Digital sovereignty is the combination of data sovereignty, operational sovereignty and technological sovereignty. While inter-related, each of these terms focuses on a distinct part of an organisation’s digital estate. Operational sovereignty is the ability for an organisation to independently control and manage its IT systems without relying on external forces to ensure continuity and resilience. Global unrest, such as the ongoing war in Ukraine, has caused this to become a growing concern for business leaders.
As artificial intelligence (AI) becomes a source of competitive advantage, business leaders are paying much closer attention to where its underlying data is stored and processed and under which legal jurisdiction it falls. As a result, sensitive data sets are being transferred from public clouds to on-premises data centres – or so-called sovereign clouds – that are under the full legal control of the national jurisdiction.
Operational sovereignty is now a necessity
Achieving data sovereignty is no longer enough. Natural disasters, global conflicts and geopolitical unrest can easily disrupt digital infrastructure and processes. What happens to your operations if the undersea cables serving a data centre fail or are deliberately cut by a malicious actor? And this isn’t just about business continuity. Earlier this year, Spain and Portugal experienced widespread disruption when a surge in voltage triggered mass grid failures. Equally, in the event of a natural disaster or a bout of freak weather, power cuts could disrupt crucial connectivity and computing infrastructure.
This leads us to one fundamental truth: the need for operational sovereignty to ensure resilience. Maintaining full control, visibility and autonomy over how IT systems and digital infrastructure are managed and operated, regardless of whether these resources are hosted in-house or outsourced to third parties, is now critical. Boosting resilience is only one factor. Operational sovereignty can also lead to greater control and transparency over digital estate and processes, helping businesses identify opportunities to reduce waste and inefficiencies.
From a practical standpoint, achieving operational sovereignty means reducing dependence on specific infrastructure and individual vendors. A multi-cloud strategy, for example, is prudent. In an unstable geopolitical landscape, there is a risk policymakers will suddenly intervene in what they regard as a strategically important market. A government might decide to restrict who has access to specific AI models or advanced semiconductors. In the case of such disruption, organisations need to be able to quickly move applications and other digital workloads from one data centre to another or from one cloud provider to another.
Resilience is the linchpin of compliance
From a compliance standpoint, operational sovereignty can help underpin “resilience”, which is rising up the policy agenda. The EU’s Digital Operational Resilience Act (DORA) and the UK’s Cyber Security and Resilience Bill are putting pressure on businesses to withstand, respond to and recover from digital disruptions, such as cyberattacks or system failures.
In July, the European Central Bank (ECB) issued guidelines stressing that financial institutions need to ensure they can transfer their digital services to another cloud provider, if necessary. Part of this was for financial entities to ensure they have multiple active data centres in different geographical locations with independent power supply and network connections, hybrid cloud architecture and multiple cloud service providers.
Digital portability is the key to unlocking operational sovereignty. Platforms which allow businesses to port applications and other digital assets from one cloud environment to another, or to an on-premises data centre, are a fundamental part of this strategy. What’s more, porting application delivery and security policies that sit in front of applications, help to ensure that the security posture of these applications does not change while migrating to a different environment.
Operational sovereignty is within reach
Achieving operational sovereignty is increasingly important, but also increasingly feasible. The global outlook is driving the need for resilient digital systems. If an unforeseen event impacts infrastructure, the temporary fix should not be a return to pen and paper.
As technologies advance and become more versatile, they allow the flexibility of operating services across distributed clouds and on-premises software. With the right tools in place, organisations can stay ahead in an unpredictable world and maintain true control over their most critical systems. While data sovereignty allows autonomy over data, operational sovereignty provides autonomy over all operations – both necessary in today’s increasingly volatile landscape.
Bart Salaets
Bart Salaets is Field CTO at F5, leading a team of highly skilled solution architects focused on ADC, security, mobile core and cloud solutions in an EMEA overlay organisation
