Mobile data sovereignty is an issue that deserves far greater attention, particularly for businesses handling sensitive information. Historically, organisations have invested heavily in protecting data within on-premise environments or secure cloud infrastructures. However, far fewer apply the same level of protection once employees leave the office or travel abroad.

On Tuesday, March 17, ITnation hosted a round table with senior technology and business professionals. Participants had the opportunity to put their questions directly to Artem Kirillov, COO of MTX Connect.

1) When asked where staff are most at risk, participants ranked working from home as a greater concern than using open Wi-Fi in airports. Did that surprise you?

A little, yes. In most cases, open public Wi-Fi is the more obvious risk because the organisation has very limited control over that environment. But I also understand why working from home worries CIOs: home networks vary greatly in quality and security, are rarely segmented properly, and are often shared with personal devices, IoT equipment, and family users. What this really shows is why a zero-trust approach matters. The question is not only whether the employee is at home or on public Wi-Fi, but whether the device, identity, and traffic are under enterprise control. If the endpoint is managed, the traffic is encrypted, and access is policy-driven, risk can be reduced significantly in both cases.

Keep in mind that the mobile devices we all use now have proprietary operating systems. Even though they are produced by very reputable brands we have to acknowledge that these devices are designed to be connected to the Internet as much as possible. As a Network Operator we believe that a fully controlled mobile connection through a dedicated infrastructure is more suitable than random WiFi hotspots in public places. Considering the use of a private mobile network over 4G/5G can allow businesses to expand applications to the network level even beyond the office.

2) There was also clear acknowledgement from CIOs that employees may use software, hardware, or LLMs in their personal time that would not meet corporate governance standards, potentially introducing new vulnerabilities. Where should organisations begin in addressing this challenge?

They should begin by deciding on their operating model: fully managed corporate devices, BYOD with strict controls, or a hybrid approach. From there, the work has to happen on three levels. First, governance: define which applications, AI tools, and device types are permitted, what data can be exposed to them, and what approval process applies. Second, technical enforcement: use MDM or UEM, app control, mobile threat defence, identity-based access, and data loss prevention. Third, network control: where appropriate, steer traffic through a controlled enterprise or service-provider security layer so policies are enforced consistently, even on mobile endpoints. This is exactly where zero-trust principles become practical: do not assume a device, application, or user behaviour is safe by default; enforce policy consistently across identity, endpoint, network, and data.

3) From a practical perspective, many attendees admitted that their first action when travelling is to connect to hotel Wi-Fi. What is your view on this behaviour?

It is understandable, but from a security standpoint it should not be the default behaviour for corporate work. Hotel Wi-Fi is convenient, but it is still an environment the organisation does not control. For personal use, the risk may be acceptable depending on the activity. For business use, especially where sensitive data or privileged access is involved, organisations should treat hotel Wi-Fi as untrusted and rely on managed endpoints, strong authentication, encrypted traffic, and policy-enforced access. In many cases, secured mobile connectivity is the cleaner and safer option.

4) We are living in a rapidly evolving geopolitical environment, which is accelerating demand for EU-based sovereign cloud solutions. In this context, what aspects of your solution do clients value most?

Clients usually value three things most. First, jurisdictional and operational predictability: they want data handling, support, and security operations aligned with European regulatory expectations. Second, enterprise-grade control: they want more than basic connectivity; they want policy enforcement, secure integration into their own backbone, and a solution designed around business governance rather than consumer convenience. Third, performance and reach: they still need broad coverage, strong roaming economics, and responsive support. That is where our position is distinct. We combine the compliance mindset and predictability customers expect from a European operator with enterprise-oriented controls and a roaming heritage that gives us both broader reach and more competitive roaming conditions than many marketplace-style alternatives. Our model is not a retail travel eSIM marketplace model. It is a managed enterprise connectivity model built around security, control, and operational accountability from day one.