Then the big cloud trend came around the year 2000. The promise was always: Outsourcing saves money.
Today, companies realize that IT cannot simply be ignored. I don’t think everything will go back to the company’s own data center. But people are starting to care more about it again. They understand that IT doesn’t just come out of the socket like water or electricity.
Issues such as vendor lock-in, costs, industrial espionage and competitiveness play a major role. Mit Open Source ist man flexibler. The strategic importance of this topic will therefore continue to increase.
“Validity for one percent of the market is not enough”
The European Commission recently published its ‘Tech Sovereignty Package’ including open source strategy. Reichen diese Vorschläge aus?
Karlitschek: I think the suggestions were great. To be honest, I was surprised that people listened so well. The real challenge now is actually implementing the proposals. The description of the problem and the proposed solutions are very good, but it has yet to become binding law.
Would you make any changes to the proposals before adoption?
Karlitschek: Aktuellgibt es vier Risikostufen. In the highest, only open source and European solutions are accepted. Das betrifft aber nur ein Prozent des Marktes. I hope that in the future it will be better understood that more than one percent should care more about this.
If an application is completely non-critical and contains no personal data, then it may be perfectly fine to use providers outside the EU. But as soon as you have to comply with GDPR requirements, espionage protection, no provider dependency and so on, the highest level of requirements should be applied much more often.
U.S. companies are trying to address European customers’ concerns with cloud services marketed as “sovereign” and joint ventures with European providers. Where do you draw the line between true sovereignty and sovereignty washing?
Karlitschek: Of course, sovereignty has different dimensions. However, if you look at the problem of the CLOUD Act alone, which grants foreign authorities unrestricted access to the data here, then it is not enough to simply operate European data centers. The CLOUD Act expressly states that the regulation also applies to European data centers or subsidiaries.
Microsoft, for example, is trying to find a solution with its Delos model: the company belongs to SAP and Microsoft only supplies the software. But even then, this dependency exists because software requires updates and security patches. If these are not available or someone installs a backdoor, then you still have a problem.
That’s why Microsoft is trying hard to find solutions, but the problem cannot be easily solved.
“The product strategy will not change significantly”
Karlitschek: The basic product strategy will not change significantly. Our goal remains to offer state-of-the-art collaboration software that is open source – but with significantly more control, security and protection – and regardless of where you host it.
At the same time, new factors are now being added, in particular the influence of AI, which we want to use with our agent strategy.
In the future, you may continue to use an interface in the classic way by opening documents, entering text, and so on. However, there are also many processes that can be automated with AI in the future.
Another aspect is that AI significantly simplifies the development of custom software based on it. This means there will be significantly more tailor-made business software.
Das wollen wir mit unserem ISV-Programm nutzen. Software development is becoming easier, but companies don’t want to use just any software, they want something that is tested, certified, safe and for which someone is responsible. Genau das kann Nextcloud bieten. (mb)
This article is based on a contribution from sister publication Computerworld.
