Modern defence capability no longer begins with submarines or fighters. It begins with infrastructure. Data centres, subsea fibre, sovereign cloud enclaves and globally distributed computing capacity are now essential to how militaries plan, move, fight and recover. Hyperscale cloud infrastructure has become as critical to operations as fuel or communications. It is the digital backbone of modern deterrence.
Cloud infrastructure is already core to logistics, command and control, intelligence collection and targeting. It enables rapid processing of sensor data, distributed planning and real-time coordination across allied systems. Cloud environments allow forces to access tools, models and data they did not carry into theatre and to update or re-task them while in contact. This is the foundation on which AUKUS Pillar Two capabilities must be built.
That utility brings with it new dependencies. Just a few global providers now underpin much of the cloud footprint used by allied governments and militaries. Sovereignty is no longer just a question of where data is stored. It is also about who controls the management layers, who can observe telemetry and access logs, and who has the authority to operate or disconnect systems under pressure. In a crisis, those levers could prove as decisive as any physical platform.
The experiences of Taiwan and Ukraine offer a glimpse of what this means in practice. Taiwan, under constant grey-zone pressure, is building resilience through distributed cloud architectures that can survive physical disruption and cyberattack. Sensitive workloads are backed up offshore, while domestic infrastructure is hardened for continuity. Ukraine, under sustained missile and cyberattack, shifted its core government systems into trusted hyperscale environments abroad. These were acts of national survival.
Australia has begun to recognise this shift. Defence’s cloud strategy calls for a mix of sovereign and hyperscale solutions, seeking to combine the benefits of global scale with the assurance of local control. The challenge how is to give effect to strategy. This requires disciplined implementation. That means embedding sovereignty controls into architecture, ensuring transparency across the supply chain, applying enforceable constraints on data movement and privileged access, and designing systems to function in degraded or disconnected conditions. The most important time to test these assumptions is before failure occurs.
Too often, cloud infrastructure is still viewed as a back-office convenience rather than a front-line dependency. That distinction no longer holds. AUKUS Pillar One will work only if allied forces can share data across secure, resilient and trusted environments. Pillar Two technologies such as AI, autonomy and advanced cyber depend on scalable compute and cloud-native architectures to operate. The ability to train, test and deploy those tools at speed requires infrastructure that is already in place and able to scale when needed. In both cases, cloud infrastructure is the enabler. Without it, AUKUS will struggle to deliver capability at the pace the strategic environment demands.
This shift also alters the regional picture. Partners across the Indo-Pacific including Japan, South Korea, India, the Philippines and Taiwan are each making decisions about cloud infrastructure. Those decisions will determine not just their resilience but also their interoperability with Australia and other trusted partners. Supporting secure, transparent and resilient adoption of cloud technologies across the region is now a strategic investment in collective deterrence. Countries that cannot operate together in peacetime will not be able to respond together in crisis.
But capabilities rest on infrastructure. Cloud ecosystems depend on power, land and people. They require forward planning, workforce development and policy alignment. Japan’s recent challenges with power constraints and zoning delays illustrate what happens when digital ambition collides with physical bottlenecks. Australia is better placed, with reliable energy, geographic advantage and strong alliances. Taking advantage of this positioning will require designating cloud infrastructure as critical and as a basis of strategic resilience—designed, governed and deployed with the same intent as any other national asset.
This will require changes to procurement, capability planning and risk frameworks. Contracts will need to support architectural flexibility and clear sovereignty requirements, including where and how privileged access is managed. Security vetting and data classification standards will need to evolve to reflect hybrid environments, including software-defined perimeters and containerised workloads (for use in different computing environments). And Defence will need to consider building the in-house technical expertise to interrogate vendor claims and govern cloud performance, rather relying on outsourced commercial providers.
This is a call not for digital nationalism but for strategic clarity. The debate over whether to rely on cloud computing is over. The questions now are how to secure it, how to govern it, and how to integrate it into the fabric of operational readiness. Defence forces that do this well will move faster, recover faster and learn faster than their adversaries. Those that do not will struggle to keep pace.
Cloud infrastructure may not look like a submarine or a satellite. But in a contested environment, it carries the same weight. If it fails, missions fail. The sooner we treat it as a sovereign capability that is resilient, secure and connected, the stronger our defence posture will be when it matters most.
Microsoft is supporting publication of this series of articles.