New report: Cloud “fundamental” for European national security and defense

Cloud computing has emerged as a critical enabler of national security and defense capabilities across Europe. A new report from the Royal United Services Institute (RUSI), which Amazon Web Services (AWS) supported, shows the ways that four European nations leverage hyperscale cloud infrastructure to strengthen their defense posture and protect national interests in an increasingly complex threat landscape. This is an important paper at a time when NATO seeks a modern digital backbone on which it and its European member nations can retain and strengthen their technological advantage.

The strategic imperative for cloud adoption

The RUSI paper demonstrates that cloud technologies support three objectives that are fundamental to European national security: achieving resilience, replacing obsolete legacy systems, and accessing advanced capabilities including artificial intelligence (AI). This shift represents more than digital modernization. “For NATO and European allies, cloud adoption is not only a matter of digital modernization; it is also a question of strategic readiness. The ability to deploy interoperable, scalable and secure digital capabilities will shape the Alliance’s capacity to deter and respond to emerging threats,” the paper argues. It concludes that “Cloud computing has become a fundamental capability for European national security and defence.”

National applications

Drawing on case studies from the UK, Ukraine, Estonia, and Finland, which leverage a range of cloud service providers, the RUSI paper assesses the strategic and operational impacts of cloud adoption while addressing challenges such as connectivity, legal barriers, market concentration, and geopolitical risks.

Ukraine

As Russia’s invasion began, Ukraine rapidly migrated critical government registries and digital services to cloud infrastructure, supported by AWS. This enabled ongoing continuity of essential government services despite relentless cyber and kinetic attacks.

The RUSI report includes examples from a range of cloud service providers to illustrate cloud adoption and its impact. The paper describes how Ukraine then deployed the Delta Platform, a cloud-native command and control platform that integrates multiple data sources to provide real-time situational awareness, secure military communications, and automated threat detection. Its cloud-based approach is fundamental to operating at speed of relevance and at scale. It has also, the paper notes, enabled international partners to provide cyber capability support through programs like the UK-Ukraine Cyber Programme—demonstrating how cloud infrastructure can facilitate rapid international cooperation between allies during crises.

Estonia

Estonia has taken a proactive approach to digital continuity by creating a data embassy in Luxembourg, which stores critical government databases that could be accessed by a government-in-exile if the country were invaded, ensuring that essential digital governance capabilities would survive even the most extreme scenarios.

Finland

Finland has leveraged cloud computing to revolutionize military training through Live-Virtual-Constructive (LVC) training systems. These cloud-based platforms integrate live aircraft with virtual simulators, enabling sophisticated training scenarios that would be cost-prohibitive using traditional approaches. The system demonstrates how smaller nations can access advanced military capabilities through cloud, with performance analytics and real-time training data transmission providing unprecedented training effectiveness.

United Kingdom

The UK has integrated cloud technologies into its national cyber defense strategy through initiatives like the National Cyber Security Centre’s Protective Domain Name Service (PDNS). This cloud-based system prevents access to malicious domains, providing real-time protection for government networks and critical infrastructure. The UK government announced the Borealis space monitoring system in March 2025, which seeks to collate and process information from multiple sources up to top secret classification to protect satellites and support military decision-making. The program shows that the cloud can securely handle sensitive defense data while providing the scale needed for complex space operations. This case is relevant for defense ministries considering classified data in cloud environments.

The examples from Ukraine, Estonia, Finland, and the UK demonstrate that cloud computing has become part of modern national security infrastructure. As threats continue to evolve and become more sophisticated, the ability to rapidly deploy, scale, and adapt digital capabilities will increasingly determine national security outcomes.

Strategic challenges and considerations

The RUSI report identifies challenges that European governments consider. These include network connectivity, integration with legacy systems that impact on interoperability, uncertainty around the concept of sovereignty, and procurement systems designed for traditional infrastructure. The paper concludes: “The strategic question is therefore not whether governments should adopt cloud technologies, but how they should navigate trade-offs to maximize benefits for national security and defence.”

RUSI recommendations for government action

The RUSI report offers the following recommendations for European governments seeking to harness cloud computing for national security and defense purposes:

1. Develop clear strategic direction for cloud adoption tailored specifically to national security and defense needs, creating a top-down, principles-based approach that guides decision-making across all agencies.
2. Revise legal frameworks to enable cloud adoption for national security applications.
3. Plan future compute requirements using scenario-based modelling to understand capacity needs across various situations.
4. Centralize procurement and assurance functions for cloud services.
5. Adopt risk-based approaches: Anchor procurement in the criticality of data and services, allowing for appropriate security measures while avoiding unnecessarily restrictive policies that limit beneficial cloud adoption.
6. Build internal capabilities so personnel have the skills needed to identify, adopt, and procure cloud solutions effectively—so that procurement decisions are informed by technical expertise.
7. Implement dependency mitigation strategies, which could include client-side encryption, data portability requirements, interoperability standards, and hybrid or multicloud strategies.
8. Foster trust and transparency between governments and cloud service providers through joint exercises, shared responsibility models, and regulatory oversight. This can help address sovereignty concerns while maintaining access to advanced capabilities.

In short, for mission to transform, the whole organization needs to transform. Change begins with a strong top-level leadership vision that is realized through new ways of working across IT, procurement, security, legal, and many other functions. The whole organization needs to evolve.

Cloud technology allows mission-based applications and services to be developed in an agile way, scaled when needed and without excessive cost. It also provides defense organizations with the baseline for cyber security that they will not achieve with legacy IT infrastructure, as on premises solutions are unable to match the breadth and constantly updated suite of security solutions that are available with the cloud.

Learn more:

• Building resilient cloud services
• Digital Sovereignty at AWS
• Trusted Secure Enclaves on AWS
• Connect with the AWS NATO team
• Connect with a vetted AWS Partner for specialist support