Sovereignty is the easy part to put on a marketing page. The hard part is the operations underneath: the bare-metal orchestration, the failover topology that actually fails over, the CVE response that doesn't take three sprints, the monitoring that catches the right things at three in the morning. This piece will be a working set of notes on how I think about that work at Petrichor Labs, where every shortcut I might have taken in a hyperscaler has to be replaced with something I built.
Most "sovereign" offerings outsource hard problems back to the same jurisdictions they claim to leave. The interesting work is what survives that constraint.
— Planned outline —
- Why sovereignty fails when ops is shallow.
- Designing private mesh networks for tenant isolation.
- Failover topology — what's actually testable, what's just theatre.
- CVE response cadence on a tight team.
- Monitoring you'd actually trust at 3am.