The wars in Ukraine and the Middle East have exposed a strategic reality that military planners are only beginning to confront: In a data-centric age, digital infrastructure has become part of the battlespace. Data centers and cloud regions are now the digital backbone of military power and economic prosperity. As such, they present attractive targets for rapidly proliferating long-range strike systems, drones, and cyber capabilities. As the protective value of physical distance erodes, strategic depth — once conceived in geographical terms — must now be measured in the resilience of data and compute.
Alex Rough detailed the physical vulnerability of data infrastructure in these pages in 2025 and correctly observed the increasing strategic centrality of that same infrastructure. I agree that governments are increasingly reliant on commercial technology and must ensure access to it, but rather than focusing primarily on policies to harden and govern data centers, modern strategy demands a new way of thinking about critical technology — it should not simply mean transferring existing on-premises models onto cloud platforms.
The risk is that governments mistake local control for real resilience. Sovereign infrastructure can play an important role, but when pursued at the expense of other capabilities it can create brittle, targetable architectures. Governments ought to create digital strategic depth through dispersion, elasticity, and optionality: distributed cloud architectures, able to fail over to alternate infrastructure when degraded, hybrid and edge capabilities, sovereign access controls, and workload portability across trusted environments. This is the approach that preserves sovereign control while improving survivability, continuity of operations, and access to innovation.
In the interest of transparency, I work for one of the companies that stands to benefit if the arguments in this piece are persuasive. As Microsoft’s defense and national security policy lead for Asia, I have a direct commercial interest in the adoption of hyperscale cloud by like-minded governments. However, the argument that follows is for architecture and philosophy, not a product line. Commercial hyperscale cloud and its strategic benefits are not exclusive to my employer but are a unique capability that exists within the United States and its partners.
Sign Up for Our Newsletter
Defining Strategic Depth
The convergence of digital technology and state power creates a new center of gravity — not just the physical military platforms proliferating on the battlefield, but the data and compute that enable them. And with that shift comes a new requirement — digital strategic depth.
Digital strategic depth is the ability of a state to sustain, regenerate, and project competitive military, governmental, and economic power despite disruption to its digital infrastructure. It is not simply a question of cybersecurity, nor is it reducible to redundancy in the traditional sense. It encompasses the geographic distribution of data, the resilience of compute, the elasticity of processing power, and the ability to fail over to alternate regions and tactically switch to alternative hybrid architectures as the communications environment is contested. Its singular objective is survivability, ensuring that data, compute, and operations persist through disruption, whether at the cloud layer or the edge, employing leading-edge capabilities. It is achieved through three mutually reinforcing pillars:
Dispersion, the deliberate distribution across geographies, jurisdictions, and infrastructure to prevent concentration and complicate targeting. The scale of the digital environment creates obscurity for data and exponentially increases the costs of attempts to degrade the network meaningfully. This also creates the ability to bring compute closer to the theater of operations, reducing latency.
Elasticity, the technical ability of the infrastructure to absorb shock, shift workloads, and regenerate compute across data centers, regions, and operating environments in response to demand, disruption, or attack.
Optionality, the policy, acquisition, and architectural posture that retains independence from single points of failure, including vendor lock-in and regulatory change.
Achieving digital strategic depth will require novel approaches to sovereignty which account for developments in encryption and access, offering sovereign control over data without necessarily controlling it locally. Governments must move beyond a narrow conception of data sovereignty toward a broader emphasis on data survivability, requiring a pragmatic approach to infrastructure and technology adoption which leverages the unparalleled growth of compute power in the private sector and melds it with state capability. Such an approach can still incorporate domestic champions and national infrastructure but should be sufficiently flexible to include global technology companies that provide the scale needed to ensure continuity of operations and the resilience required to reconstitute under duress.
New Depths of an Age-Old Concept
Historically, strategic depth meant geography. States survived invasion by trading space for time, preserving the industrial and political capacity needed to regenerate combat power. The Soviet Union’s experience during World War II remains a classic example. Distance, scale, and overstretched logistics imposed costs on an attacker that ultimately outweighed battlefield success.
That logic is breaking down. In Ukraine today, while territorial depth still matters, the reach of precision strike and cyber operations has compressed the battlespace. Whether it is Ukrainian strikes on Moscow with newly designed weapons or seeing Iranian forces attack civilian data infrastructure in Bahrain and the United Arab Emirates, no capital, command node, or data center can assume sanctuary based on distance alone.
At the same time, military power has become fundamentally data-driven and data-reliant. Modern platforms, both manned and unmanned, generate vast volumes of data, from full-motion video to signals intelligence to telemetry. Over a decade ago, the U.S. Air Force was already reporting data collection of around six petabytes of data per day, which is almost a century of high-definition video. Until recently, much of this data was underutilized, constrained by limited processing and analytical capacity. That is changing rapidly. Systems such as Palantir’s Maven Smart System and Ukraine’s DELTA battlespace management platform demonstrate how data, when effectively aggregated and processed, can generate real-time operational advantage at the command and unit levels. DELTA, for example, is a central element in Ukraine’s ability to fuse tens of terabytes of data daily, from the drone sorties being executed routinely, to satellite imagery, shared intelligence, and other sensor data.
Ukraine enhanced its resilience by storing its data and critical warfighting applications on cloud infrastructure located outside the country. This placed some of its most valuable operational advantages beyond the kinetic reach of the Russian military while leveraging private sector capability and scale for cybersecurity, demonstrating that strategic depth can now be created through the architecture of data as much as through geography.
In Iran’s strikes on data centers in the Middle East, service interruptions resulted from multiple availability zones being taken offline simultaneously, when the existing redundancy model only accounted for the loss of a single zone. This example demonstrates the risks in measuring strategic depth solely in geographic terms: concentrating data centers in a regional cluster that serves that same region can create vulnerabilities without sufficient redundancy. Yet the concept still held under fire. The affected service providers mitigated the outages by migrating workloads outside the target area, demonstrating the ability of modern data infrastructure to adapt and regenerate in response to threats.
Despite these recent case studies, the direction of travel for many national approaches to digital infrastructure is at odds with the direction of technological innovation. The instinct to build and own sovereign data centers is strong, often framed as a matter of control or security. In practice, this approach can often introduce brittleness. No matter how well defended, a single fixed data center remains a fixed target — and if your network has an address, an adversary can plan against it. Its redundancy is limited, its scalability constrained, and its survivability contingent on physical protection that is increasingly difficult to guarantee.
This is not to dismiss the logic for sovereign control in the system. Many governments have pursued localization as one mechanism to create assured access. Domestic laws which mandate data localization and regulate cross-border movement of data create real constraints on data architecture. And the political reliability of international partners cannot be taken for granted. However, governments no longer face a binary choice between storing data domestically or surrendering control. Cryptographic controls, sovereign access models, and hybrid architectures allow states to retain sovereign control over their data while embracing distributed infrastructure.
This argument does not deny the tension between national sovereignty and data survivability but recognizes that it is a system of sliding controls with sometimes-inverse relationships. Ratcheting up localization will decrease survivability as well as increase costs. Understanding these relationships makes it clear that governments are unlikely to be best served by completely maximizing any of these inputs. Each will need to create the mix that best suits national capabilities, assets, and policy objectives.
Even routine accidents reveal the fragility of centralized digital infrastructure. Fires at South Korean data centers in 2022 and 2025 disrupted hundreds of government services, demonstrating that concentration creates strategic vulnerability, even in peacetime. Distributed commercial cloud infrastructure offers a fundamentally different model. Rather than treating resilience as physical protection, it treats resilience as mobility. Data and workloads can shift across geographically-dispersed infrastructure, preserving continuity even when individual facilities are degraded or destroyed. In strategic terms, compute acquires many of the characteristics that geography once provided.
Plumbing the New Depths
There are significant policy implications in recognizing the centrality of compute as a critical national asset and, as militaries integrate AI, autonomy, and enterprise analytics into operations, the requirement for access to resilient, scalable data infrastructure will only increase.
A solicitation for the future of the Joint Warfighting Cloud Capability Unified Cloud Marketplace offers one example of a pathway to fulfilling the requirements for digital strategic depth.
The first listed objective for the Unified Cloud Marketplace is achieving services that “operate despite catastrophic failure of portions of the infrastructure,” effectively describing survivability at the top of the government’s list of priorities. Within the concept of survivability resides the need for graceful degradation, and the statement of work calls for the ability for edge capabilities and devices to function in denied, degraded, intermittent, and limited environments “as if connected, with the only features and functionality missing being those that rely on real-time interconnection services.” As already acknowledged, services can be disrupted and a state that achieves digital strategic depth will have access to cross-border, as well as on-premises and disconnected, capabilities at the leading edge.
Geographic dispersion is also addressed from several angles by the Unified Cloud Marketplace. It mandates that participating providers maintain multiple data centers with at least 400 miles of geographic separation between them, operating on separate power grids. The services procured must be available internationally as well, via points of presence on all continents other than Antarctica, with similarly geographically-dispersed hardware.
In its section on availability and resiliency, the Unified Cloud Marketplace sets out the requirements for data to be able to move dynamically across data centers. The ability to failover to alternative nodes or sectors of the architecture in the event of demand or attack is how the program meets the need for elasticity and underlines the difference between real digital strategic depth and a sovereign data center.
The Unified Cloud Marketplace’s approach from its conception is to avoid over-reliance on any one partner and to architect vendor optionality into the acquisition. The ability to on-ramp and off-ramp vendors as and when desired is one way to insure against vendor lock-in and ensure the ability to pivot to new providers.
Depth is Not Invulnerability
None of this is to say that adoption of one technology or another is a silver bullet. Modern data strategy will rely on a constellation of technologies capable of maintaining critical workloads in intermittently connected, contested, and even fully disconnected environments. It will require a fundamental conceptual shift in approach to a rapidly changing environment and constantly evolving operating space, necessitating an approach to integration and compliance that moves at the speed of relevance. Rather than preserving individual servers and architectures as bespoke assets, governments would benefit from adoption of infrastructure-as-code models that allow workloads to be burned down and reconstituted rapidly, data to remain encrypted and portable, and redundant copies to be distributed across locations chosen for survivability.
Governments must also reckon with the fact that partnerships with commercial organizations introduce vendor reliability as a legitimate risk that must be proactively managed. Technology providers operate in a world governed by legal, political, and reputational pressures, and these can lead to service disruptions. These interruptions can even be a result of allies’ policy decisions. But the existence of political or regulator risk is not an argument against technology adoption, nor is the appropriate response technological autarky. It is architectural resilience, including contractual safeguards, multicloud design, sovereign access controls, and data portability that preserve freedom of action even if individual providers fail. Recognizing and mitigating concentration risk is not unique to the technological realm.
Ultimately, building data resiliency should not be understood as an IT modernization effort — it is a strategic imperative. Merely moving existing on-premises operating models into the cloud would risk reproducing the Maginot Line in digital form: a fixed architecture designed around control when the strategic requirement is survivability through dispersion, elasticity, and optionality. Strategic depth has not disappeared, but it has evolved. The 20th century measured strategic depth in miles. The 21st will measure it in the ability of data and compute to survive disruption, regenerate across distributed infrastructure, and continue generating combat power.
Write for Cogs of War
Blake Herzinger (@BDHerzinger) is Microsoft’s defense and national security policy lead for Asia and spent 18 years in the U.S. Navy and U.S. Navy Reserve. The views expressed in this article are those of the author alone and do not represent those of his civilian employer, the U.S. Navy, the Department of Defense, or the U.S. government.
Image: C Arce via DVIDS.

