Categories
Cloud et Cybersécurité (EN) Featured-Post-CloudSecu-EN

Digital Sovereignty: It Begins at the Workstation, Not in the Cloud

Auteur n°16 – Martin

By Martin Moraz

Enterprise Architect

Views: 22
Cloud et cybersecurity

Summary – Digital sovereignty stakes go beyond regional hosting: reliance on cloud portals, external MDM, and remote firmware signing jeopardize operational continuity and compliance with revDSG, GDPR, NIS2 and DORA. Mastering the workstation requires complete control of OS, firmware, network and messaging—without external chokepoints—or risk vulnerabilities and outages.
Solution: a modular hybrid architecture combining open-source OS, on-prem MDM, internal PKI, self-hosted messaging, Zero Trust and offline modes for proven independence and resilience.

In a context where digital sovereignty is often reduced to regional hosting, true data mastery rarely stops at the cloud. To achieve genuine sovereignty, one must trace back to the workstation – operating system, firmware, mobile device management, network, messaging – and control every component.

This article explores the false securities of a sovereign-only cloud, confronts regulatory requirements with technical realities, and then proposes a concrete architecture for truly independent and resilient endpoints and networks.

The False Securities of a Sovereign Cloud

The sovereign cloud promises total control, but dependencies on cloud portals and accounts undermine security. Without control of endpoints and firmware, sovereignty remains illusory.

Mandatory Accounts and Cloud Portals

The requirement to sign in to a cloud portal to configure a network or install a mobile device management agent creates an external control point. In practice, the administrator loses control if portal access is suspended or during a regional outage.

On Windows 11, the demand for a Microsoft account or Azure Active Directory (Azure AD) for certain features reinforces this dependency. Even for local use, the machine may refuse certain security updates until the user is authenticated to an external service.

On the Apple side, an Apple ID remains essential for deploying security profiles or managing certificates enrolled via the device management portal. Organizations thus relinquish part of the control over their endpoints’ authentication chain.

Firmware and Boot Chain Dependencies

Secure Boot and firmware signing often rely on remote infrastructures to validate keys. If those infrastructures are compromised, a BIOS/UEFI update can be blocked or manipulated.

Some manufacturers embed kill switches in the firmware, triggerable remotely to disable equipment. Although presented as a security tool, this practice can become a lever for blocking in case of dispute or failure of the associated cloud service.

Without a local fallback mode or direct access to the boot chain, enterprises cannot guarantee workstation recovery if the manufacturer’s cloud services are interrupted.

Managed Cloud Solutions and False Sovereignty

Solutions like Meraki or Ubiquiti offer centralized management through their data centers. Network configurations, updates, and diagnostics go exclusively through an online portal.

If the cloud operator experiences an outage or decides to revoke a device, the managed hardware becomes isolated, with no way to revert to standalone mode. This undermines business continuity and technical independence.

Example: A public agency migrated its router fleet to a cloud-managed solution, convinced of its regional sovereignty. After a firmware update was blocked by the portal, the administration lost access to its secondary network for several hours, demonstrating that control remained partial and vendor-dependent.

Regulatory Framework vs. Technical Reality

revDSG, GDPR, NIS2, and DORA formally mandate sovereignty but do not guarantee real data control. Legal compliance without technical mastery exposes organizations to operational and financial risks.

Swiss revDSG and LPD: Formal Obligations

The revision of the Swiss Federal Data Protection Act (revDSG) strengthens data localization and personal data security obligations. It requires “appropriate” technical measures without specifying the granularity of control needed.

In practice, hosting in Switzerland satisfies most auditors, even if workstations and communication channels remain managed abroad. Declarative sovereignty then masks access and traceability gaps.

This creates a paradox: a company can be legally compliant yet have limited control over operations and incident reporting, potentially exposing data to unauthorized access.

GDPR vs. Cloud Dependencies

At the European level, the GDPR requires data protection and proof of that protection. Using cloud services often involves data transfers outside the EU or indirect access by foreign subcontractors.

Even if a provider claims compliance, the lack of control over its endpoints and administrative chain creates a risk of non-compliance in the event of a targeted attack or forced audit by a competent authority.

The juxtaposition of legal guarantees and invisible technical dependencies can lead to heavy fines when an organization believed it had covered its GDPR obligations.

NIS2, DORA, and Operational Continuity

The NIS2 (Network and Information Security) and DORA (Digital Operational Resilience Act) directives impose continuity and recovery planning obligations. They do not always distinguish between public, private, or sovereign clouds.

Without an end-to-end architecture that includes endpoints, a continuity plan may rely on third-party services that become unavailable during a crisis. The absence of a local degraded mode then becomes a critical point of failure.

Example: A Swiss financial organization, seemingly compliant with DORA, used a managed messaging service. During a European data center outage, it could not restore internal communication for eight hours, revealing a lack of technical preparedness despite administrative compliance.

Edana: strategic digital partner in Switzerland

We support companies and organizations in their digital transformation

Let's talk about you

Endpoint and Network Sovereignty Architecture

True control is achieved through managed endpoints: open-source operating systems, on-premises device management, internal PKI, and strong encryption. A hybrid, modular ecosystem preserves technological independence and resilience.

Linux Workstations and Alternative Operating Systems

Adopting Linux distributions or open-source Android forks ensures a transparent, auditable software chain. Source code can be reviewed, reducing black boxes and facilitating the validation of each update.

Unlike proprietary environments, these operating systems allow deploying custom builds without relying on external portals. Internal teams can maintain a local package repository and manage patches autonomously.

This approach offers fine-grained control over firmware configuration and full-disk encryption while remaining compatible with most business applications via containers or virtual machines.

On-Premises MDM and Locally Managed Network

An on-premises mobile device management platform avoids the need for an external service. Security policies, device enrollment, and profile distribution are managed directly by IT, with no portal dependency.

Paired with locally manageable network hardware, this model replicates all functions of a sovereign cloud in-house, while retaining the ability to sever external links if necessary.

Example: A Swiss industrial SME deployed on-premises MDM for its production terminals and configured its network through a local console. In the event of an internet outage, the systems continued to operate, demonstrating that a hybrid architecture can combine sovereignty and resilience.

Internal teams or a service provider can maintain a local package repository and manage patches autonomously.

Open-Source Messaging and Video Conferencing (Matrix/Jitsi)

Matrix and Jitsi provide end-to-end encrypted communication solutions that can be self-hosted in Switzerland. They guarantee full ownership of servers and encryption keys.

With a Dockerized or virtual machine deployment, you can build an internal cluster, replicate services, and distribute load without relying on a third-party cloud.

This technological independence avoids vendor lock-in while ensuring GDPR compliance and offline resilience, particularly during global network incidents.

Zero Trust Policies and Offline-Capable Continuity

Adopting a Zero Trust approach and planning for offline continuity strengthen sovereignty and resilience. Without adapted policies, even a sovereign architecture can be compromised.

Zero Trust Principles Applied to Endpoints

Zero Trust assumes that every element, network, or user is potentially untrusted. Each access request is authenticated and authorized in real time, with no implicit trust.

By practicing microsegmentation, workstations and applications communicate only with necessary services. All traffic is encrypted and subject to continuous integrity checks.

This approach reduces the attack surface and renders implicit trust in the network environment obsolete, reinforcing technical sovereignty.

Encryption, PKI, and Key Management

An internal certification authority (PKI) handles certificate distribution for endpoints, servers, and business applications. Private keys remain within the organization.

Certificate updates and revocations occur via an on-premises service, never through a third-party provider. This guarantees complete control over access validity.

Combined with full-disk encryption and encrypted container systems, this setup ensures that even a compromised device remains inoperative without locally stored keys.

Offline-Capable Business Continuity

In the event of an internet outage or sovereign cloud failure, a local degraded mode allows users to access essential tools. On-site backup servers take over.

A recovery plan includes manual and automated failover procedures, regularly tested through simulation exercises. Endpoints retain local copies of critical data to operate in isolation.

This offline resilience ensures operational continuity even during targeted attacks or major external network failures.

Turning Digital Sovereignty into an Operational Advantage

Digital sovereignty is not limited to choosing a regional cloud, but to reclaiming control over every ecosystem component: firmware, OS, mobile device management, network, communication, and encryption keys. By combining open-source and alternative OSes, on-premises device management, internal PKI, self-hosted messaging solutions, and Zero Trust policies, you can build a modular, scalable, and resilient architecture.

This hybrid model ensures compliance with revDSG, GDPR, NIS2, and DORA, while delivering genuine technological independence and offline-capable continuity. Our experts are at your disposal to audit your environment, define your roadmap, and implement a sovereignty architecture tailored to your business challenges.

Discuss your challenges with an Edana expert

By Martin

Enterprise Architect

PUBLISHED BY

Martin Moraz

Avatar de David Mendes

Martin is a senior enterprise architect. He designs robust and scalable technology architectures for your business software, SaaS products, mobile applications, websites, and digital ecosystems. With expertise in IT strategy and system integration, he ensures technical coherence aligned with your business goals.

FAQ

Frequently Asked Questions About Workstation Digital Sovereignty

How do you ensure digital sovereignty at the workstation level?

Ensuring it involves choosing auditable open source operating systems, an on-premises MDM, an internal PKI, and disk encryption. You need to control the firmware, handle updates through a local repository, and plan for an offline mode for cloud outage scenarios. This modular approach guarantees technical independence and compliance with standards like revDSG and GDPR.

Which open source operating systems should be preferred for sovereign workstations?

You can adopt Linux LTS distributions (Debian, Ubuntu LTS, CentOS Stream) or open source Android forks for mobile devices. The key is to ensure a long lifecycle, availability of local repositories, and the ability to integrate security patches. An internal audit or one by an Edana provider confirms the absence of proprietary components.

How do you set up an on-prem MDM and avoid cloud dependencies?

Deploy a self-hosted MDM solution (e.g., Flyve MDM, Headwind) on your internal servers. Configure enrollment through an internal VPN and generate security profiles from your local console. Make sure to integrate an internal package repository for updates and regularly test offline resilience.

What risks are associated with cloud-dependent firmware and how can they be mitigated?

Secure boot checks and firmware signing can block or corrupt your machines if the remote infrastructure fails. To mitigate this, install an alternative open source bootloader, keep local BIOS/UEFI images signed by your internal PKI, and test a fallback mode to restore equipment without the manufacturer’s infrastructure.

How do you reconcile revDSG and GDPR requirements with a sovereign architecture?

revDSG and GDPR require data localization and protection. A sovereign architecture combines on-prem hosting for endpoints, internal PKI encryption, and communication flow auditing. Document your offline failover procedures, keep logs locally, and be ready to demonstrate each controlled link in the technical chain to an auditor.

How do you ensure offline-capable continuity of your sovereign infrastructure?

Provide onsite backup servers, package repositories, and a containerized messaging service. Implement automatic failover scripts and train your teams on recovery procedures. Regularly test with drills that cut off the internet connection. This preparation ensures access to critical tools even during a cloud outage.

What common mistakes should be avoided when implementing a sovereign architecture?

Common mistakes include neglecting firmware control, outsourcing your PKI to a third party, not testing offline mode, or deploying an MDM without a local repository. Every component must be validated, auditable, and documented. Edana’s expertise recommends a prior audit and a pilot phase to avoid these pitfalls.

Which indicators should be tracked to measure sovereignty and operational resilience?

Track your offline autonomy rate (the percentage of services available without internet), average offline restoration time, the number of locally validated updates, and the time to deploy a firmware patch via your internal PKI. Also measure incidents related to external dependencies to adjust your roadmap.

CONTACT US

They trust us for their digital transformation

Let’s talk about you

Describe your project to us, and one of our experts will get back to you.

Edana
Eaux-Vives, Genève

SUBSCRIBE

Don’t miss our strategists’ advice

Get our insights, the latest digital strategies and best practices in digital transformation, innovation, technology and cybersecurity.

Let’s turn your challenges into opportunities

Based in Geneva, Edana designs tailor-made digital solutions for companies and organizations seeking greater competitiveness.

We combine strategy, consulting, and technological excellence to transform your business processes, customer experience, and performance.

Let’s discuss your strategic challenges.

022 596 73 70

ABOUT US
Agence Digitale Edana sur LinkedInAgence Digitale Edana sur InstagramAgence Digitale Edana sur Facebook