Tech
Considerations for ensuring a minimum viable digital sovereign cloud | Computer Weekly
Server manufacturers have been working in recent years to adapt their datacentre products to meet the growing demand for artificial intelligence (AI). While major public cloud providers have the resources and scale to handle AI workloads, there is renewed interest in private clouds and on-premise AI. This shift is partly due to the realisation that public large language models (LLMs) are not well-suited for specific enterprise needs. Additionally, geopolitical uncertainties have raised concerns about relying solely on hyperscale cloud providers, prompting businesses to prioritise digital sovereignty and seek greater control over their IT infrastructure.
Lenovo, for instance, positions digital sovereignty in the context of customer requirements and AI deployment strategies. During its latest quarterly earnings call, Lenovo chairman Yuanqing Yang said: “User priorities are shifting towards personalisation and the private domain. This is accompanied by growing emphasis on efficiency, response speed, security, privacy and sustainability.”
The company answers the question of digital sovereignty through its hybrid AI advantage programme, which integrates AI hardware with AI-powered services and AI infrastructure to provide digital sovereignty and address customer privacy requirements.
Meanwhile, during HPE’s fiscal 2025 fourth-quarter earnings call, CEO and president Antonio Neri said: “Sovereign and enterprise bookings now account for more than 60% of the cumulative orders since Q1 of fiscal year 2023, demonstrating our strategy to prioritise profitable AI infrastructure build-out opportunities.”
The company recently introduced its first AMD Helios AI rack-scale architecture integrated with HPE Juniper networking, which it claims is designed to accelerate AI training and inferencing for sovereign clouds.
Similarly, Dell is ramping up efforts to place sovereign cloud capabilities, as Dell vice-chairman Jeffrey Clark explained during the company’s third-quarter 2026 earnings call. “Our salesforce is winning new opportunities across the neocloud customer base, sovereign customer base and enterprise customer base,” he said in response to a question about the factors contributing to incremental AI revenue of $5bn, which was referenced during the earnings call.
Given the trend among server manufacturers to offer digital sovereign capabilities, digital sovereignty is highly likely to be an area of focus for the tech sector in 2026 when targeting customer opportunities.
No regs for digital sovereignty
When looking at what is and what is not digital sovereignty, the authors of analyst Forrester’s Demystifying full digital sovereignty report note that there is no single regulation for digital sovereignty worldwide, which means it is not a compliance issue.
Instead, Forrester analysts Dario Maisto, Pascal Matzke, Lauren Nelson, Lorenzo Annicchiarico and Rachel Birrellone describe digital sovereignty as a risk mitigation exercise, where technology firms and IT service providers subject to foreign jurisdictions may affect an organisation’s ability to keep operations running. Rather than being considered a compliance issue, the Forrester analysts regard digital sovereignty as a request for proposal (RFP) when procuring new IT products and services.
Although it involves access to the organisation’s data, in terms of data residency, Forrester does not recommend treating digital sovereignty as a privacy and data protection issue.
In the report, the Forrester analysts note that data sovereignty concerns the ownership of data. “When you put your data in the infrastructure of a third-party subject to a foreign jurisdiction, such as the US hyperscalers’ datacentres in Europe, you may end up losing access to it,” they warn.
As an example, they note that while Microsoft’s sovereign public cloud ensures that customer data remains within Europe and only European nationals will be responsible for operations, this does not protect Microsoft customers from the risk of the US government “pulling the kill switch”.
Forrester recommends that organisations correctly frame the data sovereignty issue as a first step in gaining stable, long-lasting sovereign control of their data.
A balanced approach to in-country technology capacity
Power International Holding, which has headquarters in Qatar, is using Nutanix’s sovereign cloud capabilities and has adopted a private cloud to ensure sovereignty over its own data and AI models.
The company has been using Nutanix to tackle a proliferation of shadow AI projects when application development teams use external software-as-a-service (SaaS)-based LLMs without centralised controls, as CIO Jasim Rahman explains: “We selected Nutanix to do classical HCI (hyper-converged infrastructure) file management, but it has also allowed us to deploy our own models within the Nutanix AI stack, and this now powers a lot of our use cases in healthcare, IT, HR and facilities management.”
Nutanix Enterprise AI functions as a private cloud, allowing Power International Holding to create and use its own AI models, as well as fine-tune open source ones. It ensures data stays within the country where the company operates, maintaining data residency.
He says the company has a multi-layered approach to digital sovereignty, which includes in-country control over compute infrastructure and the development of AI models and platforms tailored to local needs “Our full-stack sovereignty has multiple stacks. We’re taking a very balanced approach to this, with both western and eastern clusters,” he says.
While Power International Holding is a private company, it participates in nation-building efforts, supporting the Qatar government to develop sovereign AI capabilities. Rahman says this makes it a key partner in advancing Qatar’s digital sovereignty and innovation goals.
“Governments need compute capacity to build models that are tuned for their country, culture, and language,” he adds.
For Rahman, digital sovereignty means ensuring that the compute infrastructure, models, platforms and physical AI remain within the country.
“Governments need a lot of compute capacity to build their AI models,” he says. “The risk is not just data residency. It’s data plus the models. Nobody can see what’s inside the model. It’s like a black box. So we’ve got to be able to intervene to make sure these models are tuned for the country, the culture and the languages spoken in that country.”
Rahman notes that the underlying graphics processing unit (GPU) infrastructure needed for AI requires a balanced approach to digital sovereignty. “In Qatar and the other countries we operate in, we’re taking a very balanced approach to GPU infrastructure. Not many countries produce chips. We are dependent on the west, the Americas and the east.”
This approach means Power International Holding takes into account the specifics of the countries in which it operates. Some of them are leaning west, while some lean east. The underlying stack is the GPU infrastructure. “We’re going to be providing a platform of GPU infrastructure that will allow these countries to have their own digital embassies within this GPU infrastructure. They can operate within that infrastructure independently as sovereign clouds,” says Rahman.
He defines digital embassies as secure, sovereign cloud environments hosted within Qatar’s GPU infrastructure. They are designed to serve as disaster recovery and continuity hubs for other countries and enable countries to store critical data and systems outside their borders, ensuring resilience in case of emergencies such as wars or natural disasters.
Qatar has diplomatic relationships with other nations, such as Rwanda, which facilitates establishing digital embassies for disaster recovery and continuity planning for these countries. “Rwanda wants to have a country business continuity plan outside of Rwanda. That’s where Qatar would come in,” says Rahman.
Minimum requirements
While there have been many discussions around on-premise and private clouds being built to enable digital sovereignty, that does not necessarily mean moving workloads and data out of hyperscale IT infrastructure.
Forrester advises IT and business leaders to determine the minimum level of digital sovereignty needed to meet their business goals. This should be practical and capable of supporting the organisation’s workload requirements. A digital sovereignty plan should focus on delivering useful outcomes, rather than just meeting compliance or avoiding risk, as these alone do not benefit the business.
As Rahman highlights, such a strategy must also consider the countries where the business operates and their geopolitical context. This means IT infrastructure may need to be deployed in a different country from where the business is based. For example, as noted in Forrester’s Demystifying full digital sovereignty report, Estonia’s data embassy is located in Luxembourg to protect its critical data and information.
The base of the lamp has two slider buttons. One toggle adjusts the warmth, from cold white light all the way to red. One adjusts the intensity, from ultra-bright down to a glareless glow. Hard taps on each button skip ahead, while holding the toggle down on one side or another adjusts the light settings quite slowly—slowly enough I at first sometimes question whether it’s happening.
The maximum brightness is 1,000 lumens—the approximate intensity of a 75-watt incandescent bulb. At this brightness, the battery lasts about five hours. At a lower intensity, this can extend to as long as a dozen hours.
Red Shift
Photograph: Matthew Korfhage
There’s an added feature I have come to appreciate at night, which is the red-light mode. There’s little evidence that blue light from your little smartphone is keeping you awake at night. But numerous studies do show that blue light wavelengths can affect melatonin levels and thus your body’s circadian rhythm, while red light doesn’t do this.
Red light therapy is, of course, the province of TikTok as much as science—a field where wild exaggerations live alongside legitimate uses and benefits. For every sleep study showing that red light is superior to blue light when it comes to melatonin levels, there’s another showing that red light is associated with “negative emotions” before bed.
So I can only offer my own experience, which is that Edge Light Go’s red reading light offers me a pleasant liminal space between awake time and sleepy time, one not offered by a basic nightstand lamp. It allows me to sort of bask in a darkroom space that still lets me see and read, and drift off a little easier.
If I fall asleep, the light has an automatic 25-minute shut-off, which means I won’t do what I far too often do, which is drift off while reading and then wake up, alarmed, to a room filled with bright light in the middle of the night.
Caveats and Quirks
Photograph: Matthew Korfhage
This said, for all the virtues of portability, the Edge Light Go does not boast a base that’s heavy enough to stop the lamp from tipping over if I bend it forward from its lowest hinge. This can be an annoyance when trying to use the lamp as a reading light from a bedside table or the arm of a couch.
For airlines to run critical operations on networks that are set up and run for them, removing the complexity and cost of managing connectivity themselves, air industry tech firm SITA has launched a new network solution designed to support the demands of complex airport and transport environments.
With around 2,500 customers, SITA technology supports more than 1,000 airports and more than 19,600 aircraft worldwide. The company said that it also helps more than 70 governments “strike the balance between secure borders and seamless journeys” and connects 45-50% of the industry’s data exchange to enable complex global networks to operate smoothly and reliably.
As part of the latter aim, the SITA Campus Network, powered by HPE Aruba Networking, aims to offer a managed network service covering more than 150 countries wherein SITA takes care of the design, procurement, shipping, installation, configuration and support for all devices involved. Boasting a low total cost of ownership (TCO), SITA is proposing “one of the most competitive” fully managed local area network/wireless local area network (LAN/WLAN) available in the industry.
Explaining the rationale for the launch, SITA noted that managing networks across multiple locations, devices and suppliers is complex and costly. Furthermore, it said that when networks are fragmented, performance suffers and disruptions can spread quickly.
SITA Campus Network is attributed with being able to remove this burden by delivering a fully managed network across wired and wireless environments. The campus network is claimed to combine “robust” connectivity with centralised, cloud-based management to ensure consistent, reliable performance across airport campuses and other large transport hubs.
Designed for high-density environments such as terminals, hangars and airline operations centres, the solution is said to support large volumes of users and devices without compromising performance, even during peak demand. By integrating HPE technology into its managed service, SITA’s customers get a network that is centrally operated by SITA while retaining the flexibility to use different technologies and vendors.
Available in more than 145 countries, with 24/7 operational support, SITA assured that by reducing the need for costly hardware and simplifying operations the network lowers both upfront investment and ongoing costs. Its pay-as-you-go model allows customers to scale usage up or down based on demand, with rapid deployment across locations.
This is said to reduce the need for on-site support, spare equipment and recurring training, freeing up IT teams to focus on higher-value activities. Where needed, the campus network connects to SITA’s global wide-area network services. This connectivity links more than 600 airports worldwide.
As is the norm with other leading networking solutions, the SITA Campus Network uses AI to improve visibility across the network, detect issues earlier and automate troubleshooting, helping reduce downtime. It also provides centralised management, allowing infrastructure and devices to be monitored and controlled across both on-site systems and remote environments.
Martin Smillie SITA senior vice-president of communications and data exchange, said integrating diverse systems and devices across airport environments is becoming more complex as operations become more connected: “At the same time, expectations on performance, resilience and security continue to rise. With SITA Campus Network powered by Aruba, we take on that complexity. We deliver a network that is set up, run and continuously optimised, so our customers can focus on keeping operations moving while maintaining control across increasingly demanding environments.”
Sujai Hajela, executive vice-president and general manager for enterprise campus and branch at HPE, added: “Airports and airlines have to support thousands of staff, passengers and mission critical systems across terminals, gates and airside areas – and any network issue shows up immediately as delays and frustration.
“SITA Campus Network powered by HPE Aruba Networking is built on our secure, AI-native technology to deliver a self-driving network that spots and fixes problems in real time, often before anyone notices, so operations keep moving and passengers stay connected.”
Tech
Chinese hackers using compromised networks to spy on Western companies, says Five Eyes | Computer Weekly
China-linked hackers are using networks of vulnerable internet-connected devices, including home routers, printers and smart devices, as cover to mount espionage and hacking operations.
The technique is now used by the majority of China-linked hackers as a way to obscure hacking and espionage attacks launched against organisations in the West.
The UK’s National Cyber Security Centre (NCSC) and national agencies in nine other countries have warned today that Chinese-linked groups are now leveraging networks of infected devices “at scale” to target critical sectors globally and steal sensitive data.
According to an advisory issued by the Five Eyes intelligence-sharing alliance – comprising the UK, the US, Canada, Australia and New Zealand – and 10 other countries, Chinese groups are exploiting security vulnerabilities in unpatched internet devices to create networks to use as a staging post to launch further attacks.
“We know that China’s intelligence and military agencies now display an eye-watering level of sophistication in their cyber operations,” said NCSC chief Richard Horne in a speech at its CyberUK conference in Glasgow.
Covert networks hide ‘indicators of compromise’
The agencies warn that the Chinese tactics are making it difficult for organisations to detect and attribute malicious attacks on their computer networks using traditional “indicators of compromise”.
Chinese groups, for example, could use a UK-based infected device as a staging post to hack into a UK-based company, meaning that blocking non-UK IP addresses no longer provides a defence for overseas attacks.
They advise companies to adopt “adaptive, intelligence-driven measures” to better mitigate the risks, including monitoring traffic from internet-connected devices, virtual private networks (VPNs) and remote access devices to identify suspicious traffic.
Chinese-linked groups are able to evade detection by exploiting low-cost networks of infected devices that can rapidly be reconfigured so that traditional static IP block lists are no longer effective.
The networks are used for each phase of a cyber attack, from reconnaissance and malware delivery, to command and control and data exfiltration against targets of espionage and offensive cyber operations, according to the advisory.
Covert networks behind major hacking operations
Covert networks of compromised devices have been used by the Chinese state-sponsored group Volt Typhoon to pre-position for future attacks on critical national infrastructure (CNI).
The group has targeted communications, energy, transport and water services in the US, and has been able to maintain covert access to critical IT systems for five years or more.
It used a network of vulnerable Cisco and NetGear routers, which were no longer supported by the manufacturers and were no longer receiving updates of security patches.
Another Chinese group, Flax Typhoon, has used a covert network of 260,000 compromised devices, including routers, firewalls, webcams and CCTV cameras, to conduct cyber espionage against targets in multiple countries.
Hacking as a service
Chinese hacking groups have a choice of covert networks, each with potentially hundreds of thousands of endpoints, which frequently change, making it more difficult for companies targeted to block attacks, according to the advisory.
Chinese information security companies have maintained networks of infected devices, available as a service for Chinese-linked hacking groups.
Chinese company Integrity Technology Group controlled a network known as Raptor Train, which infected more than 200,000 devices worldwide in 2024.
Companies advised to take countermeasures
The NCSC advises companies to map internet-connected devices in their organisation and corporate VPNs, so they can understand which traffic is legitimate.
They should also introduce multifactor authentication (MFA) when employees use remote connections to dial into business networks.
Larger organisations can profile incoming connections based on operating systems, time zones, and the organisation’s systems configurations to identify legitimate traffic.
The Five Eyes and the NCSC advise the most at-risk organisations to actively track Chinese advanced persistent threats (APTs), using threat reports supplied by the NCSC to create dynamic block lists and rules to detect incoming threats.
“In recent years, we have seen a deliberate shift in cyber groups based in China utilising these networks to hide their malicious activity in an attempt to avoid accountability,” said Paul Chichester, NCSC director of operations. “We call on organisations to act now to better defend their critical assets.”
Prince William tries to squeeze into Formula E car on Louis’ birthday
France’s Kering acquires ICCF’s minority stake to expand ICICLE
Hackers steal $2.5m from Sri Lanka finance ministry
-
Fashion1 week agoFrance’s LVMH Q1 revenue falls 6%, shows resilience amid Iran war
-
Entertainment1 week agoIs Claude down? Here’s why users are seeing errors
-
Sports1 week agoPSL 11: Peshawar Zalmi win toss, opt to field first against Quetta Gladiators
-
Tech1 week agoThe Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought
-
Politics1 week agoIran in continuous message exchange with mediator Pakistan after US talks: Report
-
Business1 week agoStandard Life buys rival in £2b deal to create savings giant
-
Tech1 week agoCYBERUK ’26: UK lagging on legal protections for cyber pros | Computer Weekly
-
Sports1 week agoWorld Cup kit ranking: Which teams will look best in 2026?