Why defence organisations need resilience beyond sovereignty

Amid rising geopolitical tensions, digital sovereignty has become a focal point for governments and enterprises alike. However, for defence organisations, sovereignty alone is not enough. The ability to maintain operational resilience in the face of conflict or severe geopolitical disruption requires the capacity to act independently when cooperation is impossible. Only true autonomy can provide that ability.

Digital sovereignty, whether cloud, data, or total sovereignty, refers to control over digital assets, so data, hardware, people, and software remain within a specific jurisdiction. While sovereignty addresses regulatory and jurisdictional concerns, it does not guarantee operational continuity in crisis scenarios.

Strategic autonomy, however, goes further. It means maintaining the ability to collaborate with international partners when possible, while retaining the independence to operate alone when necessary. For defence organisations, this is a matter of mission survival.

Why autonomy matters

In peacetime, reliance on hyperscale cloud providers and distributed IT infrastructure is manageable. But in conflict, the landscape shifts dramatically. Physical destruction can render data centres inoperable, while internet outages cripple cloud-dependent operations. Security becomes a pressing challenge as adversaries attempt to infiltrate or steal sensitive data. Even accessing remote personnel and resources becomes fraught with difficulty, as traditional communication channels may fail.

Sovereignty does little to mitigate these risks. A locally hosted data centre managed by an external provider still leaves defence organisations vulnerable if that provider can no longer deliver support. True resilience requires people, processes, and technology that function independently of external dependencies.

The three pillars of autonomy

It is often stated that an organisation’s greatest assets are its people, and that is certainly the case when it comes to strategic autonomy. Defence IT teams must be trained to manage disruptions, adapt systems, co-develop/innovate and maintain operations without external assistance. This means cultivating DevOps and cloud-native expertise to deploy and manage distributed systems effectively. Internal collaboration models, such as InnerSource, can foster agility by applying open source principles within closed environments. Open leadership is equally crucial, breaking down silos and accelerating decision-making in high-pressure scenarios.

After people, the processes they must follow is next. Clear, tested procedures are essential for responding to crises. Defence organisations need disaster recovery plans that account for wartime conditions, delivering continuity even if central systems fail. Decentralised workflows allow operations to persist in fragmented environments, while open methodologies enable continuous adaptation as threats evolve.

The final piece of the puzzle is technological. A truly autonomous IT ecosystem must be versatile enough to run anywhere, whether in central data centres, the cloud, or disconnected edge locations. It should support multiple hardware architectures, from x86 to ARM and RISC-V, avoiding vendor lock-in. Most importantly, it must handle any workload, from legacy systems to modern AI-driven applications, enabling seamless operation across all mission-critical functions.

Open source is the foundation of autonomy

Open source technology is uniquely suited to strategic autonomy. Unlike proprietary solutions, it provides transparency, allowing organisations to audit and modify code as needed. This delivers independence as systems can be maintained and extended even if the original vendor is unavailable due to mature and well established permissive and copyleft licenses. The flexibility of open source also means the same platform can run on everything from large-scale datacenters to mobile field deployments, making it ideal for defence environments where adaptability is paramount. For defence organisations, this translates to true self-reliance, the ability to sustain operations regardless of geopolitical disruptions.

We are not talking about theoretical developments. Defence organisations across EMEA are increasingly adopting open source solutions for digital autonomy, leveraging cloud-native platforms and DevSecOps practices to modernise their IT infrastructure.

One defence organisation that Red Hat works with is deploying security-forward, containerised environments using Red Hat OpenShift, which enables more consistent application development and deployment across classified and unclassified networks. Another has implemented multi-cloud strategies, combining private and public cloud services to maintain flexibility while fueling data sovereignty. A third is transitioning from proprietary systems to open source alternatives, benefiting from greater interoperability, scalability, and reduced vendor reliance.

These initiatives often include intensive training programs to upskill internal teams in modern software development practices to  power longer-term self-sufficiency. Another key trend is the use of open source automation tools and private cloud environments to build more resilient, future-ready systems.

Several defence agencies have established dedicated development services that provide standardised platforms for building and deploying applications at varying security levels.  Others are replacing legacy virtualisation platforms with open source container solutions to improve performance and reduce dependencies. These efforts highlight a broader shift toward modular, interoperable architectures that support rapid innovation while preserving operational sovereignty.

Beyond sovereignty to resilience

Digital sovereignty is a compliance measure, while digital autonomy is a survival strategy. Defence organisations must build resilience by integrating skilled personnel, robust processes, and adaptable technology. In a world where conflict can disrupt digital infrastructure overnight, autonomy is a necessity. The question isn’t concerned with where data resides, but whether operations can continue when external support disappears. The answer lies in people, processes, and technology embracing open, flexible solutions.

Learn more

• Preserve digital independence with Red Hat Sovereign Cloud
• Digital Sovereignty in Action
• Digital Sovereignty is far more than compliance