Souvereignity, Risk Management and Single point of failures
Why I’m Leaving Big Tech Behind
This blog post is different from my usual content. Today, I want to share my recent experiences—and lessons learned—from moving away from Big Tech, especially US-based providers.
The Wake-Up Call
Over the last decade, Europe faced a harsh reality: relying too heavily on other countries is a risky bet. Whether it’s Russian gas and oil, Chinese chips, or US IT services, global dependencies can have serious consequences for your business. What happens if your supplier stops delivering critical parts? Or if your service provider suddenly cuts off access? What if this doesn’t just affect one partner, but an entire region? Do you have a Business Continuity Plan ready for these scenarios?
The Hidden Costs of Convenience
Many companies have built their entire IT infrastructure around a single provider—often Microsoft. With the push toward managed services (SaaS), you gain convenience but lose control. While your IT team may have more time, the risks grow. Microsoft’s service availability isn’t necessarily better than what you could achieve in-house. And what if an outage isn’t just technical, but political? The same concerns apply to Google Workspace, Slack, Salesforce, Jira, GitHub, 1Password, and others.
Intellectual Property: Who Really Owns It?
Companies worry about IP theft, yet they willingly hand over their data to Big Tech—data that’s used to train AI or improve products. If your entire workflow depends on a single ecosystem (Outlook, Windows, Teams, SharePoint), you’re creating a massive single point of failure. The probability of a catastrophic event may still be low, but the impact could be devastating. Some businesses simply aren’t willing to take that risk.
The Challenge: How to Break Free Without Sacrificing Efficiency
So, how can you reduce these risks without increasing headcount or compromising convenience, efficiency, and speed?
European Alternatives
When we thought about starting our own company, we wanted to make sure to have a very heterogenous IT landscape, with a high level of integration and with no single point of failures - best of breed, but from europe.
A great overview or european companies can be found on european-alternatives.eu. For self-hosted services, I recommend selfh.st
Some examples that are probably relevant for most companies:
| Service | Big Player | European Alternative or Self-Hosted |
|---|---|---|
| Microsoft Outlook/Exchange | mailbox.org, Proton | |
| Videocalls | Teams, Slack, Google Meet | opentalk, Jitsi, matrix |
| Chat / IM | Teams, Slack | Rocket.Chat, Zulip, Jabber, Matrix |
| GenAI / AI Chatbot | ChatGPT, Gemini, CoPilot | LeChat/Mistral, Proton (Lumo) |
| (online) Document/Spreadsheet Editor | Microsoft Word, Google Docs | OnlyOffice / LibreOffice / mailbox.org |
| PDF Editor | Adobe Acrobat | StirlingPDF |
| Password-Manager | 1password | heylogin, Vaultwarden |
| Documentation | Sharepoint / Confluence | Docmost, Outline, Nextcloud |
| Code Version Control / Developer Platform | Github, Gitlab | Codeberg, Gitea, Forgejo |
| e-Signature | Adobe Sign, Docusign | Docuseal |
| CRM | Salesforce, Braze | Brevo |
| Analytics / Tracking | Google Analytics, Amplitude | plausible, rybbit |
| SIEM | Elastic, Splunk | Wazuh |
| PKI | Sectigo, Microsoft PKI | letsencrypt, StepCA |
What to self-host and what to NOT self-host
Email (incl. productivity and collaboration tools)
Experience from the past showed that setting up your own mailserver is easy, but keeping it “alive” is a huge challenge. Large companies (like Gmail, Microsoft, Yahoo) don’t necessarily trust your mail server, but wont tell you. So there is a huge risk that your mail never reaches the recipient without any side knowing about it.
Neighbouring IP-Adresses from your hoster might put the whole IP-Range on a block-list, which you need to a) monitor and be alerted about and b) take action to get your IP removed from these block-lists.
So my clear recommendation: Find a trusted (european) alternative. We had great experience with mailbox.org. They also offer onlice Document and Spreadsheet Editors, basically replacing Google Workspace / Microsoft 365.
You can obviously split productivity / collaboration tools from your email. Options here are OnlyOffice or Nextcloud.
Chat / Instant-Messaging
Most people know and use Microsoft Team or Slack on a daily basis, but there are great alternatives that cover most (but not all) functionality. Rocket.Chat and Zulip are applications that are easily self-hosted, that cover most functionality. For a hosted alternative, I can recommend Matrix/Element.
Password Manager
This piece of software becomes a critical component in your stack very fast! So be sure to align the level of risk you are willing to take on this. For personal use vaultwarden as a self-hosted server for bitwarden clients can be the right choice, but make sure you follow backup best practices!
For our company we opted for the managed solution from heylogin.
Selfhosting, in a way it scales!
IaC FTW
The times of treating servers as pets is long gone, we herd cattle now! This principle if crucial when it comes to scaling and managing infrastructure, even if it’s just a few nodes.
Use Ansible (or similar) to provision your server from day 1
Don’t trick yourself into thinking “doing stuff manually is faster”. While this might be in some situations, long term, you will be faster by managing your services with the right tools.
Ansible is one of the most popular choices, when it comes to provisioning infrastructure.
It can be easily used in a CI/CD process and pipeline. Secrets for your applications are handled securely either using ansible-vault or openbao.
Docker-Compose + Traefik for fast and easy deployments
traefik is a popular reverse proxy to publish your services to the internet. One popular feature is the integration to docker, to use docker labels to provision new services.
Middlewares for authentication or TLS options to enforce mTLS can block unwanted access to your services on reverse-proxy level.
Launching a new service on your machine, is as easy as launching a new container with the right labels. Of course you need your DNS set up accordingly (e.g. subdomain wildcard).
borg-backup for reliable backups
Not all managed/SaaS applications give you the option to create backups, if there is an option: do it! This might also be your way to export your data in case of a migration. Don’t rely on the company to protect your data. Assess your risk here and decice if you can survive a complete data loss. Depending on that assesment, take action.
For everything we self-host, we need to take care of backup anyway. I opt for borg or rather a wrapper called borgmatic.
This gives you the option to easily follow the 3-2-1 Backup Rule. Keep in mind, that offsite != offline. If you want to make sure no one can get to your backups, keep the storage offline - e.g. using LTO Tapes.
Remember to create a playback on how to restore your backups and test the restore-process at least once a year (ideally every month).
Monitoring, Monitoring, Monitoring
For self-hosted services, you are responsible to fulfill your SLAs. So make sure you have visibility into your systems. uptime-kuma and beszel are leightweight solutions to get started. If you only have one server, you should make sure monitoring is running on another machine! Make sure you also monitor your monitor.
When you use blocklists or mTLS on your web-endpoints and you rely on these services to block every access unless they come from a certain IP of have a valid client TLS cert, make sure you add a monitor for that. This upside-down monitor triggers an alert in case your service becomes available!
For (system)jobs like backups, you can use Uptime Kuma’s Push monitor type or use (or self-host) healthchecks.io.
Conclusion
Finding the Right Balance: Hosted Services vs. Self-Hosting
There are many ways to reduce reliance on US Big Tech—ultimately, the best approach depends on your risk appetite. For critical services where downtime is unacceptable, we chose established hosted providers. Their expertise and reliability help ensure business continuity. For other services, we felt confident managing them in-house. Interestingly, while we never formally defined service level agreements (SLAs), we unconsciously set our own standards—and these guided our decisions.
The Trade-Offs: Big Tech vs. Smaller Partners
Opting for smaller providers does introduce risk: they may be more vulnerable to failure than industry giants. But remember, no company is “too big to fail.” You don’t need a provider to go out of business to lose access to your data. The difference? With smaller partners, you’re more than just a customer—you’re a valued partner. Big Tech, at best, sees you as a number.