Configuring an Azure Stack in the Microsoft Cloud to address Data Sovereignty Issues

Revolutionizing Retail with AI software through the Microsoft Azure Cloud and Bicep

In today's digital age, the importance of Artificial Intelligence (AI) in various industries cannot be overstated. The retail industry, in particular, has embraced AI technologies to enhance customer experience, streamline operations, and gain valuable insights into customer behaviour. Ocucon, through providing world leading AI software solutions that come built upon existing CCTV networks, are helping global retailers to embrace and benefit from this level of ground-breaking technology.

Ocucon understands that retailers face significant challenges in maintaining IT security and data privacy, particularly due to stringent regulations such as General Data Protection Regulation (GDPR) or California Consumer Privacy Act (CCPA). In the past, deploying Ocucon's service to comply with these requirements was a lengthy process, and potentially required deployment of physical servers in datacentres across the globe to run time limited and store bounded proof-of-concepts. However, with Microsoft Azure's cloud platform, and in particular Bicep technology, Ocucon has been able to transform the way that they offer their services, making the process faster, repeatable, and more secure for global deployment whether for proof-of-concepts or for rapid rollout at scale.

Data Sovereignty and Cloud Computing

Data sovereignty has recently become a hot topic of debate, particularly following the introduction of the GDPR, which places significant safeguards around transferring personal data to either third countries, or international organisations operating outside of the EU (source). If a company breeches related legislation, they can face significant fines, demonstrable through Meta that was recently fined £345m for unlawfully processing customers’ personal data (source). Similarly, other jurisdictions are following suit, for example with CCPA in the US.

Noteworthy is that cloud computing ultimately relies upon underlying hardware to host related services (source). A point that has significant implications with regards to data sovereignty, as if this physical infrastructure is located within a different jurisdiction, organisations can inadvertently transfer personal data to a third country, which may breech related legislation. An issue that has the potential to leave businesses facing significant penalties for doing so, as illustrated by the Meta example above.

Data sovereignty is therefore an essential aspect of retail AI solutions, as it ensures that sensitive or personal data remains within the boundaries of a specific country or region, in compliance with regulatory requirements. With Microsoft Azure, Ocucon can now offer their users data sovereignty options, ensuring that data remains within the geographic boundaries of their choosing. This ensures that our users sensitive data remains protected, regardless of where they operate.

Microsoft Azure Stack


SpillDetect is becoming extremely popular across a wide range of retailers and the requirement for our technical teams to build demonstration environments is growing fast. For most of these retailers they are happy to use our UK infrastructure, however some have elevated data protection requirements due to their jurisdiction and require processing in specified locations, so that they remain compliant with data sovereignty legislation.

Our proprietary spill detection software solution utilises high performance computing hosted in the Ocucon cloud. It interrogates existing CCTV networks to extract images, which are then process via advanced AI models to detect liquid spills. Each stack uses advanced NVIDIA A100 GPUs for high performance compute, which can process regularly polled images from thousands of cameras. This incredibly modular design provides a platform that is ideal for processing at scale and for scaling within the UK hosted Ocucon cloud. Most retailers are happy to use our UK infrastructure. However, some as noted above, due to their jurisdiction require processing in specified locations to comply with regulatory data protection requirements.

It is impractical for a number of reasons to build a full hardware stack to support a cloud service in a customer region just for a small scale trial, so we looked towards the Microsoft Azure cloud service, to see if it provided a viable platform from which to run the service from. Azure instances can be locally deployed, however setting up a full copy of our infrastructure can take weeks of painstaking work to build, configure and test. To illustrate this point in more detail, before we were even able to test an Azure stack, every element had to be built by hand, using the Azure portal, along with power shell commands and manual software installation. We then discovered Bicep, which is a domain-specific language that uses declarative syntax to deploy Azure resources into the Microsoft cloud (source).

Microsoft Azure Bicep

Bicep offers an infrastructure-as-code solution and comes designed to facilitate construction of an Azure stack ready for deployment into the Microsoft cloud (source). With Microsoft Bicep, you define the infrastructure you want to deploy using code, then simply use the file that you have built to deploy direct to Azure. Furthermore, the same file can also be used to repeatedly deploy the same infrastructure in a consistent, controlled and reliable manner (source).

For example, to create a Public IP Address without Bicep requires creation of that resource within the Azure portal through defining 17 different, configurable options. Following creation of the IP Address, it then has to be manually assigned and configured on the chosen virtual machine, followed by testing. Complex tasks like this are prone to tiny errors, which can also take hours of wasted time to resolve. However, Bicep allows you to do all of this in a few lines of code:

How to using Microsoft Bicep to configure an Azure Cloud Stack

Using code like this Ocucon now has the capability to create all of the Azure elements it needs, such as Virtual Machines, firewall rules or whatever in a repeatable, consistent and reliable manner that also minimises errors and simplifies testing. We now have the capability and ability to configure our cloud based AI solutions within hours, and to deploy an Azure stack at ease anywhere into the Microsoft Cloud to support trials through robust solutions that address data sovereignty issues. For example, we recently built an Azure stack of our infrastructure from scratch in a matter of 2 hours!

In summary, Ocucon's innovative approach to retail AI services, coupled with Microsoft Azure and Bicep, is revolutionizing the industry. By offering data sovereignty options, Ocucon ensures their clients' sensitive data remains protected, and by using Bicep, we can deploy and manage our services quickly, efficiently, and securely worldwide. With these technologies, retailers across the globe can now benefit from the power of AI without compromising on data privacy and security.

Looking to explore a trial, or proof-of-concept? Contact us now to see how Ocucon can give you the level of business intelligence and insights that you need to take performance to the next level through releasing latent value from your existing CCTV infrastructure.

How to use Microsoft bicep to configure an Azure Stack for Cloud Data Sovereignty
How to use Microsoft Bicep to configure an Azure Cloud stack for data sovereignty

Would you like to know more?