Guido Gerrits | Field Channel Director, EMEA
More About This Author >
Guido Gerrits | Field Channel Director, EMEA
More About This Author >
Across the global market, enterprises face mounting pressure to secure access while maintaining complete control over where their identity data resides. Regulators and national lawmakers demand sovereignty, boards demand resilience, and users demand seamless access while respecting their rights to personal information.
With newly supported FIDO authentication in SafeNet Authentication Service Private Cloud Edition (SAS PCE), Thales delivers on-premise protection and modern authentication in one trusted platform. Organizations gain complete sovereign control of workforce access and ownership of their critical data and identities, backed by the widest range of phishing-resistant security keys.
Why Sovereignty Matters
Around the world, three boardroom questions dominate every identity conversation:
- Who owns our data?
- Where is it stored?
- What is the impact if access control systems fail?
These are valid concerns that stem from strict regulatory requirements. From GDPR in Europe to data protection acts across APAC and META, digital sovereignty has greater emphasis. Enterprises must prove that sensitive records—from health records to financial data—remain within jurisdiction and under local control.
Cloud-only IAM providers, particularly those based in the United States and tied to U.S. data laws, cannot always meet these requirements. For global organizations, that risk is unacceptable. For example, the CLOUD Act allows U.S. law enforcement agencies to demand access to data held by any U.S.-based technology companies, regardless of where that data is physically stored in the world.
The discussion on sovereignty extends even to AI and LLM models, with organizations adopting AI systems having to comply with both the EU AI Act and GDPR. The example of the Swiss open LLM model is a fine indication of where the market is heading and why businesses care about sovereign solutions.
The Reality of Hybrid Environments
Most organizations, especially in the critical infrastructure sector, still rely on legacy and on-premises systems. Almost a third (33%) of enterprises opt to maintaining critical workloads on-site, either because they cannot migrate or choose not to due to compliance and operational constraints. Closely related is also the finding that 83% of enterprises are planning to repatriate workloads from public clouds to on-premises infrastructure.
This creates a hybrid reality: cloud adoption is accelerating for some, but legacy and on-premises environments remain essential. Any serious authentication strategy must protect both.
The Gaps in the Status Quo
Passwords and traditional MFA methods are becoming more vulnerable. Phishing campaigns bypass them with ease using password spraying, man-in-the-middle (MiTM) attacks, and MFA prompt bombing to name a few techniques. Fragmented tools stitched across legacy, cloud, and mobile systems are confusing for users and add additional overhead (and cost) for IT teams.
And when mainstream cloud identity providers (IdPs) suffer outages, the results are severe: manufacturing halts, flights grounded, and medical treatments delayed. In regions where regulators demand resilience, dependence on a single cloud access service is a business risk no one can ignore.
Why On-Premises FIDO Authentication Matters
Thales’ innovation of bringing FIDO authentication to SAS PCE is designed to meet this reality.
- On-premises IdP built for data sovereignty: Organizations maintain full control of identity data, access logs, and authentication policies. No extraterritorial laws infringing on this privacy.
- Phishing-resistant MFA: FIDO security keys replace passwords and SMS codes, blocking phishing attacks at the source.
- Business continuity assurance: SAS PCE also acts as a fallback mechanism to cloud-based IdPs, ensuring access remains available even when cloud services go down.
- No third-party dependencies: One platform, one supplier, with the broadest range of phishing-resistant authentication methods so you don’t have to juggle multiple point solutions.
SAS PCE unifies authentication for both cloud and on-premises environments, helping enterprises modernize without any en-masse migrations, thus meeting you where you are in your digital transformation journey.
The result: sovereign control, stronger security, and less friction.
See FIDO Authentication in Action:
Sovereign Access for a Hybrid World
The challenge facing global enterprises isn’t just how to authenticate — it’s where that authentication happens, who controls the data, and what happens when the cloud isn’t available.
Modern identity strategies must now balance:
- Regulatory pressure to prove data never leaves jurisdictional boundaries.
- Operational resilience to keep access live during outages or geopolitical disruptions.
- Security maturity that eliminates password-based risk entirely.
Thales answers all three with a single solution: FIDO authentication inside SAS PCE. It’s not just another MFA method — it’s a framework for digital autonomy in a hybrid world. While cloud-only providers offer convenience, only Thales delivers local enforcement, continuous availability, and true sovereignty — all without compromise.
Control your access. Own your data. Defend your independence. Powered by FIDO.
What Leadership Should Take Away
For CEOs, CISOs, and IAM leaders, the impact is measured in:
- Regulatory fines avoided
- Outages prevented
- Reputations protected
Adopting SAS PCE with FIDO authentication is not only a security decision. It’s a strategic business investment in trust, continuity, and resilience.
Legacy systems stay covered. Hybrid environments stay secure. Employees experience frictionless access. Regulators see compliance proof.
On-Premise Protection. Modern Authentication.
For global enterprises, the choice is clear: sovereignty cannot be compromised, downtime is unacceptable, and passwords are no longer enough. Thales is the only provider offering phishing-resistant FIDO authentication, sovereign control, and business continuity in a single, unified platform—without third-party supplier dependencies and cost-drivers.
By adopting SAS PCE with FIDO authentication, leaders strengthen compliance, simplify IT operations, and give employees frictionless, secure access to every system, from legacy applications to hybrid workloads.
Explore how Thales helps you secure sovereign data and resilient access—powered by FIDO—by requesting a demo today.
Maintain Digital Sovereignty with On-Premises Identity Provider
Explore why organizations today face growing pressure to retain control over their data and protect sensitive systems from external jurisdictional or vendor risks.