Rubrik and Rackspace Technology have launched a UK-hosted cyber recovery service for public sector bodies and regulated organisations, with the goal of restoring systems within hours of a ransomware incident.
Called UK Sovereign Cyber Recovery Cloud, the service combines Rubrik’s data security platform with Rackspace’s UK sovereign hosting and operational services. It is positioned as a response to rising concern about operational resilience and data jurisdiction for critical and sensitive workloads.
Ransomware has become a persistent disruption risk for government departments, local authorities, health bodies, and arm’s-length organisations. The vendors cited a 91% year-on-year rise in cyber-attacks on UK public sector organisations as the backdrop for the launch.
Sovereign recovery
The service centres on a “clean room” environment hosted in the UK. It is designed as an isolated recovery space to bring essential services back online after an attack, while keeping data and administrative control under UK jurisdiction.
In normal operation, the environment remains offline from external access and is activated only when an organisation initiates a ransomware recovery event. This approach is intended to reduce reinfection risk during restoration and provide a controlled space to rebuild key systems.
Data sovereignty is central to the offering, with sensitive data and critical metadata kept within UK borders. Administrative access and support are also limited to the UK jurisdiction.
Recovery process
UK Sovereign Cyber Recovery Cloud includes automation and pre-built runbooks that set out recovery steps. This structure is designed to shorten recovery timelines compared with manual processes, which can take days or weeks depending on the attack’s scope and the condition of backups.
The service also provides continuous monitoring across SaaS, cloud, and on-premises environments. Rackspace’s security operations centre delivers the operational layer for monitoring and response, while Rubrik’s platform provides tools to secure and recover workloads and associated data.
The model reflects a broader shift in cyber resilience services, with vendors packaging backup, recovery, and incident response into managed offerings alongside existing security controls. The aim is to limit downtime and give boards and regulators confidence that recovery plans can be executed under pressure.
Regulatory context
The launch comes as the UK government advances proposals to raise expectations for cyber readiness and incident response. Rubrik and Rackspace pointed to the proposed Cyber Security and Resilience Bill, including tighter expectations around reporting and recovery.
The service is also designed to align with the National Cyber Security Centre’s Cyber Assessment Framework. The vendors highlighted mandatory 24-hour breach reporting requirements as a factor shaping operational needs, particularly for organisations with strict governance, audit, and data-handling obligations.
For public sector bodies, jurisdictional controls can be as important as technical controls. Many need assurance on where data is held, who can access it, and how support is delivered. These requirements often extend to metadata and administrative access, which can be overlooked in standard cloud arrangements.
Partner positioning
Rackspace and Rubrik have previously worked together on cyber recovery services. In 2025, they announced Rackspace Cyber Recovery Cloud for enterprise customers seeking structured recovery options after cyber-attacks. The new UK sovereign offering narrows the focus to UK public sector and regulated workloads, emphasising data residency and jurisdiction.
Rick Martire, General Manager, Sovereign Services at Rackspace UK, framed the announcement around control of data access and location.
“2026 is the year where control becomes the new foundation of trust and truly having control over where our data is accessed and located,” said Martire. “By partnering with Rubrik, we are providing UK enterprises with the autonomy they need to recover from cyber threats while meeting the highest standards of digital sovereignty.”
Rubrik also highlighted authority over recovery actions as part of the sovereign model, alongside storage location.
“Our joint solution isn’t just about where data is stored – it’s about who has the authority to protect and restore it,” said David Kosman, Vice President, Global Managed Service Providers at Rubrik. “For UK public sector bodies and regulated enterprises, today’s announcement is a major leap forward in national cyber resilience. The evolution of our close partnership with Rackspace – which began with our strategic collaboration to deliver isolated recovery environments – continues to support enterprises that need strong security and compliance.”
The service targets organisations that need an isolated recovery option and a UK-jurisdiction operating model, with recovery processes that can be initiated quickly after an attack.
