Deloitte Sovereign Cloud Assessment

The Deloitte's Sovereign Cloud Assessment is a structured three-step approach over 4–6 weeks.

What does our assessment offer?

I) Risk/Business requirements

Gather Business and Risk management requirements

• Regulatory & jurisdiction risk (EU, sector, industry)
• Security (IAM & PAM, Encryption & key ownership, Logging, monitoring & incident response)

Criteria for evaluation across sovereignty layers

• Operational requirement (Availability, resilience, Operating model & RACI and governance, Vendor concentration & exit risk)
• Data (residency, access control, encryption, auditing)
• Software (ownership, source code access)
• Infrastructure and Platform (Operational control, Network)

Detailed set of hosting requirements

• Application architecture & dependencies
• Data classification & processing needs
• Security & compliance constraints
• Integration & migration complexity

II) Detailed assessment and PoCs

Determine feasible hosting across three categories

• Standard region: Regulatory, technical and operation controls are met
• Dedicated local zone: Enhanced isolation & control
• Sovereign: Fully digitally sovereign

Develop and execute PoC with AWS

• Validate data residency, access control, and operations
• Test security controls, logging, encryption, and auditability
• Reconfirm regulatory and sovereignty alignment

Final choice of workload migrating to AWS ESC

• Finalize the hosting model
• Define and migration sequencing
• Target-state hosting roadmap

III) Service to AWS ESC mapping

Map business/ infra services to AWS ESC

• Service-to-Hosting fit Mapping
• Identify dependencies and group services

Finalize AWS ESC hosting for services

• Readiness scores, hosting roadmap, and decision rationale.
• Confirm target hosting option