90 percent of German companies use cloud solutions—but the dominance of U.S. hyperscalers creates structural dependencies, compliance risks, and vendor lock-in, explains Lars Watling, Senior Director of Brands, Mail & Productivity at IONOS.
Digitalization demands rapid adaptation from companies – and the cloud has long been a given. According to the Bitkom Cloud Report 2025, 90 percent of German companies already use cloud solutions. This trend is especially pronounced where collaboration, data exchange, and communication are increasingly organized through centralized platforms.
At the same time, the implications of the strong dominance of US hyperscalers are becoming increasingly visible: more than 60 percent of the German economy would be massively constrained in its ability to operate without these services. What at first glance looks like efficient IT organization is, in the day-to-day work of many companies, developing into a structural dependency.
This dependency is increasingly at odds with the growing need for control and a geopolitical reality in which digital infrastructure is becoming a security issue. As a result, 82 percent of companies are calling for powerful European alternatives. The shift to sovereign solutions is therefore no longer an ideological debate, but a strategic necessity.
When Convenience Becomes a Risk: Legal Uncertainty, Cyber Risks, and Vendor Lock-In
The reassessment of existing cloud strategies is driven not least by growing risks in the digital space. Cybercrime is no longer an isolated IT issue for many German companies but a serious threat to business processes, reputation, and economic stability. According to Bitkom, sabotage, espionage, and data theft caused damages of approximately 178.6 billion euros in Germany in 2024 alone.
Security risks arise not only from external attacks, but also from a lack of control over one’s own digital infrastructure. Highly centralized, proprietary exchange and collaboration platforms bundle large volumes of data and create uniform attack surfaces. They also make it harder for organizations to transparently trace security mechanisms or to take countermeasures independently and in a timely manner. Digital sovereignty thus becomes a central factor in cyber resilience – because only those who control their own architecture, access rights, and data flows can sustainably reduce risks.
Beyond criminal risk, the legal dimension is increasingly coming into focus. Since 2018, the US CLOUD Act has enabled US authorities to access data – even when that data is stored within the EU. This creates a permanent compliance risk for companies, which may be further exacerbated by concerns about industrial espionage depending on the sector.
A third issue, often recognized too late in practice, is vendor lock-in. Those who deeply integrate into a proprietary ecosystem lose technical and financial flexibility, making themselves dependent on the pricing, roadmaps, and interfaces of a single provider.
Taken together, these factors show that short-term convenience can lead to long-term restrictions on control, security, and strategic room for maneuver.
What Modern IT Architectures Must Deliver Today
Against this backdrop, the requirements for future-proof IT architectures are increasing significantly. Three key criteria can be identified for collaboration and data exchange:
- Real Data Sovereignty
Organizations must be able to determine exclusively where data is stored and who has access to it. Following ECJ rulings on the uncertain legal situation regarding US data transfers, this is the decisive lever for many organizations to act in a legally compliant manner.
- Transparency Through Open Source
Open-source software enables independent audits. Only if the code is verifiable can backdoors and hidden data leaks be reliably ruled out.
- Seamless Integration
Sovereign solutions must not be isolated solutions. Via open standards such as LDAP, WebDAV, or modern APIs and MCP, they must integrate into existing IT landscapes. Only in this way can organizations ensure both user acceptance and manageable administration.
How Sovereign Collaboration Is Put Into Practice
Several European collaboration platforms demonstrate how organizations can practically implement the requirements described above. They focus on data sovereignty, transparency, and easy integration, and combine key collaboration functions – such as file sharing, co-editing of documents, communication, and video conferencing – in a manageable IT environment.
Depending on their organizational model, companies operate these platforms in their own data center or with European hosting providers. This allows them to retain control over where they store data and how they process it. Open interfaces also make it easier to integrate the systems into existing IT landscapes.
Many of these solutions are built on open source. This provides visibility into the source code and reduces dependency on individual providers. These platforms often also refrain from sharing telemetry data with third parties. Public institutions and European small and medium-sized enterprises, for example, use such solutions – including Nextcloud.
Why Security and Control Become a Competitive Advantage
Moving away from one-sided cloud dependency is now more than a security measure. It strengthens the capacity for innovation and future viability. Organizations that rely on European solutions are better protected against third-country access, regain control, and signal to customers and partners a responsible approach to data. All of this represents an important foundation for sustainable growth.
Open standards prevent technical dead ends and keep infrastructure flexible for new developments. Even AI applications can be integrated securely in this way – provided that data processing remains within the European legal framework.
In the end, the choice of a cloud platform is not merely an IT detail but the question of who retains control over one’s own digital actions.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de