When is ‘sovereign’ truly sovereign?

When is ‘sovereign’ truly sovereign?

A new approach to managing and hosting critical data in support of the UK’s Defence and national security

Discover why hosting alone is not enough for UK Defence data sovereignty, and how Exponential-e delivers fully sovereign, secure, end-to-end data management.Contents

Thank you for reading:

When is ‘sovereign’ truly sovereign?

A new approach to managing and hosting critical data in support of the UK's Defence and national security

In a comparatively short space of time, the integrity of the UK's data has become a top priority for our Defence sector, with bad actors mounting an increasingly sophisticated range of attacks to disrupt critical services, potentially putting lives at risk and compromising our national security.

Sovereignty - the full control over where data is physically hosted - is key here. But while it's natural to assume this is simply a question of which country a data centre is based in, the highly interconnected nature of modern supply chains, and the ever-growing complexity of the compliance landscape means we must reconsider what we really mean by 'sovereign', especially when it comes to the data that powers the UK's public services.

All this is in spite of the Data Protection Act 2018, which places firm restrictions on the transfer of policing data to overseas locations².

The seemingly obvious answer is to simply maintain self-owned private Clouds in on-premises servers, but much legacy infrastructure is unable to accommodate the growing volumes of data generated, stored, and transferred on a daily basis, and many organisations have come to depend on public Cloud platforms, such as Microsoft Azure, Office 365, and Amazon Web Services - as part of their day-to-day operations.

Put simply, these platforms have simply not been designed to handle data with the highest security classifications, particularly when it comes to guaranteeing its true sovereignty. This situation is compounded by the fact that many of these hyperscalers may be subject to regulations outside the UK, such as the US' Patriot Act, that can lead to them being subpoenaed to provide those governments with access to the data stored on their platforms.

It is clear then that the Defence sector as a whole must reconsider its relationship with its technology partners and supply chain, adopting a holistic view of data sovereignty that not only considers where it is hosted, but also how it is managed, transferred, and secured. We must therefore consider how the advantages of the Cloud platforms in terms of flexibility, scalability, and cost control can coexist with the most rigorous standards of security and full compliance with all applicable regulations.

It is for this reason that the Exponential-e Group continues to maintain our position as a solely UK-focused technology provider. We are an active presence in Crown Hosting's ARK data centres, with our own security-cleared specialists managing Cloud infrastructure for organisations across some of the most highly regulated sectors. We also maintain our own enterprise-class network, allowing us to provide highly secure Cloud environments and defence organisations' own premises, with our evolving cyber security ecosystem overlaying it all. Altogether, this allows us to take an end-to-end view of our customers' data sovereignty, utilising our full solution portfolio to ensure the seamless flows of data that modern Defence operations depend on do not in any way compromise our national security.

The Defence sector's relationship with its data has changed forever, and while we are still in the early days of this journey, the Exponential-e Group will continue to offer our support, working closely with organisations across the sector to establish a new standard of best practice around data sovereignty and the underlying digital foundation needed to execute it. Since 2024, we have placed significant focus on our engagement and working relationships with our Defence and national security customers, both directly and indirectly through partnerships with Defence Primes and other organisations - and also working with other organisations who provide platforms and services to the sector, providing them with the means to offer an ironclad guarantee of data's sovereignty.