KubeCon + CloudNativeCon Europe 2025 in London underscored that the cloud-native ecosystem is operating within a complex and increasingly uncertain global landscape. While innovation in data, storage, security, availability, and resilience continues at a rapid pace, these advancements must now also consider the implications of geopolitical instability and rising protectionism. The focus on digital sovereignty, secure supply chains, and building robust, geographically diverse infrastructure will be crucial for navigating these challenges and ensuring the continued growth and stability of the cloud-native world.

At KubeCon 2025, Linux Foundation Executive Director Jim Zemlin made comments that highlight the organization’s role in creating a common ground for open-source innovation even as trade becomes more difficult and political walls grow higher. Randy Bias of Mirantis said — in response to analyst questions during a panel — that he expects more balkanization of the open-source world, citing situations like the ejections of Russian Linux kernel developers from the community in response to Russia’s invasion of Ukraine.

In terms of content, here were the big takeaways:

  • Security is at the core. At KubeCon + CloudNativeCon Europe 2025, security was a central theme, reflecting its growing importance in the cloud-native landscape. The conference highlighted the application of Zero Trust principles to Kubernetes, especially for AI workloads, and addressed issues such as adversarial attacks, data leakage, and endpoint vulnerabilities. Discussions emphasized the complexity of securing modern cloud-native stacks, with a focus on software supply chain integrity and compliance with new regulations like the EU Cyber Resilience Act. Security was not just an afterthought but a core focus in every conversation about the future of cloud-native technology.
  • New projects emerge, including security. These include automated security patching and backporting from Root.io, enhanced security isolation and workload portability from Kubernetes virtualization platforms such as Edera (which focuses on strong security isolation using the Xen type-1 hypervisor), and Loft Labs’ vCluster announcing integration with SUSE Rancher and a preview for vNode to improve multi-tenancy in shared clusters.
  • Digital sovereignty gets mainstage attention. Geopolitical instability has highlighted the importance of digital sovereignty, with Kubernetes and open-source technologies playing a crucial role. In AI, the Kubernetes-native distributed container management environment k0rdent enables European cloud providers to run AI workloads on demand. In infrastructure, Linux Foundation Europe launched NeoNephos to promote open-cloud infrastructure and digital autonomy, focusing on compliance with EU regulations. Open-source and open-cloud infrastructure are essential for ensuring digital sovereignty and sovereign AI options.
  • Enterprise maturity is here. As demonstrated by HSBC’s implementation, which handles 600 million hits daily across over 7,000 production services, enterprise maturity is here. This trend shows that even conservative industries such as financial services are adopting cloud-native as a core technology strategy, moving beyond experimentation.

What Should You Do Next?

  1. Focus on cloud-native for resilience, innovation, and cloud abstraction. Cloud workloads have changed enterprise architecture, addressing global hyperscaler lock-in. As governments control data more, companies must shift from relying solely on first-party hyperscaler services to using a suite of services across multiple clouds or on-premises. Enterprises should use container-based primitives and Kubernetes-native data services for new workloads. While virtual machines can run on Kubernetes, complex deployments still benefit from platforms such as Broadcom’s VMware and Nutanix, which are enhancing container workload integration.
  2. Leverage open source to lay the foundation of a digital sovereignty strategy. A key part of any organization’s digital sovereignty strategy is maintaining control over its tech stack. Using open-source tools frees organizations from proprietary systems that could lock them into third-party vendors. This applies to AI, as well, with the Model Context Protocol (MCP) emerging as an open-source standard for connecting AI assistants to various data systems. Tech executives should consider open-source projects for AI workloads and infrastructure to enhance their digital sovereignty.
  3. Embrace cloud-native as a mature technology. Once an interesting theme to explore, cloud-native is now the daily bread of cloud professionals across industries. Cloud professionals can look at cloud-native to adapt to the many new possibilities offered by the cloud compared to traditional on-premises infrastructure in regulated and nonregulated industries.
  4. Take Zero Trust as your cloud-native power move. Focus on Zero Trust architecture as the foundation of your cloud-native security strategy. Ensure that no component — user, service, or workload — is implicitly trusted. A Zero Trust model enforces strict identity verification, granular access control, and encrypted communication. Adopting Zero Trust from the start prevents lateral movement during breaches and reduces the attack surface. As AI workloads and containerized applications grow, implementing ephemeral credentials, mutual transport layer security, and default policy enforcement is essential. Tech leaders should see Zero Trust as the core for secure cloud-native operations.

Reach out to Forrester to schedule an inquiry to help guide your cloud-native initiatives or to dig into these announcements.