The rise of sovereign clouds: no data portability, no party
Sovereign clouds demand data portability for resilience

The rise of sovereign clouds has become inevitable as regulatory demands, and geopolitical pressures push enterprises to rethink where their data resides. Localized cloud environments are increasingly becoming essential, allowing organizations to keep their data within specific jurisdictions to meet compliance requirements, and provide risk mitigation.
But sovereign clouds can’t succeed without data portability, which is the ability to move data seamlessly between systems and locations. Today organizations shouldn’t wait to be pushed by regulations, they need to be ahead of the game.
Enterprises need to address the reality that data migration across hybrid environments is far from straightforward. It’s not just about relocating primary data, you also must keep it protected while considering associated datasets like backups and the information used in AI applications.
While some may need to address the protection of Large Language Model (LLM) training data, many organizations are instead turning to Retrieval-Augmented Generation (RAG) or AI agents to bring intelligence to their proprietary data without building models from scratch.
Either way, data sovereignty is a valid approach to the pressures facing organizations today, but the focus should always be on data resilience first, no matter where it's stored.
It’s a familiar tale - the cloud will give businesses more options and flexibility, but to take advantage of these properly, they’ll need some joined up thinking.
Global Field CTO, Veeam.
Today’s forecast
Regulators around the globe are driving organizations to look at their data differently, appearing at pace in response to increasing data globalization as countries try to get a better grasp on their data. The European Union (EU) has been particularly stringent, introducing the comprehensive General Data Protection Regulation (GDPR) that stipulates data sovereignty.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Under it, the laws of the country where data is stored or processed are now applicable to the data, regardless of where the data was originally collected. Special attention is also being paid to the chain of custody of data in the EU with both the NIS2 and DORA regulations demanding robust risk management for data, especially when held or handled by third parties.
As data, including highly sensitive and classified data, is being increasingly handled by these third parties, namely cloud providers, keeping it bound under privacy laws has become a priority for both organizations and governments as their data moves across borders.
With this increased movement of data between countries, or even continents, global instability concerns have become unavoidable, especially for governments. Some have already adopted sovereign clouds to protect their most sensitive data from potential malevolent access. And some have taken it one step further.
With cloud services completely reliant on data center infrastructure, some governments have started to divest their interest in foreign cloud and IT infrastructure, reinvesting instead in their own. This way, they can avoid storing their most sensitive data with foreign providers.
But cloud sovereignty is not a silver bullet. For those utilizing multinational cloud providers, there might be the option to stipulate where your data is ultimately stored and what countries’ laws it will be held under, but there is no guarantee that it will not change. The issue isn’t just solved by relocating the primary data.
Sure, it needs to be protected, but what about all the related data? Cloud backups and Large Language Model training data sets for example, all need to be carefully considered to meet data sovereignty – or alternatively, organizations can utilize RAG or AI agents to level up their data without having to deal with reams of AI training datasets in the first place.
Freedom of Movement
But to do all of this, organizations need to ensure that data portability is enshrined in their data resilience planning. After all, there’s a fine line between protecting your data and inadvertently restricting it beyond the point of use. If organizations are unable to ensure data portability, then moving to a hybrid cloud environment to take advantage of both sovereign clouds and localization of data storage is a non-starter.
There are SaaS (Software-as-a-Service) and DRaaS (Disaster Recovery-as-a-Service) providers that can simplify the process, but it’s not a task that can be completely offloaded to a third party. Organizations still need to take a hands-on approach, planning and managing it thoroughly to ensure data remains secure throughout the process. Otherwise, organizations will be unable to utilize sovereign clouds to adhere to the myriad data residency and sovereignty regulations.
It’s not without caveats though. For those larger, multinational organizations operating across countries and continents, multiple cloud environments will be required to house multiple sovereign clouds. But this also brings increased complexity for both the monitoring and management of data across jurisdictions.
Not only will multiple cloud environments need to be considered, but also multiple sets of data regulations across countries. And, for those organizations that do get it right, the benefit of enhanced data resilience comes with the added risk of data fragmentation.
There’s no easy win, but what’s certain is that data portability will be an essential part of any solution that organizations settle on. Whichever approach is taken, being able to move data seamlessly across platforms and clouds will be a necessity as organizations wrestle with data sovereignty. And, as regulations continue coming down the line, data portability will give organizations a head start on future compliance, allowing them to flex more easily to meet regulations, where less portable counterparts will struggle.
Tying down the cloud
Data globalization is showing no signs of slowing, with information flows now their own form of trade, even generating their own economic value. And with global instability as an ever-present factor, data sovereignty will only move higher up the priority list. But it’s not a task that can just be passed onto a third-party provider.
Although organizations may not fully realize it yet, data sovereignty and operational clarity are closely linked. To start securing your data, you need to know exactly where it’s stored and how. Then, with this comprehensive understanding of your data landscape, you can pinpoint those operations or processes where data resilience might be lacking and tackle your data portability.
By reworking data resilience from the ground-up, organizations can cement security, compliance, and sovereignty into their operations, and actively manage them through risk assessments, compliance audits, and strategies that take into account multiple suppliers.
With this in place, organizations can start leveraging hybrid cloud environments effectively, perhaps storing the most sensitive data on-premises under precise data sovereignty regulations, while offloading less critical data to the cloud.
But this can only be utilized by organizations that have prioritized data portability. Rather than waiting for regulations to enforce it, organizations need to be proactive to take advantage of the flexibility, longevity, and most importantly, security of the cloud.
We've listed the best IT management tool.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Global Field CTO, Veeam.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.