Open Sovereign IT: How to Get Started

I recently detailed SUSE’s position on open sovereign IT. It has led to urgent conversations with customers and partners who want to know how to navigate new regulations, mitigate geopolitical risks and build truly resilient IT infrastructure.

The challenge is clear: Digital sovereignty isn’t a single product. It is a complex strategy built on three core pillars: data, operations and technology. This will require continuous evolution. Knowing where to begin is hard and we are here to help.

SUSE’s Cycle of Digital Sovereignty Implementation 

Plan for Sovereignty

1. Engage your stakeholders around the three pillars of digital sovereignty: data, operations and technology.

Ask your board, partners and technical teams about their specific needs for data location and access, who manages the technology and how to avoid lock-in. 

This will immediately bring to the surface the needs or risks that could impact your business across three critical areas.

2. Identify regulatory changes in your industry related to sovereignty. 

It is important to stay informed about the evolving regulations that impact your business. For example, subscribe to RSS Feeds from the European Union such as EUR-Lex or EU Commission. 

3. Map out your ecosystem and scrutinize your software supply chain.

Create a software bill of materials for critical applications using standards like SPDX and CycloneDX to identify all components, their origins and dependencies. Prioritize applications handling personally identifiable information, financial data (as per DORA) or those deemed critical national infrastructure, as these face the highest regulatory scrutiny.

4. Classify workloads by sovereignty risk. 

Determine which applications handle data that must run on-premise or even in a fully air-gapped environment, completely isolated from external networks. Collaborate with vendors to mitigate them. 

Implement Sovereignty Measures: 

5. Align with sovereign architecture.

Consider how implementing sovereign architecture would help meet your needs. We are happy to discuss and hear your needs and share how SUSE is sovereign by design. Please get in touch and we can set that up.

6. Ensure your tech stack is as open source as possible to maximize transparency, flexibility and business continuity.

Embrace open source solutions for greater control and adaptability. And remember, open-washing is not enough. Demand true open source that allows you to inspect code, guarantees interoperability and helps you to avoid vendor lock-in the ultimate threat to technological sovereignty. The systems need to be fully interoperable and heterogeneous to build the type of environments that can adapt.

Validate and Prepare:  

7. Develop a business continuity plan designed for technology survivability.

Your business continuity plan must know what will happen to your systems if your main provider is sanctioned or its non-EU control plane is disconnected. It is why a self-reliant, open source stack is a critical design principle.

Execute: 

8. Make Digital Sovereignty a core principle of your IT strategy and execute on it.

This transforms sovereignty from a one-time project into a continuous, automated, and auditable practice that evolves with your business and the regulatory landscape. Once this is part of your fundamental IT practices you can execute on it continuously.

9. Continually monitor and look for ways to improve.

This will be an ongoing process that will require constant monitoring of environments and systems.  Ensure you are regularly engaging stakeholders and identifying regulations to stay on top of sovereign IT. 

SUSE is helping customers run sovereign solutions today with our sovereign by design offerings. We are here to help you navigate these nine steps. Please get in touch with your local SUSE representative or connect with us via live-chat or phone.