More Control, Less Dependence: OwnIT for Digital Sovereignty
Alongside AI, digital sovereignty is one of the two most discussed topics in today’s IT landscape—and at the same time one of the most frequently misunderstood. For some, it is a political buzzword; for others, it is a call for complete technological self-sufficiency. Both views fall short.
In fact, digital sovereignty describes something very practical: an organization’s ability to control its digital systems, data, and processes in such a way that it remains capable of acting even under changing technical, regulatory, or geopolitical conditions.
The Downside of Integrated Platforms
In IT environments heavily dominated by Microsoft, this ability to act is becoming an increasing challenge. Instead of individual software solutions, an integrated platform now dominates. In many organizations, Microsoft serves as the identity, workplace, collaboration, file, and security platform all at once.
This integration offers significant advantages. It simplifies operations and administration, reduces complexity, and is economically attractive. At the same time, however, it creates a structural dependency. The consequences are evident on multiple levels: contract negotiations are often asymmetrical, price increases can only be mitigated to a limited extent, and technical or regulatory changes have a direct impact on the entire organization. An efficient platform turns into a concentrated risk.
Regulation and Geopolitics Are Increasing the Pressure
At the same time, external pressure is mounting. Regulatory requirements such as NIS-2 demand not only secure systems, but also transparent accountability and traceable access models. Geopolitical factors also come into play. Regulations such as the U.S. CLOUD Act sometimes conflict with European data protection requirements and underscore the fact that digital infrastructure is never entirely politically neutral. The question, therefore, is no longer whether dependencies exist, but how they can be actively managed.
Not a Crusade, but Regaining Control
This is exactly where the OwnIT approach comes in. It is not a backlash against Microsoft, but a strategy for regaining control. The basic idea is simple: Microsoft should remain a conscious choice—not an inescapable dependency.
The focus is not on switching technologies, but on a structured risk-reduction program at the architectural level. Companies should be empowered to actively manage their dependencies and, if necessary, have a credible exit option at their disposal. This option alone already changes the dynamics of contract negotiations.
Why It All Starts with Identity
Many security initiatives begin with visible applications such as Office, file-sharing, or collaboration platforms. However, the actual control layer of modern IT lies deeper: in identity.
Systems like Microsoft Entra ID now bundle user accounts, roles, groups, single sign-on, device access, service accounts, and security policies. Whoever controls this level ultimately controls access to nearly all of an organization’s digital resources.
Identity is therefore not just another infrastructure component, but the control center of the digital organization. That is why the OwnIT approach starts right here.
The Sovereign Core
The underlying architectural principle is: Sovereignty arises from control and freedom of decision-making. At the center is a proprietary identity core that operates independently of individual platform providers. Open-source technologies handle clearly defined tasks—from governance and provisioning to authentication and integration. What matters most is not the specific technology, but the architecture. The goal is an autonomous, controllable identity model that is not tied to a single provider.
This offers concrete advantages for CIOs:
- Greater bargaining power through a realistic exit option
- Increased auditability and transparency
- Greater resilience against provider or platform risks
- Long-term flexibility in selecting new services and platforms
Control Instead of a Big Bang
The transition is being carried out deliberately in stages. For now, Microsoft remains the primary system. At the same time, we are building our own identity core that mirrors existing structures, monitors them, and gradually expands them. Initial SSO and infrastructure use cases are being implemented in production, and governance and operational processes are being established. Important to note: This is not about an immediate transition. Neither email nor file services nor the digital workplace will be affected. The initial goal is to establish control.
Only in the next phase—if desired and technically feasible—can the roles be reversed: The company’s own identity core becomes the primary system, with Microsoft serving as a connected target system.
Sovereignty Is an Architectural Decision
Such an approach is challenging. Identity is one of the most critical components of any IT landscape. Furthermore, organizational issues surrounding governance and accountability are often underestimated. That is why the journey deliberately begins with clearly defined pilots, structured phases, and transparent decision points.
Digital sovereignty does not arise from simple solutions or symbolic technology decisions. It arises from deliberate architectural decisions that bring control back into the organization. Ultimately, it is about far more than technology. It is about the ability to shape one’s own digital future.
Companies that decouple their identity and build a sovereign core reduce risks, strengthen their negotiating position, and regain something that has been lost in many IT landscapes: true freedom of choice.
Alexander Dowertill
IT architect
E-Mail: adowertill@spirit21.com
As an IT architect, I design robust technical roadmaps for the future based on customer requirements for software, infrastructure, and security, taking a holistic view. I also analyze market trends and develop future-proof solutions that integrate the various layers.
