July 19 saw a CrowdStrike update taking down countless Microsoft systems, disrupting flights, surgeries, banking and more all over the world. The incredible impact this single outage had shows the importance of digital resilience, especially in the public sector. This can only credibly be achieved by decentralization and diversity in infrastructure and technology.
While German satirical news site Der Postillion noted that fax machines were not impacted so the German public sector was fine, the effects could be felt everywhere.
Many politicians have already come out with statements about digital resiliency. In the Netherlands the minister of Justice noted there should be plans to deal with the fall-out of events like this. “Concentrating production can concentrate risk, so that a single natural disaster or disruption has cascading effects,” US Federal Trade Commission chair Lina Khan wrote in a series of posts on X.
There is a number of legislative initatives to protect the resilience of infrastructure. Examples include DORA, the Digital Operational Resilience Act, for the financial sector, coming 2025, and the Cyber Resilience Act (CRA) for consumer technology. The Directive on Security of Network and Information Systems, NIS, specifically targets the protection and resilience of critical infrastructure and digital services, mandating security measures and incident reporting.
In the US, the Federal Information Security Management Act (FISMA) mandates federal agencies to implement an information security program, including measures to mitigate the impact of IT outages. Additionally, there’s a National Institute of Standards and Technology (NIST) Framework that provides guidelines for improving critical infrastructure cybersecurity.
But none of the regulations seem to effectively tackle risks related to the centralization of IT. This means that the digital sovereignty and resilience of the public sector, as well as hospitals, banks and other critical infrastructure, continues to be critically endangered. A mono-culture of services delivered by just a handful of big tech firms threatens the continuity of service in case of mistakes, cyber-attacks and political conflicts.
While this was just a mistake, a sustained cyber attack would have far more devastating consequences, and that is not to speak of attacks on physical infrastructure. Underseas cables are incredibly vulnerable, and in 2021 Russia also showed that satellites can be downed by rockets.
The key to digital resilience is decentralization and heterogeneity. In the end, every IT system will go down at some point. An over-reliance on a single service is thus inevitably a risk. Even if that vendor is ‘too big too fail’ and has tons of redundancy and data centers.
The public sector in particular should be following a focused strategy to differentiate their IT infrastructure, reducing the reliance on a small number of big tech giants.
First, a strong multi-vendor, multi-platform strategy can do wonders against cyber threats. But beyond that, the solutions themselves should be less centralized.
The cloud itself is a particular risk – globally connected datacenters might have a bigger capacity to absorb denial of service attacks, but they are simultaneously more vulnerable to mistakes and more advanced cyber attacks. Technologies that are fundamentally distributed and federated, rather than relying on a single point of failure, offer a big advantage.
With on-premises solutions, the most critical platforms can even be entirely air gapped, disconnected from the internet, either all the time or in response to attacks. This can ensure their availability even in the worst case scenario.
Open source solutions are not only more robust in the face of constant security threats. They also provide more transparency in their functioning. When there are issues, engineers can dive deeper than in black-box solutions, to the point where they simply read the code or even modify it to add extra information to hunt down problems. Patches from vendors like Crowdstrike, if they were open source, could be scrutinised before deployment.
Perhaps most importantly, access to their source and more widely distributed knowledge of their code base means open source products can be patched and fixed during emergencies even without vendor help.
There are solutions to the risks and economic damage caused by our dependence on just a few big tech vendors. It’s time for decisions now.
Schleswig-Holstein is transforming its state administration by adopting open-source solutions, with a key focus on the Nextcloud Hub collaboration platform. Watch back our webinar with Felix Gebauer, Program Lead and Project Manager at the Schleswig-Holstein State Administration.
Watch the webinar
DIE ZEIT, a prominent German outlet, interviewed Nextcloud’s founder Frank Karlitschek for an article on Microsoft’s anti-competitive behaviour on the European office software market. Read for a recap of the article and the key takeaways.
Read More
MagentaCLOUD’s migration to Nextcloud in 2021 resulted in a fully equipped Online Storage with an integrated online office suite that further improves the user experience, flexibility and security for customers.
Read More
The Nextcloud Community Conference is not your average event - it's a community meetup that brings together Nextcloud enthusiasts, contributors, developers, users and industry experts from all over the world.
Read More
We bring you a major update to the Nextcloud AI Assistant, plus the news we work with several big hosting providers like IONOS and OVHcloud to bring AI-as-a-Service options to you!
Read More
Bechtle and Nextcloud announce today a complete managed collaboration platform for the public sector that requires no tender and can be deployed immediately.
Read More
Discover how to make the switch from ownCloud to Nextcloud. Our quick guide provides insights into the migration process, helping you make the transition smoothly.
Read More
Today, US-based file sync & share vendor Kiteworks announced their acquisition of ownCloud and Dracoon. Kiteworks points out that their customers now have access to their file-sharing application. It is to be expected they will not maintain 3 similar products, but customers will have to migrate to the US firms’ platform or look for another […]
Read More
Nextcloud founder and CEO Frank Karlitschek earns the honorary SFS Award at the 20th annual SFSCON taking place in South Tyrol, Italy.
Read More
The first ethical, open-source AI assistant that can get a multitude of tasks done for you without compromising your data.
Read More
As part of Schleswig-Holstein's state digitization strategy, the state chancellery has announced they will work with Nextcloud to develop AI for working with government documents. This comes just after we announced the first private AI assistant last weekend with Hub 6. The German state already uses Nextcloud and their AI strategy aligns with our work on ethical, local AI technologies.
Read More
Over the last year, AI has become a popular topic. Some is hype, some is substance. Some is good, some is bad. We want to give you the good, not the bad, and ignore the hype! AI has a ton of opportunity – but also risk. So we put you in control – off by […]
Read More
Maintenance update 29.0.6 for Nextcloud Hub 8 is here! Read an update summary here and access full changelog on the website.
Read MoreAugust maintenance updates 28.0.9 and 29.0.5 for Nextcloud Hub are here! Read an update summary here and access full changelog on the website.
Read More
Discover how the Deutsche Lebens-Rettungs-Gesellschaft uses Nextcloud to provide water safety to all!
Read More
