Rising license costs, platform dependencies, regulatory uncertainties and the concentration of digital infrastructure on a few large providers are causing many companies to reassess their own digital capabilities.
For many SMEs, however, the debate about digital sovereignty quickly leads in the wrong direction. Media coverage often gives the impression that full digital sovereignty and complete independence from platforms or providers are required. For most SMEs, however, this is neither economically viable nor realistically achievable, so the objective has a paralyzing effect.
Complete digital sovereignty would mean avoiding as many technological dependencies as possible and retaining maximum control over infrastructure, software and data. In practice, however, medium-sized companies almost always work with evolved mixed landscapes consisting of cloud services, standard software, industry-specific applications and individual processes.
However, most companies’ problems do not arise because they are using “the wrong software”. It becomes critical when structures become confusing over the years. Processes grow gradually, teams develop their own workarounds and knowledge is concentrated in individual employees. If one aspect fails, the core business suddenly comes to a standstill.
The key question is therefore:
“How do we remain capable of acting in the long term?”
This is why digital resilience is often the more sensible goal. This does not mean maximum independence, but the ability to remain capable of acting at all times. This resilience is not created by technology alone. It develops along several levels:
The legal level concerns questions of responsibility and traceability. Companies need to know where sensitive data is stored, who has access to it and which regulatory requirements apply. This transparency is often lacking, especially in mature IT landscapes, because processes have developed uncontrolled over the years.
The technical level describes how well systems remain changeable in the long term. This involves interfaces, integration capability, documented processes and control over the features of the software used.
The operational level is underestimated in many discussions. It concerns the organizational reality behind the technology: How well is knowledge distributed? How much do processes depend on individual people? How quickly can an organization adapt to new requirements?
The data-related level determines whether information within the company remains consistent, traceable and usable in the long term. Backups, the architecture of cloud solutions and data formats are crucial here.
Most medium-sized companies today work with historically grown digital structures. Microsoft 365, SAAS ERP systems, CRM solutions, cloud storage and individual special tools often exist side by side. Operationally, this often works surprisingly well – at least until changes suddenly become necessary. And this can have very different causes: A software provider is acquired and license models change at short notice. Prices rise much faster than expected. Functions are discontinued or tied more closely to certain platforms. Security requirements change. Or geopolitical developments suddenly lead to companies having to reassess their previous dependencies.
Complicated and externally dependent IT landscapes are usually created step by step:
… because a solution is needed quickly
… because projects are under time pressure
… because individual teams have to work pragmatically
This often seems harmless in everyday life and many of these solutions arise for – initially – good reasons. Employees are simply trying to do their work efficiently and solve operational problems quickly. It only becomes problematic when business-critical dependencies arise.
A typical example is sales or project data that has grown over the years in Excel files on OneDrive. Initially, this is a pragmatic workflow. Over time, however, macros, manual synchronization and individual logics develop. Knowledge is concentrated on individual employees, interfaces are not documented and databases drift apart.
The problem here is not Excel or OneDrive itself. It becomes critical when core operational processes grow outside of comprehensible structures and no one has a clear understanding of how dependent the company has become on them. Digital risks therefore do not arise from individual wrong decisions, but from many pragmatic decisions without a common orientation.
A common mistake in the discussion about digital sovereignty is to evaluate all dependencies equally. This can quickly have a paralyzing effect. However, a different perspective is much more helpful for SMEs: risks must be prioritized.
Two simple questions help here:
– How critical is the system to business operations?
– How realistic is a change?
This approach allows a far more realistic view for SMEs. Not every platform dependency is automatically problematic. Rather, the decisive factor is how great the damage would be in an emergency and how much room for maneuver remains in the long term.
A presentation tool or a small collaboration tool, for example, creates significantly lower risks than a proprietary ERP system or an uncontrolled Excel landscape around customer, project or production data.
It is precisely this differentiation that is missing in many discussions. Not all software needs to be replaced immediately. Not every platform dependency is automatically dangerous. It becomes particularly critical where high dependencies are combined with low changeability.
This is why pragmatic prioritization makes more sense for many SMEs than radical transformation programs:
These systems should be prioritized. If critical dependencies can be reduced relatively easily, this is often the greatest short-term lever for greater resilience.
Making risks visible, documenting knowledge, securing backups and interfaces and preparing long-term migration or exit strategies.
Low-critical and easily replaceable solutions should not tie up resources unnecessarily as long as more important structural issues remain unresolved.
Less acute pressure to act. Transparency, standardization and gradual simplification as a goal to reduce unnecessary complexity in the long term.
This shifts the discussion away from ideological issues towards a more realistic assessment of risk, control and changeability.
Medium-sized companies in particular often work under a heavy operational load. IT departments are small – if they exist at all. Processes have grown historically and personnel redundancies are limited. At the same time, regulatory requirements, integration efforts and technological complexity are increasing.
This is why large, one-off transformation programmes often fail not because of the technology, but because of organizational overload. The role of so-called shadow processes is particularly relevant here. These often arise not because of resistance to digitalization, but because employees have to solve operational problems pragmatically.
If processes become too slow, too inflexible or too complicated, new Excel lists, manual data copies, parallel communication channels, etc. are created almost automatically.
More sustainable transformations are created differently: iterative, modular and participatory. Small, stable improvements are more successful for many SMEs in the long term than large one-off transformations. Resilience is rarely created through radical upheavals, but through many small decisions that maintain the ability to act in the long term.
Long-term resilient system landscapes usually follow similar principles. They are characterized by traceable data flows, documented processes, controllable data storage and low individual dependencies. At the same time, changeability is maintained because systems can be expanded on a modular basis and data is available in open formats.
This is precisely why open platform approaches and open source technologies are becoming increasingly important, as they can increase adaptability and reduce lock-in risks. However, a differentiated view is also important here. Open source does not automatically reduce complexity. Open platforms also require governance, documentation and organizational maturity.
Most SMEs do not need to become completely digitally independent. But they should avoid becoming digitally incapacitated and dependent on third parties. The decisive step is therefore not to build everything from scratch. It is more important:
– make critical dependencies visible
– prioritize risks sensibly
– increase organizational resilience
– consider changeability in the long term
Digital resilience is therefore less a final state once achieved than a strategic orientation that enables companies to remain capable of making decisions in the long term. This is exactly what we at Nuclos have been working on for many years with our open-source, low-code approach: how can individual process landscapes be flexibly digitized without losing long-term adaptability and control. If you are concerned with the question of how evolved process landscapes can be made more flexible, transparent and resilient in the long term, arrange a personal consultation with us now!
Companies are constantly faced with the challenge of making their business processes more efficient. Quotations must be prepared more quickly, invoices must be checked immediately and internal decisions must be documented in a traceable manner
Only functional cookies are used on nuclos.de. These help, for example, to retain your language settings.
Only functional cookies are used on nuclos.de. These help, for example, to retain your language settings.
