Data Fit for a Sovereign: How to Consider Sovereignty in Your Digital Resilience Strategy

Digital sovereignty used to be a term reserved for the ‘high threat club’— government organisations focused on national security or defence. But increasingly, our European customers in critical infrastructure sectors are asking us for more choice over how they deploy technology, control over access to their systems and data, and autonomy over their digital infrastructure in the AI era. As a result, digital sovereignty—once a niche topic—has become of greater interest for some European organisations, particularly when it comes to building cyber or digital resilience.

While the factors influencing an organisation’s interest in digital sovereignty have evolved, so too have the criteria for determining the right approach. It’s crucial to find a strategic balance, ensuring the decision is driven by your unique requirements rather than the allure of a prevailing trend. This leads to a more nuanced question: What level of control, choice, and autonomy over your data and infrastructure is right for your organization?

Where our customers are finding the balance depends on various factors. For example:

• High availability vs. data sensitivity: Based on your risk and context, you might prioritise high availability of data over sovereign solutions. Perhaps potential downtime is a higher risk than a lack of sovereignty for certain services. Conversely, maybe your organisation's most sensitive data has sovereignty requirements, driven by the organisation’s threat profile. As an example, less sensitive processes (e.g. an IT incident investigation) could fall below the threshold for sovereign technology investment, but the handling of cyber incidents would not.

• Geolocation vs. fragility: Geolocation of providers and services can be a priority due to operational imperatives, but it can also potentially create more risk by introducing fragility into your supply chain with less resilient, local providers. We’ve seen some organisations adapt their processes after incidents—e.g., ensuring incident management staff reside in-country rather than off-shore — to weather sensitivity concerns, but this can also bring staffing challenges.

Digital sovereignty considers the entire digital environment, including infrastructure and software, as well as data. But if digital resilience is a data problem, understanding the nuances of data sovereignty is also critical. However, data sovereignty requires careful consideration as it is not a one-size-fits-all concept. An organization's specific threat model and resilience needs shape its unique requirements, and complexities must be weighed against core business objectives like speed and agility. While choice and control are appealing, a true sovereign posture extends far beyond data residency—forcing a deeper look into your entire data supply chain, the legal jurisdictions governing your providers, and who can access your data. Each of these layers can introduce operational friction, potentially impacting business agility. So before exploring the ‘how,’ it is essential to first answer the ‘why.’ A practical starting point is to ask three fundamental questions:

1. Does regulation require it?
2. Is the risk real and qualified?
3. Are there compelling business drivers?

If the answer is yes to one of these questions, you need to understand your posture and options when it comes to digital sovereignty. Ask your teams:

• What are the operational use cases we really need to make sovereign? IT, security, engineering, operations, development, etc.?
  • This depends on your threat profile and business risk acceptance. The answers will help you prioritise what requires sovereign solutions, and know the requirements (residency, availability) for the data that supports those use cases.

• What is our strategy for moving data? How long would it take to move or access that data, and do we have the resources to do it?
  • This is crucial to know for recovery purposes. If data takes too long to move, it can lead to all kinds of impact in a business — from downtime to risk exposure during incident investigation. It can also be expensive to duplicate or transfer data between different repositories. Knowing the time it takes to move or access data will inform a cost-effective data architecture that is fit-for-purpose and will highlight opportunities for federation.

• Is our data classification good enough?
  • Knowing the data you have is crucial. Classification should allow you to prioritise use case and data repositories, and to stratify what data needs moving into sovereign solutions. Classification and quality have always been important in managing data, and sovereignty underlines the importance of this hygiene.

• Has the organisation considered digital sovereignty at a strategic level? Could we make a change if we needed to, and who owns that responsibility?
  • Preparation is key, and a crisis is not the time to re-consider strategy. Understand the organisational view of this problem and, if a change is needed, how possible and how quickly that could be implemented.

How Splunk and Cisco Can Help

Among the differing definitions of data sovereignty, the location of your data (data residency) is rarely seen as sufficient to achieve full sovereignty, but it is usually seen as a crucial component. And, whatever policy you enforce, you need to monitor that policy for compliance violations. To help organizations navigate these challenges, our approach is built on three key pillars:

1. Choose Your Deployment

In response to requests, Cisco recently announced a Sovereign Critical Infrastructure portfolio for customers in Europe. This is a truly configurable infrastructure that customers can operate in their own air-gapped, ‘on-prem’ physical environments. This can also be deployed as part of a hybrid environment, giving customers the flexibility they need. With Splunk, you can choose to deploy on‑premise or to leverage our SaaS platform in multiple EMEA locations — giving customers choice depending on the control they need. Currently supported Splunk Cloud Platform regions in EMEA include: London, Dublin, Frankfurt, Milan, Paris, Stockholm, Belgium, and the UAE. We continue to expand in response to customer requests. You can also leverage Role-Based Access Control (RBAC) to control who sees your data. In Splunk, RBAC enables fine-grained access control at the app, dashboard, index, search-command, field, and event level, allowing organisations to tailor user access in a scalable way. This robust approach to RBAC helps enhance security, operational efficiency, and compliance by assigning permissions based on job responsibilities rather than individual users.

2. Leading in Federation

Since 2021, Splunk has been committed to its Federated Search capabilities. Federated Search currently allows organisations to search and analyse data from other Splunk instances, AWS S3 buckets or Amazon Security Lake, without needing to move or duplicate it. This federated architecture is great for data residency priorities! It means that you can choose the appropriate region to store your data while still being able to gain the insights you need — even across multiple locations and storage types. In security, this can look like having your rarely-searched compliance data stored in the cloud where it’s cheaper, but keeping your operational data for investigating incidents in a Splunk on-premise instance or stored in a specific Splunk Cloud Platform region for residency reasons —and all of this data is searchable from a single UI. It’s no longer just about data lakes but data ponds and data puddles too. With data residing in more places, connectivity is key, and you need to be able to bring analytics to your data, rather than bring your data to the analytics.

3. Visibility as a Foundation

You can’t secure what you can’t see and monitor. Using Asset and Risk Intelligence and other Splunk monitoring capabilities for compliance helps you see what assets you have, collect the right operational and security data to analyse and report changes, and identify gaps or violations. Simply knowing what you have in your estate is a crucial first step, with ongoing monitoring to avoid compliance drift. Availability and performant search are also crucial to get the data you need, when you need it — something Splunk has been giving users for a long time.

Conclusion

The path to digital resilience starts with visibility into your data; it’s a data problem that requires a modern data management approach. For some organisations, this path will involve a careful evaluation of digital sovereignty—which requires understanding the data you have, where it moves, and its role in your operations. Ultimately, the goal is to make a deliberate choice about the right level of control and autonomy that is appropriate for your business and can support building the resilience that is now a critical part of any organisation’s strategy.

To learn more, catch up on our session on sovereignty and digital resilience from EMEA Digital Resilience Week.