Digital sovereignty and resilience in the cloud

Self-sufficiency is an illusion: focus on digital resilience

In some places, digital sovereignty is understood as complete independence from external IT providers - a claim that is almost impossible to realise in the face of global networking and complex cloud ecosystems. We understand digital sovereignty as resilience and advise our customers to take an unagitated, pragmatic approach: It's about reacting flexibly to disruptions, minimising risks and creating alternative options for action. Absolute self-sufficiency is an illusion; resilience and sustainable competitiveness are the goal.

Balance between control and competitiveness

Strengthen the resilience of your organisation through transparent, innovative, flexible IT concepts and pragmatic risk assessments. The following questions have proven useful when defining an individual strategy:

• Against which specific risks is protection actually required?
• How much control is possible, how much is necessary?
• How can performance and control be harmonised?
• What additional costs are justifiable?

There is no universal answer to the question of which IT infrastructure is best for Swiss companies. As a cloud-neutral managed service provider, we are observing that more and more companies are opting for hybrid models. While the public cloud remains unbeaten in terms of scalability and innovation, we are experiencing a renaissance of the private cloud for highly sensitive workloads and cost control. The trend is moving away from 'cloud first' towards 'cloud right': companies are now making very differentiated choices as to which data can go into the global cloud and which must remain in the local data centre for reasons of sovereignty.

Practical checklist for resilient cloud concepts

• Inventory: Which cloud services are used for different workloads, what data is stored where and what dependencies exist?
• Strategy definition: Set sovereignty goals, assess risks on a workload-specific basis and develop a governance model for cloud use
• Architecture & technology: Multi-vendor approach, exit strategies and cloud-agnostic technologies such as Kubernetes or open source databases minimise dependencies and ensure workload portability
• Security & compliance: classify data, check data locations, establish encryption, role and access controls, monitoring and auditing, check provider certifications and keep an eye on the legal situation
• Expertise & processes: Build up in-house expertise, involve external service providers for consulting and co-management if required, standardise and document cloud processes, define responsibilities and create disaster recovery plans

Companies should make individual, needs-based decisions in order to find a good balance between control and competitiveness.

Fabian Dörk
Cloud Services Director, Claranet Germany

Digital sovereignty is not a state, but a path

Digital sovereignty in the cloud is not an absolute state. Rather, it is a continuous process that requires constant consideration. The ideal path lies in a balanced strategy that takes equal account of control, resilience and flexibility. This includes consciously utilising the advantages of hyperscalers, while at the same time maintaining your own independence through measures such as multi-vendor models, cloud-agnostic architectures and clear exit strategies. These measures cost money and resources, but the investment pays off in many ways: You increase your security and compliance, reduce dependencies and at the same time remain innovative and resilient to future market and regulatory changes.

White paper: Digital Sovereignty in the Cloud

This article is an extract from our white paper ‘Digital Sovereignty and Resilience in the Cloud’. Download the full analysis, including a checklist, free of charge now.