Martin Hosken: Why Defence Data Flows Matter More Than Ever

According to Red Hat's Martin Hosken, the industry's biggest challenge is no longer where data sits, it's how it moves.

Speaking with BizClik Studio at Data Centre LIVE, Martin, Technical Director of Defence and National Security for EMEA at Red Hat, said the conversation around digital sovereignty has long been dominated by data residency.

However, Martin argued that defence organisations should be turning their attention to protecting information as it travels across borders and cloud environments.

Data in motion is the real challenge

"It's probably one of the more overlooked challenges," Martin said.

"We talk about sovereignty, because data residency – where the actual data resides, the country, the location where the data resides – that's fairly straightforward to manage...

"But actually, when data flows between countries or flows on cables under the Atlantic Ocean, under the Pacific Ocean, that changes everything."

Martin said defence agencies must now assume that hostile actors are collecting encrypted information with the expectation that future quantum computing capabilities could eventually decrypt it.

"So, all of these things are factors that we have to really think about. Data sovereignty itself, data residency, or even data locality, that's quite easy to manage. Managing data flows is tough."

Martin compared defence infrastructure with everyday consumer technology.

Most people know a photo taken on a smartphone is stored in a data centre somewhere, but few understand how it gets there or what encryption protects it in transit.

For defence and intelligence organisations, however, every stage of that journey must be understood, secured and managed.

Different countries, different approaches

Hosken explained that sovereignty requirements vary considerably depending on the organisation involved and the classification of the data being handled.

For NATO, the use of both US and European technology reflects the alliance's multinational nature.

He added that the UK's position is also distinct, thanks to decades of intelligence sharing through the Five Eyes partnership.

Other European countries, including France and Germany, take different approaches to sovereignty and cloud adoption.

Martin said organisations must balance legal frameworks, operational requirements and trusted technology providers according to their own security needs.

Building resilience into the data centre

As cyber threats evolve, resilience is becoming a fundamental design principle for modern data centres.

"So, resilience has to be built. It's not there just by default. You can't expect any application, any infrastructure, any data centre to be just resilient because you say it is."

Martin described resilience as a multi-layered challenge that starts with physical infrastructure before extending through servers, applications and data architecture.

Multiple copies of critical information improve availability, although every additional system inevitably expands the potential attack surface.

He also explained that some UK critical infrastructure workloads are currently being moved from public cloud environments into private, air-gapped platforms as governments seek greater protection from external threats.

Transparency through open source

Vendor lock-in is another challenge facing defence organisations adopting cloud technologies.

"So, vendor lock-in is a challenge for everyone... avoiding vendor lock-in is almost impossible," Martin stated.

He added that Red Hat's open source model makes every line of code visible while providing enterprise-grade testing, support and security hardening.

Looking ahead, he believes technologies including confidential computing, post-quantum cryptography and hybrid cloud will underpin coalition cloud environments designed to help allies share intelligence securely.

While governments will ultimately determine the legal frameworks surrounding cross-border data, Martin said technology providers have a firm responsibility to deliver platforms capable of meeting those evolving requirements.