Keynote speaker David Cattler served as NATO Assistant Secretary General for Intelligence and Security and later as Director of the U.S. Defense Counterintelligence and Security Agency. His experience gives him a unique and powerful perspective on issues of data sovereignty, security, and technology.
As he puts it, “I’ve spent most of my career working where technology, trust and institutional accountability intersect”.
He now advises hyperscalers, systems integrators, component manufacturers, startups, and multinational enterprises operating across the global Cloud ecosystem.
We spoke with David to get a glimpse of the landscape from his vantage point, and get a sense of what to expect from his session at CloudFest.
Why has trust become a strategic issue for Cloud and AI providers, not just a technical one?
When trust fails, the impact doesn’t stay technical. It cascades, moving from technical to regulatory to geopolitical quite quickly. Or sometimes the other way around. A geopolitical change can alter regulations, shaping how the technology is allowed to innovate, evolve, be produced, fielded, and operated.
When something goes wrong or when control is unclear, governments don’t respond philosophically. They’re responding structurally—and often more assertively than technologists expect.
How does that impact the Cloud sector?
Cloud and AI now sit at the center of critical services and decision-making. That’s why trust is no longer reputational or contractual. It’s actually becoming architectural.
Companies that understand these sensitivities and can demonstrate appropriate security, data stewardship, and relationships will be more competitive than companies that cannot. They’re more attractive to public-sector clients for their reliability and auditability. They are also more attractive to potential partners.
What does digital sovereignty really mean for globally connected platforms and providers?
Digital sovereignty is a big deal, but it’s often misunderstood. It’s expressed as a desire to block or replace global platforms. And I don’t think that’s where we’re going or where we should be. In practice, it’s actually more operational.
Again, it’s about control, accountability, and resilience. Who has authority when systems are under pressure? Where does the data sit legally? Do you know where it’s routed? What other jurisdictions have access to that data and those systems?
Most of the time, it’s not about exclusion. It’s actually about conditional trust.
Who are you? Who has access? Who controls key systems? Under which jurisdiction?
I’m seeing these issues now starting to play out in contractual offers in Europe and elsewhere. They will have a significant effect on how the industry organises itself, how companies operate, how they partner and what they bring to market.
What are boards and executives most underestimating about AI and Cloud governance risk?
Many business leaders still treat governance as a legal or compliance problem, something to manage after systems are built. They underestimate how quickly governance decisions can turn into architecture decisions. Access controls, data flows, identity management, and auditability now really shape whether systems can be deployed or scaled at all. Compliance isn’t paperwork anymore; it’s really a design constraint.
Increasingly, boards are asking different first questions. Not about features–but about assurance. Is the system reliable under strain? Can it restore quickly after disruption? Can it operate safely under pressure? Can you give me the trust that I’m paying for? And then if you do have a crisis, if there is a problem, a big cyber-attack, a disaster, some other problem here that causes a major system disruption or even an outage, can we bring the data back? Can we get the system back to safe operation? And what does that process look like?
These are major issues for boards now. That’s why compliance and governance have become increasingly strategic and will enable enterprises to become more competitive and valuable.
What does resilience look like when technology sits at the boundary between markets and states?
Resilience used to mean uptime and redundancy—it was very technically driven. But today it also means governability, the ability to operate credibly when trust erodes, when the rules shift, or when scrutiny increases. The systems that endure will be those designed to tolerate friction rather than assume stability.
That friction could range from geopolitical uncertainty and instability to practical issues such as cyberattacks, energy disruptions, supply constraints, or cascading infrastructure failures. Resilient systems will be those designed to demonstrably perform when that friction becomes severe.
The next phase of Cloud won’t be defined by who builds the most powerful systems—but by whole systems remain deployable when conditions deteriorate.
What can the audience expect from your session at CloudFest?
I’m not going to give policy prescriptions or technical blueprints. What I’m hoping to give is a clearer way to think, especially about why Cloud and AI are now treated as strategic assets, how digital borders emerge in practice, and what it really means to design systems in a world where trust can’t be assumed, only engineered.
David is speaking on the Studio Stage at 14:30 on Tuesday, March 24.
