Data sovereignty: a key defence strategy

Risk Management12 Sep 2025

Bruce Kornfeld at StorMagic describes how hyperconverged infrastructure can play a significant role in data sovereignty by providing on-premises IT infrastructure for data to be processed without it ever having to leave the UK

Data management is crucial to every modern business; however, implementing control over data has become increasingly complex.

As data moves across borders and between jurisdictions, organisations must navigate overlapping and often conflicting rules and regulations. Companies must remain compliant throughout the countries in which they operate, regardless of where they themselves are based which, with today’s ever-increasing variety of laws, isn’t an easy task.

Many businesses have traditionally turned to foreign cloud providers for their scalability benefits, but now it is becoming increasingly important to consider who can access this data and the legal frameworks that govern their chosen provider. Relying on foreign clouds that are subject to different regulations can legally expose data to international authorities, which opens up organisations to legal backlash and operational risks in other jurisdictions, particularly when sensitive data is involved.

As geopolitical tensions and high-profile cyber-attacks have amplified the stakes of data mismanagement, organisations should rethink how and where they store sensitive information. In fact, 61% of IT decision-makers now view data sovereignty as a strategic priority. As organisations seek to futureproof their digital infrastructure, significant operational changes are already underway, with over half (54%) of IT leaders reporting pursuing a digital migration strategy in the past year.

Data sovereignty is no longer just a compliance checkbox. For many businesses, it is a strategic priority to ensure they maintain oversight and control over their data.

Cloud data sovereignty: a challenge for IT decision-makers

Cloud computing solutions are often a first choice for IT decision-makers due to their scalability, cost efficiency and ease of deployment.

However, legal ambiguity has led to a focus on data sovereignty, and as a result, many cloud providers are now offering sovereign cloud services. Sovereign cloud infrastructure will store data within a specific area, giving organisations control over their data’s residency, which in theory should protect against foreign access. This isn’t always the case though, and IT leaders remain uncertain about these solutions.

Laws such as the US CLOUD Act grant the US government access to data stored in US-owned cloud services, typically for safety and security purposes. This means any data held by a US cloud provider can be accessed by US authorities, even if the company to which the data applies resides outside the US. For such companies, this poses a dangerous precedent as they can no longer trust that their data is secure, and in many cases it should be illegal as such disclosures often violate local data protection and privacy laws.

These complex loopholes leave IT leaders skittish about the level of data protection offered by foreign cloud providers, and many are reconsidering their dependence on them. As such, an alternative solution is still needed to keep sensitive data secure and compliant, all while still leveraging cloud capabilities.

However, finding such a solution isn’t straightforward. Data sovereignty demands companies remain accountable for where their data is stored and processed; so when multiple regulatory frameworks overlap, compliance gets complex. IT leaders must balance legal compliance with operational flexibility or risk penalties, reputational harm, disruptions and lost customer trust.

Storage that complies

This is where hyperconverged infrastructure (HCI) comes into play. HCI enables IT leaders to store and process data on site and, crucially, within the same country and without exposure to foreign authorities. This ensures that regulations are met without sacrificing the benefits of modern IT operations.

At the same time, HCI gives organisations the option to extend applications into hybrid cloud environments, allowing businesses control over where workloads run and where data resides, ensuring they meet regulatory obligations while still benefiting from the cloud.

With data protection and compliance at the forefront of every IT leader’s mind, security and compliance remain central to HCI solutions, offering encryption to protect sensitive information. Furthermore, HCI offers IT teams granular access controls that can be tailored to meet regulatory demands. This means organisations have tighter control over who can access their data and mitigate risks related to cross-jurisdictional regulations.

Processing data closer to its source not only supports compliance with regional regulations but also reinforces data sovereignty and governance across diverse IT environments. With HCI, businesses can confidently balance the benefits of cloud scalability with the security, control and compliance demands of on-premises infrastructure.

Data sovereignty is no longer a concern but an imperative for UK businesses aiming to protect their data and mitigate geopolitical and cyber-risks. Technologies like HCI provide a practical solution for organisations to ensure compliance and maintain operational agility.

For IT leaders, maintaining control over sensitive data is foundational to business success. By adopting solutions that support compliance, UK businesses can navigate the challenges of a complex global digital environment and position themselves for resilience in an increasingly unsafe cyber-world.

Bruce Kornfeld is Chief Product Officer at StorMagic

Main image courtesy of iStockPhoto.com and da-kuk