the world are now concerned about when they’re making their selections for cloud service providers.
And it’s something that at AWS we’ve been focused on for a long time. When we talk to customers about what their needs are, they really talk about data security and data residency and control, they talk about making sure that they have operational control of their systems and their data on the cloud, they’re focused on security and resilience. And finally, they really want the sort of transparency and independence in the way that they use the cloud and the way that partners can build on the cloud to meet their needs. We’ve seen this happen most specifically in highly regulated industries and in the public sector like government customers around the world.
Daniel Newman: Yeah, I’m glad you brought that up, Max, about the regulated industries because I give a few examples that were not necessarily, but when you think about what I mentioned as sort of things that are required and what you mentioned, just think about, I don’t know if this will age me, you said you’ve been in it three decades. I’m younger than you, but I’m older than-
Max Peterson: Congratulations.
Daniel Newman: I’m older than I like to admit. But when you look at what I said, and we used to say something like turn the volume up to 11, remember those dials and there used to be a fixed dial on a volume, regulated industries create exponentially more complexity. So in areas like healthcare, in areas like financial services, when you’re actually talking about transaction data or when you’re looking at things like HIPAA, and by the way, there’s a version of HIPAA in every country in the world, it gets really, really hard. So let’s dig a little deeper into the customer lens. What are the requirements? I kind of heard you say something along the lines of they want one throat to choke, I’m oversimplifying it, but what are you hearing and what are the things that you’re doing to sort of make AWS the only stop they need, we can debate multi-cloud later, the only stop they need to get all the digital sovereignty or all the sovereign cloud requirements that they’re looking for?
Max Peterson: Yeah, certainly the first stop that’ll make it easiest for them. Well, you hit the nail on the head, right? One of the challenges is there is no single definition of digital sovereignty. And that’s because it is all in the context of the country, the industry, and the regulatory environment that you’re operating in. And so that’s why I say we’ve talked to regulators for over two decades in all of those industries you mentioned. So we’re very well accustomed to meeting customer specific compliance needs. So when the conversation about digital sovereignty started picking up steam, we started having a lot of conversations with customers and partners and regulators. And this is where we did distill the key themes that customers are concerned about into a handful of items that we can address for them, and frankly meet the compliance requirements while we reduce the burden of doing that so they can focus on the business, the customer, and innovation.
And here’s what it comes down to, one of the very first things that people want to make sure that they’ve got ironclad control over is their data. They want to make sure they get absolute control over data location, that they have implemented the proper controls for data security and that they know and they can validate where their data is stored and if it’s transferred at any time. So that whole discipline around data is super important. And this is where AWS shines. We were the first cloud service provider to be able to provide customers with that level of visibility in any of our regions anywhere around the world. The second one comes down to they want to make sure that they can restrict operator access so that they’re certain that neither AWS nor a foreign adversary nor a cyber criminal can get access to their systems and their information on the cloud.
And again, this is where AWS has an exceptional amount of experience and very fine-grained controls that customers can configure on the AWS cloud. And as we mentioned, for customers that are running vital systems like healthcare systems or governments that are running mission systems like tax or borders, it’s absolutely essential that not only do they have resilience, so the cloud is designed for highly resilient, highly available operations, but they really now need survivability. They need to make sure that in a worst case natural disaster or a worst case political disaster, they’re able to continue to run and operate these mission-critical systems anywhere around the world.
And the fourth and the final one really is that they’ve got a partner who gives them the transparency and independence to be able to use the systems on the cloud or to be able to combine them with local partners who deliver additional key capabilities. They don’t just want virtualized infrastructure, they want the whole cloud experience, all the software, the services, the security that goes with it.
Daniel Newman: Yeah, there’s a scale requirement to get that done for sure. Like you said, you can sort of cloudify something, but when you do get in market in region and where you have very specific data residency requirements and then you have something happen in that particular region, sometimes you actually might need to go into a data center and put your hands on a piece of hardware. I know the idea is like, look, just one control plane and everything happens, but that’s what it does when it’s working correctly, that’s not what happens when something goes wrong, and inevitably it does go wrong and something goes wrong. And the biggest companies in the world are all dealing with everything from outages to ransomware attacks to denial of service attacks, and these companies need to get back online quickly.
You talked about resiliency, you talked about security, and there’s a lot of point solutions for resiliency. You partner with a lot of the companies, but there’s a lot of security companies that literally point solutions can mean two different things in this case. But as a whole, the cloud can be an enabler of all this. You can democratize it through partnerships and through the services at AWS. Talk a little bit about how your customers are approaching cloud to meet those cyber and resiliency needs.
Max Peterson: Yeah, well, it’s interesting what you said about what do you do when crisis strikes. I’ll pull a page from the very real live story that we’re seeing in Europe with the worst crisis in Europe since World War II. And that was literally days before the invasion, we were working with the Ukrainians to help them secure their systems. And they took the very important step that governments and regulators need to remember, and that’s where they gave themselves the authority to use the cloud and store their data wherever it was necessary. So a lot of customers shackled themselves to just inside of country boundaries, that would’ve been a mistake here.
And so what we did was we sent in AWS edge infrastructure devices, these things called snowballs to the Ukrainians who were able to get all of their systems, 60 petabytes of data, in fact even commercial industry systems like Privet Bank migrated all of this to AWS in days so that they could have that survivability and continue to serve the needs of citizens and the commercial services. And so edge infrastructure plays an important role in this overall discussion about digital sovereignty.
Another example of how we give customers options that meet their specific needs, we announced this in August of 2023, it’s called AWS Dedicated Local Zones. We’ve got customers with significant parts of their digital estate running on the AWS cloud, and sometimes they’re blocked by these compliance or regulatory schemes. In the case of Singapore, very advanced, their Singapore digital government group had migrated the bulk of their work to the cloud. And yet when it came to their statutory requirements to protect more sensitive data, we had to partner with them and come up with a way to give them AWS cloud infrastructure that had the same characteristics but could be operated inside of their physical data centers and where they could, because it was a dedicated cloud infrastructure, where they could implement physical security and operational controls that were uniquely prescribed for the Singaporean government in this case.
And so as you are probably well aware, a lot of the work that we do is working backward from these customer requirements. And in this digital sovereignty space, it’s really important that we continue to talk to customers and regulators all around the world and we’ll continue to innovate on their behalf so that they don’t get slowed down.
Daniel Newman: Yeah, I like how you sort of broke that apart, and I heard you say something, you do a lot by sort of looking and working backwards from the customer’s needs. But as part of this podcast, when I have great guests like you on, I always want to also look forward. And so as we kind of head into the future, the amount of different research that I could produce on this topic is just spinning in my brain because this is a problem, you kind of thinking you’re a tech guy like I am, there’s micro problems and macro problems, this is a macro problem that people are trying to account for is like, how do I basically build a global enterprise in the future and meet all these complexities?
And by the way, AI, it’s like rocket fuel for the complexity here because everybody wants to go super-fast and the risks are just… It’s like you just watched the Olympics probably somewhat recently depending on when exactly you’re listening to the pod, but you’re watching the hurdles, the sprinters don’t look as fast with hurdles. You put the hurdles in the way, they look slower, they do the steeplechase, you put the water. This looks like the steeplechase you’re running through and all of a sudden you’ve got the river in front of you. But what are the trends that you’re seeing in this space going forward? And what are you recommending to customers that want to prepare and be in the best position to deal with all of this complexity?
Max Peterson: Sure. Well, the first thing is customers want to be able to continue that drive to innovation that you talked about. And so they need to do it in a manner that meets the various regulatory and compliance schemes. But what they need to do is they need to sit down and really consider what those data classification requirements are. Some organizations make the mistake of over-classifying everything they’re doing, and so they push themselves into a very small envelope. We don’t believe that’s the right solution. We think customers should be able to have all of the control that they need that we talked about earlier, and be able to do it in a scalable fashion across a range of cloud infrastructure.
So using the standard AWS commercial regions around the world, which provide the highest level of availability and security, there’s more than 33 current cloud regions, there’s more than seven additional cloud regions announced. So this gives the customers who use those digital sovereignty controls and our sovereign by design approach all the power they need, including for AI. I think the second trend that we’re seeing is we’re seeing that customers want to be able to have this verifiable control, and so they want the providers to be able to show them and get third parties to attest to the features that we’re talking about. One really important one is the AWS Nitro system. And so Nitro, we started working on that a decade ago, it now powers all of our modern EC2 instances. And what it does is it provides an exceptionally strong physical and logical security boundary. And in fact, we back up that architecture by having a third party evaluate it, an independent third party called the NCC Group that gives the customer a third party validation of the tech.
And then the other thing that we did is we backed that up by then incorporating it into our AWS customer agreements, our contract agreement with customers where we say that AWS has no means to read copy, extract, or modify or otherwise access any of the data on these EC2 instances. And we’ve gone further than that in the area of encryption. So customers that are serious about protecting their data and are serious about achieving some of the digital sovereignty requirements around the world are going to use encryption everywhere. And so AWS makes it easy for them to have choices.
The AWS KMS system generates and manages all that complexity and does it on AWS on their behalf. For those customers who have a data requirement for a different boundary, they can use AWS Cloud HSM. That gives them a hardware security module that only they get access to so they can generate and store and manage their keys. And that’s good for a different set of customers, a different set of compliance. But some customers want to be able to take encryption out of the hands of AWS and they want a third party or themselves they want to manage those keys externally because without the keys, this is a means for them to prove that they and only they have control of their data, and that they have this operational control boundary that’s in their hands and not in the hands of the cloud service provider. That’s what our AWS XKS offering is all about.
And the other benefit to that is it builds capability in our partner ecosystem. And so we had a number of partners who are now building sovereign managed service capabilities on top of AWS for the benefit of different national markets or different vertical markets or different compliance schemes, companies like Talis or Deutsche Telekom, a number of other ones.
Daniel Newman: So Max, speaking of sovereign clouds, AWS just announced a pretty substantial effort across the EU. Tell us a little bit about the EU Sovereign Cloud or what AWS is doing there.
Max Peterson: That’s super interesting. In fact, AWS announced that we’re going to make a 7.8 billion Euro investment generating some 2,800 jobs to build the first region of the European Sovereign Cloud in Brandenburg, Germany. It’s a new and fully independent region that has its own identity and access management, its own billing systems, its own control systems. Also, it delivers a level of operational independence that our government customers and highly regulated customers in Europe need. And this is a full scale independent AWS region. So customers will get 100+ plus services including importantly AI services like SageMaker and Bedrock and Amazon Q, all in the European Sovereign Cloud, all with the additional protections that some customers look for when they talk about digital sovereignty.
Daniel Newman: Yeah, I have a feeling that’s going to be a really big topic because the complexities in Europe tend to be substantial if not exponential compared to other regions. And often while the US might be known for driving the front end of innovation, EU tends to be driving the speedy end of regulation and this is going to be an area for us to watch closely.
Max Peterson: And we’ve got to figure out how to help customers meet both of those needs, and that’s what we’re squarely focused on.
Daniel Newman: All right, so this is the speed round, Max, the crystal ball. You gave me the outlook, the recommendations, but I’m going to double click here, I still want the trends. What are the big ones? Give me 2, 3, 4, what are the big trends in digital sovereignty?
Max Peterson: All right, I’d say quickly these. As you mentioned, the standards around sovereignty are emerging. I’m really hopeful that we get some agreement around what digital sovereignty means, and I’m looking forward to finalizing, for example, the EU Cybersecurity Scheme or EUCS. That would be one. The second one is we’ve touched on generative AI and AI in general. I think this space is going to get a lot of attention as customers make sure that they really understand how they maintain control and security when they’re talking about training large language models to operate on potentially sensitive systems, systems that are a matter of national government or systems that are a matter of highly regulated industries like healthcare.
And I think the third one is a little bit about back to the future. And that’s where customers are discovering, again, that security is really the foundational element there. And AWS has been a leader in securing the cloud now for nearly two decades, and you’ll see that we’re now using different types of advanced AI security tools, like Mithra we talked about, to be able to help detect and counter the cyber threats that are out there for customers. So I think those are three things that you’re going to continue to see a lot of activity around and certainly that we’ll be focused on for our customers and our partners.
Daniel Newman: Outstanding. I put a bunch of thought leadership out there about what you were doing with enclaves or very early on, and I thought it was very forward-thinking about sort of how to deal with that sort of data encryption as it relates to who touches and who manages and making-
Max Peterson: Confidential computing.
Daniel Newman: Right, confidential computing, which has been a little quiet, but it’s still a really important topic that’s going to require more conversations. And speaking of more conversations, Max, I’d love to keep chatting to you, perhaps have you back on sometime soon. Let’s definitely get together at re:Invent, talk more about all the things that are going on with digital sovereignty. Look forward to following your thought leadership. Check out the show notes everybody, and learn more about Max and what he’s doing over at AWS. And we will have more coverage here on The Six Five with AWS, great partner here on The Six Five, but for now, I got to go, I got to say goodbye. Thanks all for tuning in, we’ll see you soon.
Author Information
Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.
From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.
A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.
An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.