Keepit has released a new report — Data Sovereignty: Take Control of Your Data — along with expert commentary from CISO Kim Larsen that breaks down why sovereignty has moved beyond compliance and is now a core security and resilience concern. The report notes that many organizations believe sovereignty is a legal or CIO priority, but the research shows it is increasingly a security architecture challenge.
Key Themes: The research highlights several issues now directly impacting SOC, IR, and cyber-resilience teams:
- Hyperscaler monoculture = single points of failure. 97% of cloud infrastructure sits with a handful of providers, creating systemic risk when outages or misconfigurations cascade across SaaS, identity, and backup platforms.
- CLOUD Act + Schrems II = conflicting access rules. Security teams must defend information that may be legally accessible to foreign jurisdictions — even when stored in-region.
- Hybrid warfare is targeting cloud identity and control planes.
The report details growing APT activity against cloud identity providers and the risk of dependent ecosystems failing simultaneously.
- Most SaaS backups rely on the same hyperscalers as production.
Making “air-gapped” recovery impossible in many breach or outage scenarios.
- Regulators are raising the bar on resilience.
Under DORA, NIS2, BaFin, and CNIL/ANSSI guidance, CISOs must demonstrate independence, portability, and provable control — not just encryption and regional storage.
Why this is timely for security practitioners
- Attackers are exploiting cross-cloud dependencies.
- Resilience mandates are forcing redesigns of backup + identity strategy.
- EU regulators are signaling that US-controlled clouds may not meet sovereignty requirements for healthcare, public sector, and critical infrastructure.
- Organizations are reassessing “cloud-by-default” models and returning to hybrid or sovereign-cloud setups for high-value assets.
Report Download:
https://www.keepit.com/data-sovereignty-in-the-cloud/
Expert Commentary:
https://www.keepit.com/blog/data-sovereignty-report
Like this:
Like Loading...
Related
This entry was posted on November 25, 2025 at 9:49 am and is filed under Commentary with tags Keepit. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Keepit research: Data sovereignty is becoming a frontline security issue
Keepit has released a new report — Data Sovereignty: Take Control of Your Data — along with expert commentary from CISO Kim Larsen that breaks down why sovereignty has moved beyond compliance and is now a core security and resilience concern. The report notes that many organizations believe sovereignty is a legal or CIO priority, but the research shows it is increasingly a security architecture challenge.
Key Themes: The research highlights several issues now directly impacting SOC, IR, and cyber-resilience teams:
The report details growing APT activity against cloud identity providers and the risk of dependent ecosystems failing simultaneously.
Making “air-gapped” recovery impossible in many breach or outage scenarios.
Under DORA, NIS2, BaFin, and CNIL/ANSSI guidance, CISOs must demonstrate independence, portability, and provable control — not just encryption and regional storage.
Why this is timely for security practitioners
Report Download:
https://www.keepit.com/data-sovereignty-in-the-cloud/
Expert Commentary:
https://www.keepit.com/blog/data-sovereignty-report
Share this:
Like this:
Related
This entry was posted on November 25, 2025 at 9:49 am and is filed under Commentary with tags Keepit. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.