Advancing sovereignty, choice, and security in the cloud for our customers in Canada

Canadian organizations are navigating complex and evolving digital sovereignty questions, while seeking the advanced infrastructure, agility and security of the cloud. Like most organizations, Google Cloud is continually engaging with customers, partners, and policymakers to deliver technology capabilities that reflect their needs. When it comes to digital sovereignty solutions, Google Cloud has worked with customers for nearly a decade. We’re pleased to share details on our technical and commercial sovereign cloud solutions available to our Canadian customers, and details on how we’re helping them achieve greater control, choice, and security in the cloud — without compromising functionality.

Building on the first sovereign solutions we introduced years ago, we’ve massively scaled our infrastructure footprint globally, consisting of more than 42 cloud regions, 127 zones, 202 network edge locations, and 33 subsea cable investments. This includes two Cloud regions in Canada, in Toronto and Montreal, with three zones in each, and a subsea cable connecting Canada and Asia.

A commitment to customer choice

We understand that an organization’s sovereignty needs vary and can evolve over time. At Google Cloud, we’ve long been committed to giving our customers flexibility and choice from a wide range of technical controls to meet their needs, and not locking them into a single option. Sovereignty is not one-size-fits-all. We offer customers a portfolio of solutions that align with their business needs, regulatory requirements, and risk profiles.

Our strong contractual commitments to our customers are backed by robust sovereign controls and solutions. Our sovereign cloud solution portfolio includes:

Google Data Boundary

Google Cloud Data Boundary gives customers the ability to deploy a sovereign data boundary and control where their content is stored and processed. This boundary also allows customers to store and manage their encryption keys, which can help customers meet their specific data access and control requirements no matter what market.

Let’s look at the specific data boundaries designed for Canadian customers:

• Data Boundary Tailored for Canada: This regional data boundary enables customers to enforce strict data residency and access controls to store and process their data locally within Canada-only regions. It also includes the option to have technical support provided by Canadian personnel located in Canada.
  
• Data Boundary Tailored for Government of Canada Sensitive Workloads (up to Protected B): Google Cloud has been working with the Canadian Government for several years, and was awarded a Cloud Framework Agreement in 2020 to support customers with workloads up to Protected B. The Canada Protected B boundary sets data residency within Canada-only regions and technical support services are provided by Canadian personnel who have completed Reliability Status security screenings. Supported cloud services have also successfully completed the Canadian Centre for Cyber Security (CCCS) assessment to support Protected B Medium (PBMM) and Protected B High Value Asset (PBHVA) workloads.

Google Cloud Data Boundary customers have access to a large set of Google Cloud products, including AI services, and can enable a variety of capabilities, such as Confidential Computing, Access Approval, Access Transparency and External Key Management with Key Access Justifications to control access to their data and deny access for any reason.

In addition, Google Workspace customers can take advantage of Google Cloud Data Boundary’s sovereign controls to choose a country to locally store data, and use client-side encryption with sovereign encryption keys to prevent unauthorized access (even by Google) to their most critical content.

We also announced User Data Shield, a solution that adds Mandiant services to validate the security of customer applications built on top of Google Cloud Data Boundary. User Data Shield provides recurring security testing of customer applications to validate sovereignty postures.

Google Cloud Dedicated

Google Cloud Dedicated delivers a solution designed to meet local sovereignty requirements, enabled by independent local and regional partners. As an example, Google Cloud has partnered with Thales since 2021 to build a first-of-its-kind Trusted Cloud by S3NS for Europe.

This offering with Thales is designed to offer a rich set of Google Cloud services with GPUs to support AI workloads and is operated by S3NS, a standalone French entity. Currently in preview, S3NS’ solution is designed to meet the rigorous security and operational resilience requirements of France’s SecNumCloud standards. We continue to explore local partnerships to address the needs of our customers around the world.

Google Cloud Air-Gapped

For Canadian organizations whose sovereignty and regulatory requirements need full isolation, Google Cloud Air-Gapped offers a fully standalone and air-gapped solution that does not require connectivity to an external network. This solution is tailored for customers in the intelligence, defense, and other sectors with strict data security and residency requirements. The air-gapped solution can be deployed and operated by Google, the customer, or a Google partner.

It is built with open-source components and comes with a targeted set of AI, database, and infrastructure services. Because air-gapped solutions run on open-source components, they are designed to provide business continuity and survivability in the event of service disruptions.

Local control, global security

Local control of data and operations can provide customers a greater level of confidence in their security, but it’s also true that no organization can be considered sovereign if dependencies on legacy infrastructure leave its data vulnerable to loss or theft.

Analysis from the Google Threat Intelligence Group and Google Cloud’s Office of the CISO suggests that the global cyber threat landscape will only become more complex as malicious actors tap into AI-powered tools and techniques to prey on older software products, platforms, and outdated infrastructures.

With Google Cloud, customers not only get sovereign solutions, but also gain access to our leading security capabilities. This includes our rigorous focus on secure by design technology and deep expertise from Google Threat Intelligence Group and Mandiant Consulting, who operate on the frontlines of cyber conflicts worldwide and maintain trusted partnerships with more than 80 governments around the world.

In addition, Google Cloud CyberShield provides AI and intelligence-driven cyber defense to help governments defend against threats at national scale. And Mandiant Managed Defense services make it easy for customers worldwide to extend their security teams with our security team.

Google Sovereign Cloud solutions ultimately enable customers to leverage the secure foundation of Google Cloud, while gaining access to advanced security features — such as Confidential Computing, Zero Trust, post-quantum cryptography, and AI-powered platform defenses — faster and more cost-effectively than they could achieve on their own.

Sovereign solutions for any organization

We remain dedicated to fostering an environment of trust and control for our customers across Canada, empowering organizations to navigate the complex landscape of digital sovereignty with confidence. Ultimately, we want to empower customers with choice and control, ensuring their digital future is secure, compliant, and poised for innovation, right here in Canada. We’ll continue to work with customers, partners, and policymakers around the world to refine our sovereign cloud offerings and deliver technologies that address their needs.

To learn more about how we are enabling our customers’ digital sovereignty capabilities, visit our web page or contact your account manager.