• data encryption
• data protection
• data residency
• data sovereignty
• hardware security module
• key management service
• sovereign cloud

The thesis work begins with an analysis of the problem related to where the data is located, the ‘data residency’, stating its definition and highlighting the consequences. Another investigated concept is that of digital sovereignty, and, in particular, sovereignty related to the management and maintenance of data. These are two themes that must be carefully evaluated by those who operate in critical sectors and by those who manage sensitive data if they rely on cloud services or need to share information with third parties. To report the efforts of entities and institutions, national and EU community projects are cited, whose purpose is to strengthen the secure exchange of information and ‘trusted’ access to data, maintaining sovereignty and control over the adopted technology. Then, the technical solutions and architectural design principles that enable data sovereignty in a hybrid infrastructure are identified, such as the adoption of external key management services (KMS), hardware security modules (HSM), and confidential computing, to protect data both at rest, in motion, and when used. This is followed by a laboratory in which an infrastructure was designed and instantiated on a use-case that integrates Thales data protection solutions with the Azure cloud. The thesis concludes with an analysis of the known vulnerabilities of the technologies that have been identified to fully understand the adoption scenario.