Digital sovereignty is becoming increasingly important. And data sovereignty plays a central role in this. So how can companies and public authorities become data sovereign? By using the right technologies.
Digital sovereignty is currently one of the most discussed digital policy issues. In its coalition agreement, the new German government also attaches great importance to this topic and explicitly declares its intention to safeguard digital sovereignty. There is no generally accepted, fixed definition of this term, but everyone agrees on the goal: society, economy, and state should be able to use digital systems independently and autonomously.
A key role in this context is played by data sovereignty. Freedom from heteronomy is only guaranteed if individuals, companies and authorities are in control of their own data at all times. This requires two things: First, they must have exclusive control over who can access their data. Second, they must have the option, if desired or necessary, to easily move their data to another system at any time.
Protecting company secrets and intellectual property
Only when these conditions are met organizations are able to protect their business fundamentals. Companies therefore prevent the loss of secrets and intellectual property, which in extreme cases could even jeopardize their existence. Public authorities prevent the loss of state secrets which could limit their ability to act and, in the worst case, lead to public crises. In addition, only then organizations are able to comply with data protection regulations such as the GDPR (fig. 1). They protect the rights of employees, customers, and citizens to informational self-determination and avoid severe fines.
Last but not least, organizations escape the dreaded lock-in effect. If it is difficult to take data out of one system and transfer it to another, companies and public authorities often shy away from a system change – even when it is actually imperative. As a result, they become increasingly dependent on the system provider, which sooner or later translates into increased costs. The extent of this effect can be seen in the spending of the German Federal Government on Microsoft applications. As a query revealed, expenditures for Microsoft products have almost quadrupled since 2015 and amounted to a whopping 179 million Euros in 2020.
Key factors for unrestricted data sovereignty
With the right technologies, companies and government authorities can achieve unrestricted data sovereignty. Their software systems must meet three key characteristics:
First, they should not run in public clouds. Public cloud services are usually a black box where it is impossible to track who is accessing the data. In the absence of a precautionary principle, IT security often plays only a subordinate role among the major cloud players. The numerous data scandals that have occurred around large cloud platforms in the recent past are emphatic proof of this. In addition to the frequently inadequate hardening of the system, the US Cloud Act is also problematic. This law allows U.S. authorities to relatively easy access data stored with U.S. cloud platform providers. As a result, organizations cannot completely control access to their data. Therefore, they should prefer software systems that they can operate in a private cloud – either in their own data center or with a trusted IT service provider of their choice. Then they have full control over data access in their hands.
Second, software systems should support open standards. They are easily accessible to all market participants and allow all types of data to be shared freely and without modification. If a software supports such standards, it is interoperable and can easily work with systems from other vendors that follow the same approach. This gives companies and authorities the freedom to exchange a software for an alternative solution at any time, because they can transfer their data without any obstacles.
Third, software systems should be based on open source. Open source software is a guarantor of data sovereignty and thus of digital sovereignty (fig. 2). It offers maximum transparency, control, and openness and thus enables organizations to handle their data in a self-determined manner. They can see for themselves in the code that the software does not contain any backdoors through which data could flow unnoticed to third parties. In addition, because the source code can be audited, companies and government agencies can find and fix vulnerabilities themselves before they are exploited by malicious actors – in contrast to closed-source solutions. Unlike proprietary software, open source software is also usually platform-independent. The freedom of choice for hardware and service providers is thus significantly greater.
Establish sovereign workspaces
Private cloud, open standards, open source: This triad enables organizations – among other things – to design a central area of their everyday operations in a data-sovereign manner: the digital workplaces of their employees. Open source alternatives have long been available for every kind of application, be it OpenXChange and Kopano as groupware, RocketChat and Matrix as chat systems, BigBlueButton and Jitsi for video chats, ONLYOFFICE and Collabora for office applications, Kanboard for project management or ownCloud for file management. For the VNC collaboration stack, ownCloud provides file management out-of-the-box, for example. All of these solutions can be operated by organizations as a private cloud. In addition, they provide modern open interfaces, enable any integration and allow individual applications to be exchanged at any time if required.
This way, companies and public authorities can create a sovereign workspace. They do not have to make any compromises in terms of performance and functional scope. Contrary to widespread prejudice, an open source ecosystem can easily keep pace with proprietary platforms in these respects and even surpass them in many cases. For self-hosted solutions that are integrated with each other, organizations naturally need a competent IT team, either in-house or at a service provider. If such a dedicated team is beyond the scope, SaaS solutions from trusted European hosters are a good choice. They can provide organizations with a simple, efficient and data-sovereign working environment at the same time – even without their own data center.
Hope for the European Economic Area
By using open source software, companies and public authorities not only benefit themselves. In doing so, they also support the independence efforts of the pan-European economic area. In terms of the digital economy, Europe is currently far behind the USA and China. Strengthening open source ecosystems offers the European economy a great opportunity to create real alternatives to the U.S. and Chinese hyperscalers, to free itself from dependence on them and to benefit from digital value creation itself. On the macroeconomic level, too, open source software is the beacon of hope par excellence. The new German government agrees, which is why its coalition agreement explicitly supports open source in the area of digital sovereignty.
Tobias Gerlinger is CEO and Managing Director of
ownCloud in Nuremberg