Rethinking sovereignty, risk and strategy in cloud

Giel Hermans, Jos Vliegenthart & Pamela George
June 30, 2025 · 3 min read English

As we enter 2025, cloud computing is no longer just about efficiency—it has become a strategic enabler of growth, innovation, and resilience. Organizations are no longer just focused on cost savings and scalability but are prioritizing control, security, and digital sovereignty. With rapid advancements in digital infrastructure, coupled with increasing geopolitical complexities and regulatory shifts, businesses must adopt a proactive approach to managing their cloud environments.

A modern cloud strategy must be built on a foundation of security, adaptability, and compliance. Companies that align their cloud investments with long-term competitiveness, operational continuity, and regulatory mandates will position themselves as industry leaders. Cloud decisions have become strategic, impacting not just technology and cost, but also corporate governance, risk management, and digital transformation—giving organizations a competitive edge.

Rethinking cloud strategy for resilience
Cloud computing remains a pillar of modern enterprises, offering agility, scalability, and immense processing power. However, a generic public cloud model is no longer sufficient. Organizations must adopt a diversified cloud strategy that integrates hybrid, sovereign, and edge computing to strengthen resilience and maximize opportunities. Cloud Exit-as-a-Service (CEaaS) provides a structured approach to navigating cloud transitions, ensuring organizations retain control over their digital assets while mitigating risks associated with vendor lock-in and geopolitical instability (source).

The role of hybrid and sovereign cloud
Geopolitical developments and stricter data sovereignty laws are driving organizations to refine their cloud strategies. Governments worldwide are enforcing stricter data localization requirements, ensuring that sensitive information remains within specific jurisdictions.

A multi-layered cloud approach provides organizations with the flexibility to optimize workload placement while maintaining regulatory compliance. By integrating public, private, and sovereign cloud environments, enterprises can retain strategic control over critical assets while leveraging the innovation potential of public cloud platforms (Source: Gartner).

For instance, a multinational financial institution may use a sovereign cloud to comply with regional data protection laws while leveraging public cloud capabilities for AI-driven analytics or efficient content delivery. This approach ensures compliance without stifling innovation.

Navigating geopolitical and regulatory uncertainty
The global cloud ecosystem is increasingly shaped by regulatory frameworks and national policies aimed at securing digital sovereignty. Governments are taking proactive steps to regulate data storage and transfer, reinforcing compliance requirements and increasing scrutiny on foreign technology providers.

The dismantling of the U.S. Privacy and Civil Liberties Oversight Board (PCLOB) has raised concerns about the legal foundation of transatlantic data transfers, prompting European policymakers to explore alternatives that safeguard regional data sovereignty (Source: European Data Protection Board).

At the same time, initiatives like the EU Data Act aim to reduce reliance on non-European technology by strengthening regulations around cloud service providers and ensuring data remains accessible under European jurisdiction (Source: European Commission).

Recent geopolitical changes are reshaping the business and technology landscape. While these shifts introduce new challenges, they also present opportunities for organizations to strengthen their operations. Here’s what to consider:

  • Managing IT costs – While shifts in U.S. trade policies may impact IT expenses, the real challenge lies in the limited availability of non-U.S. alternatives. Even locally hosted solutions often rely on U.S.-based servers or software components. Exploring truly regional setups and diversifying providers can improve both cost control and strategic autonomy.
  • Adapting to compliance & privacy changes – Regulatory shifts, including potential changes to the Trans-Atlantic Data Privacy Framework (TADPF), may require companies to reassess data governance and ensure compliance.
  • Strengthening infrastructure resilience – Growing concerns over subsea infrastructure security highlight the need for diversified network routes, enhanced monitoring, and stronger protections.

To stay ahead, organizations must take a proactive approach by implementing strategic measures for compliance and resilience:

  • Frequent risk assessments: Review your cloud risk profile every 3–6 months, ensuring risk evaluations include direct usage and digital supply chain dependencies.
  • Cloud agility by design: Build flexible architectures that adapt to disruptions, reducing the impact of such disruptions to your organization.
  • Reducing subsea dependence: Explore European mainland cloud services to enhance digital sovereignty and reduce reliance on subsea infrastructure.
  • Failover strategy: Leverage Exit-as-a-Service for smooth migration to sovereign alternatives while maintaining cloud benefits.
  • Scenario planning & testing: Regular disaster recovery (DR) tests aligned with business continuity strategies ensure operational resilience.

By using these strategies, organizations can stay in control of their digital infrastructure while keeping innovation going. Cloud computing continues to be a strong driver of business transformation—when managed with a clear strategy and flexibility.


IT Modernization: the foundation of cloud agility
Keeping IT systems up to date isn’t just about technology—it’s about staying competitive, cutting costs, and making smarter decisions faster. Moving to the cloud, building scalable architectures, and leveraging edge computing enable businesses to work more efficiently, remain compliant, and accelerate product and service delivery.

Edge computing adds further speed and flexibility by processing data closer to where it’s needed. This minimizes latency, enables real-time decision-making, and enhances customer experiences—particularly in industries like healthcare, retail, logistics, and finance, where responsiveness is critical.

Companies that prioritize IT modernization gain significant advantages in reliability, resilience, and scalability. A well-planned multi-cloud strategy ensures operations remain uninterrupted, even if one provider experiences downtime or service disruptions. Research by McKinsey and Gartner underscore the value of multi-cloud architectures in driving digital transformation, enabling scalable, dynamic workload management while safeguarding security and operational efficiency.


Knowledge retention and talent development
Beyond technology and regulation, the global shortage of cloud and cybersecurity talent presents a significant challenge. As cloud environments grow more complex, organizations must attract, train, and retain skilled professionals to manage and secure their infrastructure.

To address this challenge, organizations must:

  • Prioritize knowledge retention: Document expertise and automate routine tasks to safeguard institutional knowledge.
  • Leverage strategic partnerships: Collaborate with managed service providers and technology vendors to bridge skill gaps while maintaining operational efficiency.

A strong cloud strategy is only as effective as the teams managing it.

A pragmatic view
Organizations must reassess their strategic direction with a focus on three key concerns: independence and sovereignty, compliance, and digital infrastructure resilience. While these risks are valid, their impact varies depending on business models, cloud dependencies, and geographic exposure. A well-structured assessment can help companies make informed decisions that balance opportunity and risk.

Rather than treating these developments solely as threats, forward-looking organizations can use them to strengthen their digital posture. Key areas of attention include the implementation of redundant, multi-region cloud architectures to reduce exposure to geopolitical disruptions; adopting technology-agnostic solutions for critical components, ensuring continuity in the face of vendor or policy shifts; anticipating changes in privacy regulations to maintain compliance across jurisdictions; and staying agile in response to evolving trade policies by maintaining flexibility in cloud vendor strategies and regional deployment models.

Making strategic choices
The cloud landscape in 2025 offers organizations a unique opportunity to future-proof their digital strategies. With the right choices, cloud adoption becomes not just a technical decision, but a catalyst for growth, innovation, and resilience.

Success starts with a clear understanding of an organization’s risk profile. Proactively evaluating geopolitical and compliance factors allows businesses to stay ahead of potential disruptions and maintain control over their data. By designing region-specific data strategies, companies can turn regulatory complexity into a competitive advantage—meeting local requirements while preserving the flexibility to scale and innovate globally.

Equally important is aligning cloud investments with long-term business continuity goals. Hybrid, multi-cloud, and sovereign models offer powerful ways to strengthen operational resilience, ensuring that digital capabilities remain robust in any scenario.

With intentional, well-informed decisions, organizations can transform cloud strategy into a lever for agility, trust, and sustained value.

Navigating the future of cloud
As cloud computing continues to evolve, organizations must rethink their approach to sovereignty, security, and adaptability. The challenges presented by shifting regulations, geopolitical tensions, and evolving business needs require more than just technological solutions—they demand a strategic mindset.

A resilient cloud strategy is built on flexibility, compliance, and risk awareness. By diversifying cloud environments, investing in knowledge retention, and aligning cloud adoption with long-term business goals, organizations can safeguard their operations while remaining agile in an unpredictable landscape.

A future-ready cloud strategy is not just about mitigating risks—it is about maximizing opportunities. Organizations that approach cloud computing with foresight, adaptability, and a proactive mindset will remain industry leaders in 2025 and beyond.

Cloud computing remains a transformative force, but success hinges on how well organizations navigate sovereignty, risk, and strategy in an increasingly complex digital landscape. The choices made today will define the resilience, security, and innovation capacity of businesses for years to come.