Europe’s biggest retailer the Schwarz Group will serve “sovereign” hosted Google Workspace services to its customers under a landmark new deal.
The company, which owns the Lidl and Kaufland supermarket chains, has branched out into cloud and colocation services via its subsidiary STACKIT.
It runs its own large private cloud environment, built on OpenStack, and also provides managed cybersecurity, database, and other services to both its internal stakeholders and external customers like FC Bayern.
A "sovereign" Google Workspace?
Under a unique new partnership with Google that is targeting privacy and data sovereignty-conscious European organisations, STACKIT will also now provide Google Workspace, hosted from its private cloud environment, with the option of bring your own key (BYOK) client-side encryption.
Full redundancy will also be “offered by backups hosted solely in STACKIT’s European data centers to meet customer demands around data protection, data residency, and data resiliency” the companies said. (The Stack understands these to be based in both Germany and Austria.)
See also: Could Chrome be a real security weapon for defenders? A new $6/user proposition has potential
The retailer will eat its own dog food and migrate its 575,000 employees onto* its own self-hosted Google Workspace instance, it announced with some fanfare on November 15.
“This partnership changes the game for regulated industry players in Europe by removing the sovereignty and security concerns that often hold back more ambitious adoption of the cloud for productivity and collaboration” – Thomas Kurian, CEO, Google Cloud.
Chocolate, coffee, colo...
The Schwarz Group, which generated revenues of €167 billion in 2023, has built significant technology competency running IT services for its own complex portfolio of companies – which spans retail outlets, producers of chocolate, dried fruit, baked goods, coffee, pasta, ice cream and paper, packaging providers, as well as recycling and waste management.
Its engineers are also active in the OSS community; they recently open-sourced an OpenStack Lifecycle Management System, YAOOK (short for “Yet another OpenStack on Kubernetes” for example.)
“Germany and the EU have until now lacked enterprise-grade cloud collaboration solutions that fully address the sovereignty requirements of regulated industries, including ensuring all data is secured and backed up on local soil with absolutely no opportunity for access by foreign nations or platform providers,” said Schwarz Group’s Rolf Schumann.
And, fond as the retailer is of packing its supermarket aisles with the truly unexpected, it now serves everything from managed MongoDB databases, to private cloud environments, and even cybersecurity services via its “XM Cyber” proposition – a startup that it bought from Israel in 2021, and which, as part of the Google partnership, the two will jointly take to market via the Google Marketplace and bundle into the hosted Workspace.
("XM Cyber’s Continuous Exposure Management will be embedded into the sovereign Google Workspace solution offered to European enterprises".)
Google Workspace: CSE FTW
Google Workspace customers have long had the option of client-side encryption (CSE) – even if Google does not make this an obvious option for administrators when signing up or managing their environments.
They can sign up with one of Google's encryption key service partners (FlowCrypt, Fortanix, FutureX, Stormshield, Thales) or build a custom key service for CSE using the Google Workspace CSE API. (More detail here.)
Data is encrypted under this approach includes: Files created with Google Docs Editors (documents, spreadsheets, presentations), uploaded files, like PDFs and Microsoft Office files; Gmail email bodies, calendar event descriptions etc. – though the ultra-security conscious should be aware that file titles and file metadata such as name of owner and last edited time (and email subject), remain in plain text; end-users should also be aware that a super administrator can turn CSE on and off for users.
(Google also already lets users of its own Workspace flavour with a certain add-on set up hardware key encryption for Gmail CSE instead of using key service, whereby users can use their hardware key to sign and encrypt email. We could not immediately confirm if the Schwarz Group would also offer this via its hosted Workspace service.)
Regardless, it's a unique move by Google and a bold push into a market that rival Microsoft has run into repeated and increasingly pronounced data sovereignty issues in. Whether this truly assuages the concerns of the European organisations concerned at the reaches afforded by the CLOUD Act et al remains to be seen, but it's certainly another unexpected product offering from the Lidl owner and a potentially canny strategic proposition from Google, which has not previously (certainly in Europe) let someone else host and provide Google Workspace as a commercial offering.
*We've asked "what off?" and await an answer from the group.
Have questions too? Ask us and we'll chip away at this more.
See also: ISS gets “sovereign” European network powered by space laser broadband network
