There’s a growing wave of scaremongering in Europe around sovereign cloud—and MSPs are getting caught up in it, particularly when it comes to backup. We’re hearing the same refrain more often: “We won’t use Druva. Backup has to live in our own data centre to protect workloads running in the public cloud.”

Bluntly? That makes no sense.

Let’s separate genuine concerns from misplaced fear.

Sovereign Cloud Matters: But Not Where You Think

Yes, sovereignty is important. Production workloads containing sensitive, regulated, or nationally critical data absolutely belong in a sovereign or regionally controlled cloud environment. That’s where data gravity, jurisdictional control, and operational sovereignty really matter.

But backup is not production. Treating it as such is a category error.

Backup data is cold, inactive, encrypted, and accessed only when something has gone wrong. The risk profile is fundamentally different. Applying the same sovereignty logic to backup as you do to live workloads is like insisting your fire extinguisher be stored in a vault.

Why “Backup in My Data Centre” Is the Wrong Hill to Die On

MSPs arguing that backup must live in their own data centre to “protect” public cloud workloads are actually increasing risk, not reducing it:

• Shared blast radius – If your data centre is compromised, your backups go with it. That’s the opposite of cyber resilience.

• Capital-heavy, brittle architecture – Hardware-based backup stacks age badly, scale poorly, and are expensive to secure properly.

• Security theater – Physical control does not equal better security. It just feels comforting.

Meanwhile, modern attackers don’t care where your racks are. They care about credentials, access paths, and recovery speed.

Why Public Cloud Backup (Done Properly) Wins

This is where Druva’s model matters.

Druva was built for this exact problem:

• End-to-end encryption — Data is encrypted in-flight and at rest. Customers control the keys. Even Druva can’t see the data.

• Air-gapped by design — No infrastructure to manage, no patching, no lateral movement risk.

• Zero trust, zero access — No backdoor admin access, no sneaky console logins.

• Massive durability and geographic resilience — Something your average MSP data centre simply cannot match.

Put simply: backup in the public cloud is safer than backup in most private data centres—provided it’s built correctly. Druva is.

The Elephant in the Room MSPs Ignore

Here’s the kicker.

Every MSP customer already trusts the public cloud with their most sensitive data:

• Their email

• Their collaboration

• Their identity layer

Whether it’s Microsoft or Google, nobody is rushing to pull email back on-prem “just in case.” And that’s because the industry has already accepted a simple truth:

Security is about architecture, not postcode.

The Real MSP Opportunity

Instead of fighting yesterday’s battle, MSPs should be focusing on:

• Helping customers place production data in the right sovereign or regional cloud

• Designing resilient, immutable, off-platform backup that survives ransomware

• Reducing cost, complexity, and operational drag

• Delivering faster recovery, not heavier infrastructure

Backup is your last line of defence. It should be outside the blast radius, not bolted to it.

Final Thought

Sovereign cloud fear is being overplayed in backup—and it’s distracting MSPs from real risk reduction. Customers don’t win when backup is dragged back into fragile, expensive data centres. They win when it’s secure, isolated, encrypted, and instantly recoverable.

And whether we like it or not, the public cloud is already trusted with the crown jewels. Backup should be no different.