IBM today introduced a new cloud sovereignty tool aimed at helping enterprises demonstrate compliance, operational control and governance as artificial intelligence deployments expand across hybrid and multicloud environments.
IBM Cloud Sovereignty Risk Profile is designed to give organizations greater visibility into where workloads run, how data is protected, and whether operational controls meet regulatory requirements.
The launch reflects growing enterprise concern about digital sovereignty as organizations increasingly deploy AI systems that span multiple jurisdictions, cloud providers, and data sources. A new study by IBM’s Institute for Business Value and the Dubai Future Foundation reported that 93% of executives say sovereignty must be incorporated into business strategy. However, fewer than one-third know where AI workloads are running, and only 18% maintain a current inventory of AI systems.
The new tool is integrated into IBM’s Security and Compliance Center Workload Protection platform, which organizations can use to manage compliance and security across hybrid cloud environments.
The offering is part of a broader digital sovereignty strategy built around four principles: provability, prevention, privacy and portability. The prevention component focuses on encryption and customer control of cryptographic keys, including IBM’s Keep Your Own Key technology, which enables customers to maintain exclusive control over encryption keys using hardware certified to the Federal Information Processing Standards 140-3 Level 4 standard.
The fourth pillar, portability, emphasizes open-source technologies. IBM Cloud relies heavily on technologies such as Red Hat OpenShift, Kubernetes and open interfaces to allow customers to move workloads between public cloud, private cloud, and on-premises environments without becoming locked into a single provider.
“Leaders are under pressure to show where data lives, how systems behave, and who ultimately has authority over critical workloads,” IBM Cloud General Manager Alan Peacock wrote in a blog post. “Yet the visibility required to answer these questions remains elusive.”