In recent years, we learned the hard way that open source software requires substantial maintenance work. Just because the source code is open to inspection does not mean anyone is looking. While not the first incident, Heartbleed raised the awareness that even widely used open source software needs to be maintained. We must remember the lesson we already learned with Heartbleed: We need healthy open source projects if we want high-quality and secure software.

read more

Digital technologies have the potential to improve people‘s lives. But they also bring negative side effects. Technological innovations and their use must therefore be geared to the wellbeing of people and society. Therefor the Digital Responsibility Goals define a framework and work toward a trusting, ethically sensitive, and sustainable digital transformation.

Read about the 7 goals.

While we have a tendency to distrust and malign big data and the organizations that harvest data, the obvious answer may be to stop using these services or technologies as a result may have wider-ranging implications which make an abrupt halt of these services less apparent. If used ethically, data has an important role to play in society.

continue reading

We must no longer accept that online services misuse customer data for monetary purposes under the guise of “customer experience”. A transparent data policy is urgently needed. How to achieve this goal?

Read here

“New Work” has become a buzzword. But what does it mean? How does work change when all parties involved takes it seriously? And what does „The world we want to live in“ look like?

Find the answers here

All around one hears that Europe is lagging far behind the rest of the world (more
precisely America and Asia) in the fields of digitization and cloud technology. To catch
up and learn from the mistakes of others, the European Commission‘s study on open
source technology and OSBA‘s Digital Sovereignty Manifest are now available. This
article summarizes the relevant points made by these two publications.

read more

Um zu verstehen, was souveräne Cloud-Nutzung ist, gibt dieser Artikel zunächst einige Hintergrundinformationen zum Thema Cloud, danach geht er auf Grundprinzipien der Souveränität und einer souveränen Cloud-Nutzung ein und zeigt auf, was das in der Praxis bedeutet.

Hier weiterlesen

Digitization is more than using video meetings or distributed storage. This article explaines what it does mean to build a digitized organization and why this should be aimed.

read more

(die deutsche Version hier)

To gain real DevOps and true transparency the SCS team around Kurt Garloff and Felix Kronlage-Dammers introduced the 5th open paradigm: open operations. That means transparent processes, advanced collaboration, error culture, and open documentation. How they want to master the challenges around that idea, both tell us in this interview.

Learn more about the concept:

An Open Operations concept:

Slide fantastic 4: (© Marvel)

At the Container Days 2021 in Hamburg I had the pleasure of meeting Bill Mulligan from CNCF* in person and we talked about the three p’s of CNCF (projects, places, people), Kubernetes, and how CNCF is growing.

read the full interview

Cloud has created a new attack vector, as data has moved to public servers, and
networks and infrastructure have become virtual. Covid-19 made things worse. Beside
the zero-trust concept there is data residency. This article explains how this tool works.

read more

Digital sovereignty has become one of the most important goals in the European digitization strategy in recent months and years; ever since the repeal of the Cloud Act, Europe has shown that we mean business. Germany plays a leading role in these issues not only on a political level. But what is digital sovereignty? What is the current status? Where will, and must, the journey lead to? I discussed these topics with Dr Christian Knebel and Karsten Samaschke.

read the full interview

Digital sovereignty is becoming increasingly important. And data sovereignty plays a central role in this. So how can companies and public authorities become data sovereign? By using the right technologies.

read more

As simple as it is to produce, consume, manipulate, and store data and applications in cloud environments, you need to ensure their availability, backup, and recovery. Surely, this can be handled by built-in mechanisms of the respective environments such as multi-location storage, backup, and restore – but what is about data safety, data integrity and privacy?

read more

Das Onlinezugangsgesetz für Bund und Länder gibt vor, welche Serviceleistungen des Staates in Zukunft digital ablaufen sollen. Dieser Artikel zeigt die Komplexität und die Herausforderungen dieses Vorhabens auf und wirft einen Blick auf den Stand der Umsetzung.

Hier weiterlesen

Social media is arguably one of the most disruptive technologies of the digital age, and its influence is only set to grow. However, while it is key for businesses to have some sort of social media presence, most businesses fail to integrate social media into broader data management strategies.

read more

Responsible use of public money means that software should be accessible and freely available – we at publicplan think and act according to this credo. This approach promotes further development and stands for participation. Based on this understanding, publicplan has committed itself to the idea of free and open source software.

Read more here

and the german version here

This article is a reprint of a speech given by Ann-Cathrin Riedel, Chair of LOAD e.V.
and Vice President of the European Society for Digital Sovereignty e.V., at the Open
Source Day 2021 of the Open Source Business Alliance e.V.. It is about the last push,
democracy as a way of life and the enthusiasm for open source that we can and must
awaken with enlighting narratives.
(auch auf deutsch)

read more

Hardly any other term has been redefined and re-framed so frequently in last year’s digital political discourse as “digital sovereignty”. This article is intended to help demystify the term “digital sovereignty” by exploring the different dimensions of digital independence and is a first approach to create a well-defined taxonomy that allows an evaluation of digital offerings far away from buzzwords and hypes.

Continue reading

Dieser Handlungsleitfaden will Ihnen den Umstieg in die Cloud erleichtern, indem er wichtige Aspekte und Schritte hervorhebt und näher beschreibt. Selbstverständlich kann er keinen Anspruch auf Vollständigkeit erheben, Unternehmen sind zu unterschiedlich strukturiert und aufgestellt – aber er kann Ihnen wertvolle Anregungen für Ihren Schritt in die Cloud geben.

read more

Open Policy Agent (or OPA, pronounced Oh-pa!) is an open source, general purpose policy engine. Breaking that sentence apart, “open source” and “general purpose” likely won’t need further explanation for this audience, so let’s jump straight to the “policy engine” part. 

read more

Die deutsche Version des Textes finden Sie hier!

In den Interviews neueren Datums mit der F.A.Z. erklärte Bergmann zu der Frage, ob die heutige Form der „New Work“ seiner eigentlichen Intention entsprach. „Der Ausdruck ‚Neue Arbeit‘ wird heute in vielen Betrieben angepriesen. Aber um das ‚Wollen‘ geht es nicht“, erwiderte er. Aber worum geht es? Das erklärt Ihnen dieser Artikel.

read more

“Das Brett ist megadick

– aber Europa hat erkannt, dass dieser Weg gegangen werden muss”

Digitale Souveränität ist in den letzten Monaten und Jahren zu einem der wichtigsten Ziele in der Europäischen Digitalisierungsstrategie geworden, spätestens mit dem Aufkündigen des Cloud Actes zeigte Europa, dass wir es ernst meinen. Aber was ist digitale Souveränität? Wohin wird und muss die Reise gehen? Darüber habe ich mit Dr. Christian Knebel, Gründer und Geschäftsführer der publicplan GmbH, und Karsten Samaschke, Gründer und Geschäftsführer der Cloudical Deutschland GmbH, gesprochen.

read more

In order to manage cryptographic keys securely, Cryptographic Key Management Solutions (CKMS) shall be used. Consequently, the following questions arise:

  • What are functional and non-functional requirements that such solutions must meet?
  • What Cryptographic Key Management Solutions are there in the market?
  • What is the “best” solution?

This article aims to address these three questions. In the first part, we list functional and non-functional requirements relevant for such solutions. Next, we provide an overview of existing solutions in the market. Finally, we conclude by suggesting an approach for identifying the “best” solution.

read more

Open source projects are living by the contribution of time, ideas and passion of enthusiasts. In this article we introduce sustainable open source projects and a passionate initiative of the enthusiasts of protontypes.

read more

Security as Code is a driving force for the current evolution of application security. It goes hand-in-hand with modern software development and the rise of Infrastructure as Code (IaC), but it is also helping innovation-minded organizations to better address and deal with the biggest security challenge seen in a generation. 

Read more

When thinking about open source and sustainability, one of the first things coming into mind is that they are currently very much Zeitgeist. But what about them in combination? Does it make sense to use them as a pair? And is there perhaps a wider correlation between them, apart from software and infrastructure? Let’s find out… 

Read more

Not like free beer. But open and free to use for several business cases: open source. How that works explain Julian Hansert from Kubermatic and Christopher Branston from SVA.

The evolution of cloud technology has caused cyber threats to evolve in a parallel manner. Cybersecurity risks have skyrocketed as more and more companies opt for migrating their servers and infrastructures to the cloud. This trend has resulted in immense amounts of sensitive data being interconnected, available, and – unfortunately – quite vulnerable to numerous threats.

Read more

Good news for all cloud enthusiasts and container fans: ContainerDays (CDS) will take place again from September 21 – 23, 2021. Europe’s flagship conference on container and cloud native technologies is going hybrid this year: live in Hamburg and worldwide online conference for free.   

Tickets: – with the voucher: THANKS2CLOUDICAL@CDS21 you get 20% off

Read more

If you know the cloud report a little bit, you already know that we thematize topics like diversity, responsibility, sustainability beside all kind of cloud computing things. We understand “cloud” holistically, and we understand “open source” as a mindset of sharing, collaboration, forward-looking, reasonable, social. The open source communities and foundations like the Cloud Foundry Foundation are showing right now the future of technology´s development! This time we think about social responsibility.

Read the full article: here

Foundation for carbon neutral sustainability – LF Energy

While I was searching for open source, sustainability, energy awareness I found LF Energy, a sub-foundation of Linux Foundation that is focused on the power systems sector: “LF Energy brings together stakeholders to solve the complex, interconnected problems associated with the decarbonization of energy by using resilient, secure and flexible open source software. Digitalization facilitates a radically energy-efficient future.”

Read the full article: here

Many companies want to use orchestration tools for their applications, but not all of these apps are containerized or cloud native. Some apps would need a complete re-write. At the KubeCon & CloudNativeCon Europe HashiCorp introduced the new release of Nomad, their orchestration tool for containers, but also legacy applications. the cloud report talks with Chang Li about Nomad, of course also in comparison to Kubernetes.

If you want to use the possibilities of reliability and scalability in IT landscapes, this is easily achieved by Kubernetes ecosystems, which you can set up with a cloud service provider or in your own data center. This article describes how to roll out applications in a Kubernetes ecosystem, which tools you need, which “middleware” is necessary and which cloud service providers (hyperscalers or GDPR-compliant service providers) you can use.

Read the article: here

“Security by Design” and “Developer first” as approaches of GITLAB. Cindy introduces the offerings of automation tools to develop secure code quickly. GITLAB enables and empowers developers to join DevSecOps by using automation, open source and security knowledge. The tools help testing APIs and finding vulnerabilities before the code goes into production. But there are still a lot of challenges…

watch the interview here

Short interview with cloud security expert Jurlind Budurushi from Cloudical

Securing the infrastructure, platforms, processes, and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.

read the interview here

To understand cybersecurity we need to understand what this “cyberspace” is. In the second episode we answer the questions: What is cloud computing? What are the security challenges? Who is responsible? And who (the fuck) is Alice?

Watch part II of our “Securing Cyberspace” series here

The first transnational lockdown 2020 came as a surprise to everyone and was implemented at short notice. In the days and weeks that followed, concepts were developed, technical equipment for working at home was purchased, a lot of improvisation was done, and as much as possible was digitized.  

The event area was one of the first to quickly develop virtual alternatives to the cancelled on-site events. Meetups became virtual meetings. Many companies quickly offered webinars on all sorts of topics, which offered the advantage of being able to be attended live, but also available and retrievable online afterwards.  

continue reading

European Companies signed the Climate Neutral Data Center Pact and promise to gain this goal within 9 years!

How this can be achieved, what needs to be done, what is already done, and how this corresponds with digitization the cloud report asked Dr. Béla Waldhauser. And he answers openly and gives insights of the German business landscape, politics, prices, plans and good ideas.

Watch the interview here

Today we start a new video series about cybersecurity.
Expert Dr. Jurlind Budurushi from Cloudical will be explaining concepts and ideas, approaches, tools and what better not to do.

To not miss any of these videos follow our YouTube-channel here

Short interview with cloud security expert Archis Gore from Polyverse

Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.

read the interview here

In my last comment I explained why diversity is important and a true value and strength for all communities, but also for society. And now I´m talking about equality? Equality in spite of diversity? Of course!

We only gain the full power of diversity if we consider our equality. Our equality as human beings. We are all different in our personality, outward appearance, faith, talent, sex, but we are all equal in our value!

continue reading

Ten years after the zero trust security model was first articulated, organizations are doubling down – but successful defense also means reassessing your approach to operating the cloud.

A decade ago, Forrester Research analyst John Kindervag called time on perimeter security and warned us against trusting the traffic on our corporate networks…

continue reading

Securing the infrastructure, platforms, processes and data is one of the most important topics in cloud computing. the cloud report interviewed cloud security experts about the challenging year 2020, how this year of digitization affected cloud security, and their expectations and solutions for 2021.

read the interview here

Poseidon & Cloud Native

What’s the story with Trident?

Container technology received a lot of attention recently and has become essential for cloud native deployments. However, all that glitters is not gold and the technology has a few drawbacks. The Cloud Native Computing Foundation identified within their most recent surveys the limitations within the areas of storage and security. The following article describes how to deal with persistent storage requirements in hybrid cloud environments. Furthermore, it describes possible solutions by taking advantage of dynamic storage orchestrators such as Trident and its related architecture. 

continue reading

The last year has influenced many things, and we have no­ticed it most in our professional lives in the way we work together. We are now used to communicate and work via a screen and shared resources. But for a large part of the IT world, this was not new – the open source communities…

continue reading

An interview with Amith Nair

Around the time of KubeCon & CloudNativeCon Virtual 2020 the cloud report had the opportunity to talk with Amith Nair, Vice President Product Marketing at HashiCorp, about automation, what a company can do for cloud-native development and get to the heart of open source.

Read the interview here

Here you get all information about the latest VanillaStack release, what is new, what changed, what happend in the project, how they use the newest Stratos version, …

In this interview Andreas Weiss from the Gaia-X project management eco explains what Gaia-X really is about! No hyperscaler or European cloud, but an initiative to gain real data sovereignty in a secure, federative, open source data infrastructure. And of course, Gaia-X is way more, it is “a once in a lifetime achievement” and a great opportunity for Europe to take the different way and live our diversity.

Berlin based company Cloudical is offering a webinar series to introduce and discuss the LPIC 303 security certificate. It is important to secure the all underlying Linux to build a secure cloud environment. And the both experts are explaining step by step the parts of the certificate. Learn here what you can expect.

On Wednesday, the 27th of January the kick-off webinar for a Cloud Expo Gaia X series during the year 2021 started.[1]  These events discuss the idea of Gaia X, the status of the project, introduce the participants and invite more to join this pioneer initiative.


News from the VanillaStack project, two maintainers talk about community´s and customer´s feedback, about changes and bug fixes, about an evolving project, decission making and a from the CNCF Cetified Kuberntes project.

Find more details about the VanillaStack here

“I would never tell our  employees or customers something that is not true”

read the interview here

Out Now: The Cloud Report issue 4/2020

Content: Open Source, Open Infrastructure Foundation, Open Source Cloud Stack…

For a PDF version of issue 4/2020 go here

To order a physical copy please send an e-mail to:

One of GAIA-X’s main goals is to restore data sovereignty in Europe when using cloud technology. US hyperscalers, for example, are subject to the US Cloud Act, which enables US authorities to enforce the release of data stored in data centers in Europe. This is contrary to European law and the GDPR. At the beginning of 2019 it was still being considered to build a European hyperscaler, but it was finally decided to create solutions with standards that would give European users more sovereignty. 

continue reading

Nowadays cloud is everywhere, cloud is important to many enterprises – and for good reason! With cloud approaches, one gets the benefit of understanding resources as pool, which allows utilizing them according to the currently given needs.

But cloud is complex, especially, if you want to be in control: You need to set up your infrastructure, you need to automate it, you need to maintain it, you need to learn many things. 

continue reading

One of Polyverse´ offering is the Polymorphing. In this interview Archis tells us what the Polymorphing does (fancy things!) and Jurlind explaines why and how it is integrated in the VanillaStack. But first of all it is about cloud security, collaboration, open source and open minset!

The Coronavirus is wreaking havoc on everything in our lives. It’s hard to find something that hasn’t been impacted in a major way as we attempt to limit the spread of the virus. Cloud security professionals should pay close attention to how our online needs are rapidly changing — these new adjustments are more than just necessary to make things work in the interim. The workarounds to keep our lives as normal as possible could permanently define the way we work, study, and do business from here on out.

continue reading

At KubeCon we conducted an interview with Brian Gracely from RedHat, he talks very frankly about OpenShift, all different kinds of cloud (hybrid, multi, edge, …), about cloud-native approaches and how to act at the KubeCon.
watch the interview here
This episode of the – a weekly live show about cloud – technique, mindset, news, dos and don´ts, open source – is about cloud security. In the cloud everything is possible, but to secure access from everywhere, development from various people, shared storage, … is one of the big challenges. The cloud devs Chris, Dom and Karsten talk with David from GitLab about securing cloud computing and way more!
Find more episodes and interviews in our channel

Kubernetes is an open­source platform for automating deployment, scaling, and management of containerized applications. According to the data from GitHub, Kubernetes represents one of the largest open­source projects worldwide, and the development and deployment of tools around Kubernetes is rapidly and continuously growing. This rapid and continuous evolution makes Kubernetes an unsteady, fast­moving target, in particular regarding security.

continue reading

Last week Dan Kohn, the former executive director at Cloud Native Computing Foundation (CNCF), died quite to early as a result of colon cancer. 

We thank him for his long-term engagement for open source, for boundless collaboration and the Public Health Initiative of the Linux Foundation and his former dedication in several organizations and foundations. 

continue reading

By enabling a long-held dream of computing as utility, Cloud Computing has become one of the major technology trends in the last decade. Due to its’ flexible and agile nature, Cloud Computing is continuously and significantly transforming a large part of the IT industry.

continue reading

Clouds are replacing traditional corporate data centers. More and more companies are connecting the computing power of external providers instead of managing their own pool of physical servers.

Why do successful businesses move to clouds? Short answer: to cut costs and speed up growth. In more detail, let’s consider the main factors that push businesses to move to cloud services and the arguments in favor of the cloud.

continue reading

Over the past 18 months, containers have taken most organizations by storm. Containers and microservices are key enablers in organisations’ quests for digital transformation. But, they increasingly need to adopt a smart cloud security strategy based around a Container Security Triad.

continue reading

Interview with Regis Louis, Vice President Cloud Strategy EMEA

Read the interview here

The OpenStack Foundation’s virtual OpenDev event this summer created a space for engaging conversations on a variety of topics within the open infrastructure community. Packaged into three separate events, each three days in duration, participants discussed open infrastructure software, hardware automation and containers in production. In the first session, Blizzard Entertainment, Verizon, and OpenInfra Labs discussed combatting the challenges behind scaling, testing and integration during their presentations to the open source community.

continue reading

The cloud report had the opportunity to talk with Kim-Norman Sahm, CTO of Cloudical, about the way cloud computing is going, open source and avoiding vendor lock-in.

continue reading

Today the SUSECONdigital 2020 starts! Upfront the cloud report interviewed Melissa di Donato. Have a spectacular SUSECON.

SUSE prides itself as the largest independent open source company in the world. With the appointment of Melissa di Donato to CEO in August 2019, SUSE started a new chapter and put itself on the path to global growth. In this interview, Melissa explains how her style of leadership matches perfectly with the vision of open source, the role of women in tech leadership and how fierce collaboration inspires SUSE and its customers.

This article gives a short overview of the Gaia-X project as next generation cloud computing: with motivation for the project, what is Gaia-X?, project organization, role of civil society and prospects.


Because of the CLOUD Act, many users of cloud services from US cloud providers fear that personal data in Europe could be viewed, copied or modified by the US government in violation of the GDPR.

continue reading