惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
K
Kaspersky official blog
A
Arctic Wolf
Attack and Defense Labs
Attack and Defense Labs
L
LINUX DO - 热门话题
N
News | PayPal Newsroom
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
L
Lohrmann on Cybersecurity
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
B
Blog RSS Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
W
WeLiveSecurity
Know Your Adversary
Know Your Adversary
博客园 - Franky
T
Tenable Blog
T
Tailwind CSS Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Help Net Security
Help Net Security
WordPress大学
WordPress大学
T
The Exploit Database - CXSecurity.com
www.infosecurity-magazine.com
www.infosecurity-magazine.com
博客园 - 司徒正美
阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
H
Heimdal Security Blog
TaoSecurity Blog
TaoSecurity Blog
S
Security Affairs
J
Java Code Geeks
小众软件
小众软件
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Apple Machine Learning Research
Apple Machine Learning Research
NISL@THU
NISL@THU
O
OpenAI News
The Cloudflare Blog
月光博客
月光博客
Google Online Security Blog
Google Online Security Blog
V
V2EX
罗磊的独立博客
美团技术团队
博客园 - 三生石上(FineUI控件)
Security Latest
Security Latest
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
Cyber Attacks, Cyber Crime and Cyber Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Cyberwarzone
Cyberwarzone
L
LINUX DO - 最新话题
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏

informationweek

2026 tech company layoffs How Sedgwick scaled AI in legacy claims workflows InformationWeek Podcast: CTOs on using AI in regulated spaces How top CIOs are measuring the real ROI of IT automation What AI must learn from Roosevelt, conservation and 1929 Experian's chief innovation officer gleans AI gains with startup collab ETS CIO on competing with AI startups 'running with scissors' Before the next VMware: How CIOs prepare for vendor shocks The strategic alignment powering cyber-resilient organizations The AI infrastructure bottleneck is becoming a CIO problem InformationWeek Podcast: CTOs on reining in rogue AI agents Workplace equity in the age of AI Why and how to implement an AI asset rationalization strategy Why companies are shifting toward private AI models AI agents in automation: When to build, when to buy Navan CTO AI on trial: The Workday case that CIOs can The AI infrastructure boom is coming for enterprise budgets How CIOs can manage LLM costs: A practical guide What CIOs miss when buying vertical SaaS software InformationWeek Podcast: How CTOs balance AI and their teams Whirlpool, Duke Energy, Cleveland Clinic CIOs on scaling AI Where CIOs get stuck rebuilding the enterprise: What 'Rewired' reveals As AI makes projects harder to track, will CIOs need new controls? Why disaster recovery plans fail in geopolitical crises A silent erosion of enterprise AI by data poisoning Priceline CTO prioritizes engineers able to 'hold a room and a roadmap' InformationWeek Podcast: When CTOs need to restart IT projects Wayfair CTO maps agentic path across digital and brick-and-mortar commerce The AI contract gaps the Google-Pentagon deal just made visible Non-human identity sprawl is agentic AI's real risk Anthropic's Mythos forces a rethink of vulnerability management Outsourcing contracts weren't built for AI. CIOs are renegotiating now The AI spend hangover companies didn't plan for The power of CIO networking in the competitive AI world Why CIOs see AI projects stall: Speed without structure kills scale IT leaders should never let a good crisis go to waste SFO's digital twin maps airport operations from the curb to takeoff CIOs caught in the middle as AI startups disrupt vertical Saas Submit an IT Leadership column to InformationWeek Podcast: Rightsizing AI frameworks to avoid failure modes The invisible labor crisis inside IT: AI work the org chart can't see Why AI teams treat training data like capital Ask the Experts: How CIOs can identify and overcome cultural barriers to innovation Nobody told legal about your RAG pipeline -- why that's a problem Meta's new 'AI Zuckerberg' is a mirror for every C-suite Will the music stop for AI's funding dance? Rethink tech talent: Local is the smartest play for IT InformationWeek Podcast: Catching errors in AI-powered code CIOs can combat talent scarcity with AI-augmented leadership -- Gartner How Bellevue, Wash., is applying AI to streamline a broken permitting process Ignore the hype: Smarter tech bets at speed of change Who controls the fix? Colorado's repair fight tests CIO power Ask the Experts: The red flags that signal an AI project isn't worth pursuing The hidden high cost of training AI on AI Red Hat's Marco Bill: Resource control is key for AI sovereignty InformationWeek Podcast: New IT architecture, cloud, edge and AI Enterprises need Tier 1 provider relationships to deliver on AI How CIOs run and rebuild the business at the same time in the AI era It's not your tech stack, it's your structure -- fix it Confidential computing resurfaces as security priority for CIOs FinOps: Helpful tool, or a cloud control placebo for CIOs? Cleveland's open data overhaul: From sticky notes to public dashboards As Microsoft expands Copilot, CIOs face a new AI security gap Why build vs. buy doesn't fit modern IT systems InformationWeek Podcast: Is quantum computing slumbering? Your AI vendor is now a single point of failure Vibe coding: Speed without security is a liability A practical guide to controlling AI agent costs before they spiral AI fuels a new wave of technical debt The sunsetting of Sora: A hard lesson in AI portfolio resilience HP pushes broad internal AI use after early productivity gains Why value-based pricing is inevitable InformationWeek Podcast: Safeguarding ecosystems from outsiders Why AI scaling is so hard -- and what CIOs say works Humans are the North Star for AI-native workplaces -- Gartner How IT leaders build a culture for what comes next Compliance costs risk widening the AI gap AI-driven layoffs add new demands on CIOs to prove value AI transformation: Early wins are not enough for CIOs Why CIOs can't let users wait on IT Memory shortage doesn't have to spell disaster for IT budgets Accelerate AI adoption: 3 reasons for adopting MCP How techno-nationalism is complicating IT resilience and supply chains for CIOs InformationWeek Podcast: Compliance crackdown on AI and BYOD Workday’s AI reset: Agents and the race to remake SaaS Why enterprise AI initiatives keep dying before production Metrics of meaning: What do we really measure in AI? Using AI to pick team leaders -- without crossing legal or ethical lines What Oracle's layoffs reveal about running IT with fewer people Chief AI Officer on course-correcting when AI moves too fast Large enterprises need high-performing networks to scale AI InformationWeek Podcast: When do smaller AI models make sense? The future belongs to AI-driven IT Ways AI supercharges risk awareness and data insights for CIOs How automation prepares you for agentic NetOps Should the CIO, CFO or CEO hold the kill switch on AI? The CIO's new mandate: Redesign work itself Ask the Experts: CIOs say they wouldn’t pull workloads back from the cloud How AI is Reshaping the Enterprise
Techno-nationalism is reshaping CIO infrastructure strategy
2026-03-13 · via informationweek

The use of technology policy to advance national economic and security interests, also known as techno-nationalism, is no longer a distant geopolitical trend. It is becoming a direct operating constraint for CIOs -- and it's far more involved than many CIOs realize. 

Vendors aren’t much help in clearing the confusion, as they tend to blur three key concepts that CIOs need to separate, said Collin Hogue-Spears of Black Duck -- data residency, data localization and data sovereignty.

"Data residency means your data physically sits in Germany [for example]. Data localization means German law requires it to stay there. Data sovereignty means no foreign government can compel access to it -- and that's where everything breaks down," said Hogue-Spears, public cloud compliance leader and senior director of product management at Black Duck, a security provider.

Complying with different international laws

Related:Follow the four essentials of successful master data management

Consider that the U.S. CLOUD Act empowers American law enforcement to demand data from any U.S.-headquartered company, regardless of where it's stored. Now think what that means to CIOs after a Microsoft executive told the French Senate in July 2025 that they cannot guarantee protection from CLOUD Act requests, even with their own EU Data Boundary offering. 

That means “you're paying 15-30% more for infrastructure that answers the 'where does it live' question, while leaving 'who can access it' wide open,” Hogue-Spears explained. 

Additionally, governments are asserting greater control over semiconductors, cloud infrastructure, AI models, and cross-border data flows, turning once-routine IT decisions into strategic choices shaped by regulation, security priorities, and geopolitical risk.

For enterprise leaders, this means their technology strategy is no longer borderless. Vendor selection, architecture, and data governance decisions must now also account for export controls, sanctions exposure, sovereignty requirements, and supply chain disruptions

"This matters a lot when you're deciding where to put your cloud infrastructure, who gets access to data, and which vendors to work with," said Daniel Herszberg, a doctoral researcher at the University of Oxford whose work centers on law and political power, with a particular focus on the Greater China region.

Such a fragmented global tech landscape requires CIOs to juggle the need to modernize systems with the equal need to build resilience, in an era where politics increasingly dictates the limits of the stack. 

The challenges are formidable in navigating the rapidly fluctuating differences in both definitions and goals between nations and global companies. It is undeniable that it's “an increasingly unpredictable world," said Andreas Prins, global head sovereign solutions at SUSE, who added that their "global customers rank digital sovereignty as one of their main priorities."

Sovereign cloud pros and cons 

One of the clearest consequences of techno-nationalism is the rise of sovereign cloud infrastructure. A sovereign cloud aims to help an organization meet its digital sovereignty goals in terms of data residency, data privacy, and operational control. In short, it aims to ensure that sensitive data remains within specific geographic boundaries, complies with local regulations, and stays under the jurisdiction of domestic laws rather than in reach of any foreign governments. 

To achieve this, sovereign clouds typically offer physically isolated infrastructure that is located well within a specific country's borders. These clouds are also often operated by local entities or through partnerships that limit foreign access to data and systems.

In theory, sovereign clouds are effective at meeting compliance requirements and providing some legal protection, which is why they are in high demand by government agencies, critical infrastructure operators, and highly regulated industries like finance and healthcare. However, in practice their effectiveness varies considerably, with only some providing truly isolated environments with domestic-only operations. 

If deployed comprehensively, the pros in using sovereign clouds include:

  • Enhanced regulatory compliance.

  • Reduced foreign surveillance risks.

  • Greater control over data governance.

  • Alignment with national security interests. 

These clouds can also foster domestic technology ecosystems and reduce dependence on foreign providers, making them especially appealing to nations seeking their own data or AI sovereignty. 

The cons, meanwhile, include:

  • Significantly higher costs.

  • Slower innovation cycles compared to global hyperscalers.

  • Limited geographic redundancy options.

  • Fewer features.

Lock-in, fragmentation and exit risks

Vendor lock-in risks are much higher with sovereign clouds, and there is high potential that the isolation might hinder collaboration with international partners. 

Exiting sovereign clouds can also be problematic. For example, organizations operating in China will find “exiting a contract does not mean exiting the governing regulatory framework, as data localization rules, regulatory reporting obligations, technical configurations and questions of government access will likely remain in place even if you, say, for example, replace your provider,” explained Herszberg.

“Over time, actors may find themselves facing a form of gradual regulatory lock-in, as operational choices narrow quietly and spill over into procurement, interoperability with external systems, and limits on strategic autonomy beyond China,” Herszberg added.

A cost amplifier complicates the situation further. Fragmentation tops the list of operational and strategic challenges CIOs face when dealing with sovereign clouds, according to Kevin Miller, CTO of IFS North America, a leading global provider of Industrial AI software.

“Maintaining separate technology stacks by country increases cost and creates operational drag,” Miller explained.

The situation is predicted to grow costlier and more painful for CIOs over time. By 2028, 60% of multinational firms will split their AI stacks across sovereign zones, probably tripling integration costs in the process, according to Mark Minevich, president of Going Global Ventures (GGV), a New York-based investment, technology, and strategic advisory firm.

Best practices for sovereign clouds

The concept of sovereign clouds is still evolving, mostly because the driver behind its adoption is something completely new. At its core, sovereign cloud adoption is an effort to regain control over the company and its operations. 

“Enterprises are no longer simply trying to keep up with regulators; they’re on a mission to achieve autonomy,” said Utpal Mangla, vice president of Sovereign Cloud at IBM.

“What was once a regulatory concern focused on compliance is now a strategic priority centered around control, resilience and long-term competitiveness,” Mangla added. 

Best practices for sovereign clouds, at least thus far, focus on maintaining overall agility and security, particularly with respect to the ability to move your data quickly when the need arises.

“True security comes from transparency and control over your data, including the ability to exit an existing setup. Raising this issue at the board level is crucial to make it a company-level security and business continuity conversation,” said Kim Larsen, CISO at Keepit, a provider of security protection for cloud and company data.

Larsen added that CIOs might also want to look into the ownership of their infrastructure, where metadata is processed, and operational processes, with regards to ownership of hardware and solutions.

The best approach is to design for interoperability, according to Mark Townsend, Co-Founder & CTO at AcceleTrex. Keep sensitive workloads in sovereign environments as required, he added, “but maintain a portable architecture, containers, API first services, and strong identity layers, so you’re not locked into a single national ecosystem.  

“Some vendors are now using AI driven dependency mapping to show exactly which workloads can safely move, reducing both risk and over compliance,” Townsend said.

The future of techno-nationalist strategy

Amid so much complexity, the path forward may seem unclear -- but CIOs cannot delay on this issue. Minevich points to rapid developments that have already taken place: the EU’s launch of its own sovereign cloud; AWS’s European Sovereign Cloud which went live in January 2026; and the ongoing work in Saudi Arabia, the UAE, and India, with each country building national AI stacks from the ground up. 

To navigate this terrain, CIOs may need to wear a few different hats or appoint someone specifically to address this challenge.

“Designing AI systems that comply with competing regulatory regimes in the EU, U.S., China, and the Gulf simultaneously requires a new hybrid role, which is part geopolitical strategist, part cloud architect, part compliance expert,” said Minevich. “I think of it [the new role] as the ‘air traffic controller’ for AI across borders.” 

Despite different terminology like digital sovereignty or autonomy, “the underlying driver is universal: business resilience,” said Prins. “Companies want greater independence and control over their own destiny, and they're recognizing that their IT stack directly impacts their ability to achieve that.”