16 Month 2026 Redefining cybersecurity and trust in the new data center landscape Roger LvinCEO and Executive Chairman
Long story short Cybersecurity and trust are no longer confined to the Security Operations Center. Governments, private companies, and individuals all have a role to play in safeguarding data, building trust, and preserving sovereignty in data center infrastructure. Why it matters The rapid proliferation of data centers globally has been accompanied by new cyber-attack surfaces and threats, as well as geopolitical tensions. With vast volumes of information now distributed across different geographies, jurisdictions, and third-party platforms, businesses risk losing visibility over their data, making it easier for threats to go undetected. But by developing new collaborative approaches to security, it’s possible to reduce vulnerabilities and increase visibility across the threat surface. Building trust from the ground up Trust is hard earned. It can take months, years, decades, or even centuries for trust in a given institution or industry to develop. Take banks as an example: for the most part, consumers and enterprises trust them with their assets and hard-earned money. This is due to a proven track record, and a range of checks and balances – many of which were introduced after failures and financial crashes. Banks have a fiduciary duty to their customers, and deposits in many countries are protected by schemes like the FDIC and the FSCS.
Case study Raiffeisen Bank During its cloud migration, Raiffeisen Bank International defined and implemented baseline security settings for all applications, while giving individual product and delivery teams the flexibility to enforce more robust protection where required to mitigate risk.
Compare that to data centers: they haven’t been around for nearly as long and don’t have the same protections in place. Cyber-attacks and data breaches are commonplace, and the owners of data have little recourse when they do happen. Data theft is theft, but it isn’t treated like money stolen from a bank. To build trust, there needs to be a shift in approach. Data is an asset in its own right and should be approached accordingly. We need new frameworks and institutions to support consumers and tackle cyber criminals. This is especially important today. The last two decades have seen major shifts in the data center landscape. Data centers have gone from being an IT asset to a real estate asset. As compute demand and scale increased, the focus shifted to the built environment and the footprint of physical infrastructure. Now, data centers have transformed again. They have become a national asset, and sovereignty looms large in discussions of data center build outs. Sovereign cloud offerings are not only desirable – increasingly, data protection regulations make them a necessity. Given their geo-strategic significance, the questions of trust and safeguarding have a particular significance in the present moment. “Sovereign cloud offerings are not only desirable – increasingly, data protection regulations make them a necessity.” Leading from the front in government Now that data centers are a national asset, they have become a key concern for governments. From the US’s $500 billion Stargate undertaking with OpenAI to hyperscale projects in the UK from Google, Microsoft, and Blackstone, nations vie for sovereign infrastructure and economic growth. Sovereignty is front and center: governments want domestic data centers that keep models and data within their jurisdictions, maintaining the resilience and continuity of crucial infrastructure in the process. Crucially, they are responsible for regulating and monitoring these operations. Without this oversight, piracy would likely be rampant, and protections diminished. Regulations such as the EU’s GDPR and NIS2 have been hugely influential in setting new standards in data protection and cybersecurity – standards which in turn influence approaches internationally. However, more could be done to ensure they are adopted and implemented across the board. There is often a gap between regulations and reality. Equally, there should be a carrot to accompany the stick of regulation. Normally, firms’ cybersecurity only gets attention when there’s a breach. While understandable, that approach is purely punitive. Why not do the opposite, celebrating and rewarding the success of companies that retain a flawless track record? Conceived and implemented effectively, policy frameworks can incentivize more responsible, secure operations. On one level, the interests of the private and public sectors are in tension with one another. It’s easy to view government as a policeman enforcing rules – even arriving onsite for unannounced visits – rather than a partner that works alongside firms to improve standards. What’s more, hyperscalers face the threat of anti-trust interventions, up to and including their operations being broken up. We need to work to shift these antagonistic dynamics, forging new public-private partnerships that improve standards and safeguard consumer data. “Trust comes at a cost, whether you’re an individual, an enterprise, or a government.” Bigger roles, wider cast We all have a role to play in ensuring data is secure. Trust comes at a cost, whether you’re an individual, an enterprise, or a government. As the saying goes, “if it’s free, you are the product” – this principle is especially true when it comes to data protection. While paying doesn’t guarantee security, preventing data from being used and shared with third parties almost invariably comes at a cost. To safeguard it effectively, data owners must implement strategies grounded in resiliency and redundancy. Resiliency refers to an entity’s ability to protect themselves – the steps you take before an attack takes place. It means developing your own security measures, as well as using providers with robust protections such as firewalls. Redundancy is the ability to recover from attacks. This involves backing up data in multiple places, rather than relying on a single provider. It’s essential to have a failsafe against failure, or indeed geographic factors. If there’s a flood in a region, being able to tap into infrastructure elsewhere is vital. Cyber threats are a global challenge that necessitates a globally networked response. These principles apply irrespective of whether you’re an individual safeguarding personal data or a hyperscaler responsible for huge volumes of sensitive information globally. And they are best implemented collaboratively. The best way to safeguard data from cyber threats is for entities to pool resources and expertise, sharing insights and best practices where possible. Governments, businesses, and individuals must all take responsibility for cybersecurity, working together to stay ahead of threats. Hitachi has a range of advisory services for organizations looking to bolster their cybersecurity capabilities. We’ve served organizations of all types and sizes for over 25 years, offering custom solutions tailored to specific needs. Our portfolio now includes advanced offerings such as HARC for AI and HARC Agents—enterprise-grade agentic AI solutions designed to proactively defend against evolving cyber threats and automate security operations at scale. Our virtual CISO services, which provide proactive risk management and expert guidance, help you to proactively manage risks and regulatory compliance amidst evolving cyber threats, meaning you’re free to meet your objectives and move your business in the right direction. And we are supporting businesses to maintain better control of their data and keep it within regional borders, while ensuring security and compliance. Our VSP One Hybrid Cloud and VSP One Object platforms provide localized storage combined with governance capabilities.
Own the conversation Ask the big question: Will we ever reach the level of comfort with data in data centers as we have with money in the bank? Or will threats continually evolve faster than cybersecurity measures? Disrupt your feed: Given the increasing geo-strategic significance of data center infrastructure, will we move into NATO style defense pacts for cybersecurity? How would that impact conversations around sovereignty? Drop this fact: The global cost of cybercrime is expected to be $10.5 trillion in 2025 alone.
