Executive Summary: Digital Sovereignty at Risk in the Public Sector

Government agencies and educational institutions are at a digital crossroads, grappling with a rapidly evolving IT landscape full of technology vendors, cloud solutions, and emerging AI capabilities. The 2025 Nutanix Public Sector Enterprise Cloud Index report reveals significant strides in AI and container use, but also reveals concerns of critical vulnerabilities that can threaten public sector IT operations and mission delivery.

Fragmentation and Vendor Lock-In

The current state of public sector IT is characterized by internal fragmentation and reliance on an increasing array of external vendors. Historic organizational silos continue to plague government agencies and educational institutions, with systems teams, application groups, and business divisions operating in isolation. 

The pursuit of modernization through cloud services, SaaS solutions, and AI solutions has created a paradox where the very technology meant to improve efficiencies and the constituent experience are replacing internal capabilities, creating dependencies of vendor lock-in as well as increasing security vulnerabilities. 

Overall, compartmentalization has created inconsistent governance policies and isolated data repositories that fundamentally undermine the ability to extract meaningful insights from AI workloads that could otherwise inform better policy decisions and allocation of scarce resources.

GenAI Adoption and Security in the Public Sector

The generative AI (GenAI) revolution has arrived in the public sector, with the Public Sector ECI Report finding that 94% of organizations are already leveraging GenAI applications. 

However, this adoption has exposed concerns of security and privacy vulnerabilities. A staggering 92% of public sector respondents acknowledge they could be doing more to secure their AI models and applications, while 67% find data privacy challenging despite 98% agreeing that data privacy is a priority when implementing GenAI. 

This contradiction highlights a fundamental disconnect between intent and capability that may put sensitive government and citizen data at risk.

The Skills Shortage, Infrastructure Gaps, and Investment Priorities

The IT skills shortage represents perhaps the most critical threat to public sector digital sovereignty. The report confirms that only 51% of public sector organizations believe they possess the necessary skills to support GenAI initiatives. 

When asked about their biggest GenAI challenges, public sector respondents overwhelmingly ranked privacy and security concerns of using large language models with sensitive organizational data as their primary challenge, cited by 38% compared to the next highest concern at 26%. 

This isn't merely a skills gap but a widening chasm between organizational needs and internal capabilities.

Infrastructure inadequacy compounds these challenges, with 81% of public sector organizations reporting that their current IT infrastructure requires at least moderate improvement to fully support data security. 

The fact that IT infrastructure, IT training, and cybersecurity rank as the top three investment priorities for supporting GenAI indicates that foundational systems seem unprepared for current opportunities, much less future demands.

Complexity and Kubernetes 

The complexity burden continues to escalate as the report reveals that 83% of public sector organizations now operate multiple Kubernetes® environments. When combined with outsourced applications—each requiring distinct security protocols, compliance requirements, integration challenges, pricing models, and vendor relationship management— what begins as a solution to reduce complexity could become a management nightmare that increases security vulnerabilities. 

IT teams find themselves transformed from builders and innovators into vendor coordinators and contract administrators, while costs escalate through vendor-controlled pricing models designed to maximize profit rather than public value.

This erosion of internal capability represents a fundamental threat to digital sovereignty, which encompasses infrastructure independence, data control, regulatory authority, economic control, and security autonomy. For public sector organizations, digital sovereignty means: 

• Maintaining mission continuity without dependence on external vendors 
• Preserving public trust through data protection 
• Ensuring national security by preventing adversary access to critical systems 
• Retaining innovation capacity for unique public sector needs 
• Achieving cost control through freedom from vendor lock-in

A Hybrid Strategy for Digital Sovereignty + A UK Case Study

The path forward requires a strategic reconsideration of IT architecture that prioritizes sovereignty while embracing modernization. Working with our government and education customers, we have seen that the most effective approach to digital sovereignty isn’t complete self-reliance or total out-sourcing—it’s strategic hybrid thinking that maintains core internal capabilities while leveraging external expertise appropriately. This means building strong internal IT management, governance and oversight capabilities that should never be outsourced, while maintaining technical architecture and integration expertise to prevent vendor lock-in and ensure system interoperability. 

The UK Department for Work and Pensions provides a compelling proof point, having reversed over 20 years of outsourcing that had left them with fragmented IT infrastructure. By implementing a unified cloud platform approach from Nutanix, they brought outsourced applications back under direct management, achieved cloud-like scalability from secure on-premise solutions, and empowered staff through AI-assisted self-service capabilities while maintaining complete control over their digital destiny.

Real-world evidence consistently demonstrates that agencies with strong internal foundations can effectively leverage external partners while maintaining service continuity and adapting to changing needs. Conversely, over-reliance on outsourcing creates costly vulnerabilities that can ultimately undermine public trust and service delivery.  

How to Reclaim Digital Sovereignty

The time for action is now. Recommendations include: 

• Auditing current vendor dependencies 
• Identifying critical applications where vendor failure would compromise mission delivery 
• Assessing internal skills gaps
• Implementing hybrid cloud platforms that restore organizational control. 

The medium-term strategy should focus on aggressive upskilling programs and selective in-sourcing of high-risk applications, while long-term goals should include developing internal application factories and centers of excellence that position these organizations as preferred destinations for top IT talent.

The stakes could not be higher. Digital sovereignty isn't merely about technology infrastructure; it's about preserving the public sector's ability to serve citizens effectively, protect sensitive data, maintain national security, and innovate in response to unique community needs. 

©2025 Nutanix, Inc. All rights reserved. Nutanix, the Nutanix logo and all Nutanix product and service names mentioned are registered trademarks or trademarks of Nutanix, Inc. in the United States and other countries. Kubernetes is a registered trademark of The Linux Foundation in the United States and other countries. All other brand names mentioned are for identification purposes only and may be the trademarks of their respective holder(s). Certain information contained in this content may link or refer to, or be based on, studies, publications, surveys, and other data obtained from third-party sources and our own internal estimates and research. While we believe these third-party studies, publications, surveys, and other data are reliable as of the date of publication, they have not independently verified unless specifically stated, and we make no representation as to the adequacy, fairness, accuracy, or completeness of any information obtained from a third-party. Our decision to publish, link to or reference third-party data should not be considered an endorsement of any such content. Customer statements on results, benefits, savings or other outcomes depend on a variety of factors including their use case, individual requirements, and operating environments, and should not be construed to be a promise or obligation to deliver specific outcomes.