Chapter 8:
Percona’s role in supporting sovereign operations
Organizations adopting the Sovereign Resilience Framework consistently reach the same conclusion: achieving verifiable control requires database platforms that are portable, transparent, and free from proprietary vendor control planes. Evidence-based sovereignty cannot be achieved if core systems rely on a provider’s non-verifiable mechanisms.
Percona addresses this through a combination of open source software, portable automation, and jurisdiction-aware support. This platform is designed for organizations that require running MySQL, PostgreSQL, MongoDB, Valkey, and Redis with strong residency guarantees, auditability, and continuity.
Data sovereignty: Controlling residency, movement, and metadata exposure
Data sovereignty requires organizations to determine where data resides, how it is processed, and which jurisdictions apply to it. Percona enables precise control over these boundaries by allowing databases to run on customer-selected infrastructure using open, portable software that does not rely on vendor-managed control planes.
Key capabilities include:
Residency enforcement and region pinning
Percona’s Kubernetes Operators support placement constraints, storage class selection, and region-specific backup policies. This ensures data resides only in approved zones, meeting requirements set by GDPR, national localization laws, and industry-specific mandates. Residency becomes a technical control enforced by configuration, not a vendor-defined abstraction.
No outbound telemetry and support for air-gapped environments
Percona distributions disable telemetry by default. Diagnostics and metadata sharing are customer-initiated. The full stack can operate in air-gapped environments without requiring communication with external systems. This eliminates unintentional metadata exposure, a common regulatory concern in managed database services.
DSPM and SIEM integration
While Percona does not offer a DSPM product, the Operators act as the authoritative source of truth, feeding the metadata, logs, and workload context directly into data posture and governance platforms. This supports teams responsible for validating residency boundaries, tracking access events, and producing evidence for regulators and internal audits.
Customer-controlled encryption:
Percona supports external key management systems (EKMS), allowing organizations to define cryptographic boundaries and eliminate reach-through risk. Encryption becomes a customer-controlled function rather than a vendor-mediated service.
Percona provides the necessary architectural controls to enforce these limits at the infrastructure level, ensuring data remains exclusively under customer jurisdiction.
Operational sovereignty: Verifiable control over who can access and operate systems
Operational sovereignty focuses on the human and automated perimeter: who has privileged access to the system and who controls the day-to-day management logic. Percona replaces the "black box" of managed services with customer-governed access, transparent automation, and jurisdiction-aware support.
Key capabilities include:
Jurisdiction-scoped support
Percona offers support models that limit where escalation tickets are handled. Organizations can require that S1 cases remain within a specific jurisdiction, such as the European Union or the United States. This prevents privileged access from crossing legal boundaries and supports compliance with regional sovereignty requirements.
Transparent access pathways
Percona does not hold a master key to customer systems. Authentication and authorization are governed through the customer’s SSO, OIDC, and RBAC policies. Privileged commands execute within the customer’s identity, access, and audit framework.
Audit readiness through verifiable logging
Percona assists teams in configuring audit logs that capture authentication, administrative actions, replication changes, failover operations, and backup workflows. Logs integrate into customer SIEM platforms, supporting regulator expectations in frameworks such as DORA, GDPR, and financial sector governance.
Percona provides the practices and technical foundation to make these requirements achievable in any environment.
Technological sovereignty: The cloud-native stack and open source independence
Technological sovereignty ensures that organizations can run, restore, and evolve systems without reliance on proprietary vendor mechanisms. Percona provides a fully open, cloud-native stack to safeguard continuity during provider outages, licensing changes, or geopolitical disruptions.
Key capabilities include:
Fully open source software
Percona’s software for PostgreSQL, MySQL, and MongoDB remains compatible with upstream standards, and there are no proprietary enterprise editions that create technical cliffs or require license audits. Organizations maintain the ability to migrate, integrate, or exit without having to rewrite applications or replace platform dependencies.
Portable automation for lifecycle management
Percona Operators provide declarative, automated lifecycle management using open source code that runs on any CNCF-certified Kubernetes distribution. This replicates the operational benefits of DBaaS while maintaining customer control over:
- Automated failover and self-healing replicas
- Automated backups
- Scaling workflows
- Compliance-aligned configuration patterns
Unified observability
Percona Monitoring and Management (PMM) provides query analytics, performance metrics, and workload insights while keeping all telemetry within the customer’s trust boundary. Sensitive information does not leave customer-controlled infrastructure.
Documented exit strategies
Percona enables organizations to meet regulatory expectations by supporting:
- Portable, open backup formats
- Explicit restoration procedures
- Migration-compatible database binaries
- Automation independent of cloud vendor systems
These elements enable organizations to shift providers, repatriate workloads, or adjust deployment strategies without requiring redesign of applications. Technological sovereignty serves as a long-term safeguard against concentration and continuity risks.
Alignment with the Sovereign Resilience Framework
Percona’s architecture and operational practices support the full Sovereign Resilience Framework:
- Data sovereignty. Organizations maintain explicit control over residency, encryption, backup targets, and the exposure of metadata.
- Operational sovereignty. Access, escalation, and administrative pathways are customer-governed and fully auditable.
- Technological sovereignty. Portability is sustained through open source standards, migration-ready tooling, and automation that operate on any infrastructure.
Together, these capabilities create a practical, verifiable, and sustainable model for database resilience in environments shaped by regulatory requirements, geopolitical factors, and evolving operational expectations.
Independence as a Service
Percona provides the automation of a managed service without surrendering residency, access, or operational authority. This model allows organizations to meet sovereignty requirements while avoiding the lock-in and opacity that limit traditional DBaaS platforms.
Architecting for sovereign resiliencer
Operational resilience now depends on architectures that preserve control under changing regulatory, commercial, and geopolitical conditions. This paper demonstrates that resilience depends on deliberate architectural choices, rather than the scale of infrastructure. It is the result of deliberate choices that protect data location, operational authority, and long-term technological independence. Organizations that adopt the Sovereign Resilience Framework gain the ability to continue operating when suppliers, jurisdictions, or market conditions shift. They also gain a verifiable basis for compliance, which has become a central requirement for regulators and internal risk functions.
To translate these principles into practice, Percona provides the open source software, support, and expertise necessary to build a sovereign, portable, and independently operated database layer. This approach ensures transparency and verifiability, offering documented exit paths and a clear separation of control that aligns strictly with the architectural standards outlined in this research.
