Digital sovereignty as the key to avoiding future IT failures

In today's highly digitalized world, companies and public authorities rely on stable and secure IT infrastructures. The recent incident in which a faulty CrowdStrike update led to massive IT outages worldwide has highlighted the vulnerability and far-reaching consequences of a single mistake. Banks, airports, hospitals and many other facilities were affected, leading to significant operational disruptions.

This incident is a clear signal that digital sovereignty is not just a theoretical concept, but an absolute necessity. Digital sovereignty means the ability of states, companies and citizens to control and protect their own IT systems and data independently of external influences. Dependence on proprietary software entails considerable risks, which can be mitigated by using open source software, among other things.

The risks of proprietary software

Proprietary software whose source code is not publicly available is a “black box”. Users and independent experts have no way of checking the code for security vulnerabilities or potential backdoors. This lack of transparency can lead to serious security problems, as the recent incident has impressively demonstrated. In addition, international laws, such as the US Cloud Act, can enable authorities in the US to access data processed by US companies. This also harbors considerable data protection risks.

Open source as part of the solution

Open source software offers a transparent alternative. The open source code makes it possible to check the software for security vulnerabilities and adapt it if necessary. This transparency creates trust and enables an informed decision as to whether the software meets your own security requirements. Open source software also supports digital sovereignty, as it guarantees control over your own systems and data.

Additional arguments for digital sovereignty

The CrowdStrike incident highlights not only the technical, but also the economic and political implications of IT failures. A major problem lies in the monopolistic position of large software providers. These companies offer comprehensive software solutions that are often regarded as standard due to their market dominance. As a result, many companies and public authorities build their IT infrastructure around these solutions, which increases their dependence on a small number of providers.

Another critical issue is cloud computing. More and more organizations are moving their IT services to the cloud as it is more cost-effective and scalable. However, the majority of global cloud services are provided by a few large US companies. In a hybrid warfare scenario, this dependency could become a significant security vulnerability as essential data flows could potentially be disrupted or controlled. The CrowdStrike incident illustrated just how many areas of daily life and the economy could be affected.

A practical approach to digital sovereignty

To strengthen digital sovereignty, companies and authorities should consider the following steps:

• Use of open source software: By using open source software, security vulnerabilities can be identified and rectified more quickly. The transparency of the source code prevents the “black box” problem of proprietary software.
• Hosting in local data centers: It is crucial that the data is hosted in data centers that meet the strict requirements of the GDPR and other European data protection regulations. This minimizes the risk of unauthorized data access.
• Conclusion of order processing contracts (AVV): These contracts ensure that the service provider meets the requirements of the GDPR and provide additional legal security.
• Awareness and training: Employees should receive regular training in IT security and data protection to raise awareness of potential risks and effectively implement security protocols.

Conclusion: Open source as the key to digital sovereignty

The CrowdStrike incident highlights the need to strengthen digital sovereignty. By using open source software, companies and authorities can maintain their independence from international software providers. This promotes the stability and security of digital infrastructures in the long term.

Business and government must work together to implement these strategies in order to avoid future incidents and create a resilient, sovereign IT landscape.