The Sovereignty Bluff: Why We Are Tenants in Our Own Business

Executive Summary:

  • The Risk: We have legal ownership of our cloud data, but no operational possession. If a vendor locks us out, we stop functioning.
  • The Compliance Gap: Current SaaS backups likely fail DORA/NIS2 requirements because they cannot be restored without the vendor's cooperation.
  • The Solution: A "Lifeboat Architecture" that keeps a neutral, vendor-independent copy of critical data, allowing you to operate a "Minimum Viable Company" during a crisis.

We celebrate our "Cloud First" strategies and lull ourselves into a false sense of security because our contracts guarantee us "ownership" of the data. But when the plug is pulled — whether by technical outages, geopolitical tensions, or a simple blocked credit card — the brutal truth is revealed: We have ownership, but we do not have possession.

We are tenants in our own business, and the landlord has changed the locks.

While European politics debates the dependency on foreign payment services like VISA and MasterCard, we face a more immediate existential threat in our daily IT operations. Is SaaS a poison pill? It isn't inherently good or bad, but our current approach to it is a strategic trap. We need to stop acting like well-insured tenants and start acting like owners.

To do this, we must identify and protect our "Minimum Viable Company" — the core set of data and processes required to keep the business alive if the cloud evaporates. We don't need to replicate the entire luxury cruise ship of our SaaS stack; we just need a lifeboat that floats.

Read on for the full details.

Ownership vs. Possession: The Brutal Truth

The fundamental risk of SaaS is not "security" or "cost" — it is the illusion of control.

Think of it this way: You have the title to your car (Ownership), but the car is parked in a garage you don't own, and the garage owner holds the only set of keys (Possession). If the garage owner decides to lock the doors because of a "Terms of Service violation" or a billing dispute, your legal ownership is worthless. You are standing on the street, staring at a car you own but cannot drive.

We accept that the SaaS vendor can cut access to our own data at any moment without advance notice. We accept making do with only the capabilities they provide. We accept blind trust in their security posture.

This is not just a technical inconvenience; it is a sovereignty crisis. Digital sovereignty doesn't mean building everything yourself. It means having the choice and the ability to leave or continue operations, even if the cloud provider is no longer there.

The 15-Minute-Audit for CEOs: Ask your CIO this question today: "If [Critical SaaS Provider] bans our account this afternoon, do we have a PDF copy of every open invoice and a CSV list of every active client on a server we control?"

If the answer is "No, it's in the cloud backup," you are not insured. You are trapped.

The Lifeboat Architecture: Your "Data Jailbreak"

How do we regain possession? We need a "Data Jailbreak."

The "Lifeboat Architecture" is a simple but radical concept:

Keep a full copy of your data in your own possession while making full use of SaaS offerings.

This is similar to going on a transatlantic cruise and bringing along a personal lifeboat that runs alongside the ship. While every passenger is guaranteed a place on the ship's lifeboats, no SaaS vendor comes with an exit option built-in.

The Challenge: The "No Restore" Trap

In theory, this is simple: Automate backups to local storage. In practice, SaaS vendors make this arbitrarily difficult. After analyzing dozens of SaaS offerings, I found that standard APIs are often traps:

  • The Metadata Gap: You can export files, but not the permissions or sharing controls that give them context. You cannot export the configuration that defines the SaaS behaviour.
  • The One-Way Street: Vendors often provide no import function for the data you can export. You can only export some of your content, not all of it.
  • The "Compliance" Excuse: Vendors point to manual, once-a-month GDPR exports when asked for automated backup solutions.

We need to break our data out of these proprietary silos. A true "Data Jailbreak" converts proprietary SaaS data into neutral, usable formats (JSON, CSV, PDF, EML, DOCX, XLSX, PPTX, etc.) that are readable without the original application.

Practical examples of this struggle and solution include:

  • Microsoft 365: See the emerging Microsoft 365 Backup solutions, although I couldn't find details about what cannot be restored properly.
  • Google Workspace: See my "Mission Impossible" analysis for a best-practice solution.
  • Harvest Timetracking: See my "vibe-coded" backup tools article on how to build your own extraction tools when none exist.

The Rebellion: A Strategy for Digital Independence

Your IT strategy must shift from "managing subscriptions" to "ensuring survival." This is your rebellion against vendor lock-in.

  1. Backup is Resistance: Don't just tick a compliance box for DORA or NIS2. Use your backup budget to build genuine independence.
  2. Accept the "Shattered Restore": You might never be able to restore data perfectly back into the SaaS platform. Accept this. A pile of JSON files and PDFs on a local server is infinitely better than a locked account. You can still search, read, and work with that data.
  3. Build Your Own Tools: If a vendor doesn't offer an export API, build one. With modern AI-assisted development ("vibe coding"), writing a custom scraper or API connector to "jailbreak" your data is faster and cheaper than ever before.

The No-Restore Solution: Building the "Minimum Viable Company"

We should categorize our SaaS portfolio not just by cost, but by survival necessity. I propose three categories to build your "Minimum Viable Company" — the lifeboat that keeps you afloat when the luxury cruise ship sinks.

  1. Mission Critical Systems (Your Lifeboat and Emergency Generator)

    Everything needed to keep the lights on and money coming in. For these, a backup is not enough. You need a No Restore Solution (see the video or slides of my talk).

    This is a scaled-down, ready-to-run replacement system with your data and users already active. Like a hospital's emergency generator, it doesn't run the kitchens, but it keeps the patients alive. When the SaaS outage hits, you switch operations instantly.

  2. Important Systems

    Everything else where the data matters. Here, we accept a "Shattered Restore." We need a solid backup to ensure we have the data, even if restoring it involves manual work or migrating to a different tool. It may take a while. The business survives, even if it hurts.

  3. Nice-to-Have Systems

    If it fails, it's gone. We skip the backup. If the vendor locks us out, we start from scratch or decide we didn't need it.

Conclusion

Sovereignty means being able to say "No." If you cannot say "No" to Microsoft or Salesforce because you have no way to exit, you are not sovereign.

I hope these thoughts contribute to your plans around Software as a Service.

We at Tektit Consulting are happy to support you in developing your own IT strategy — ensuring that when the landlord changes the locks, you still have a key to your own house.

Comments

Post a Comment

Like this content? You could send me something from my Amazon Wishlist. Need commercial support? Contact me for Consulting Services.

Popular posts from this blog

Bitkom Forum Open Source 2024 in Erfurt

Image
Triggered by a provocative announcement for their The Cuckoo in the Tendering Process: When the vendor loses to itself panel discussion by Peer Heinlein  ( Heinlein Support ) and Johannes Loxen  ( Sernet ) on LinkedIn, I attended the 10th Bitkom Open Source Forum  in Erfurt . This free one-day conference on open source in a business context has become a highly informative event - that is well worth attending. This year's motto of  The future of open source - fair, regulated, intelligent was exactly what I needed at the moment, and I spent the whole day in the Open Source - regulated  track. Cockoo or What Is My Business Model? The panel discussion was about the challenges Peer faces in marketing OpenTalk , the open source videoconferencing software that Heinlein Support has developed over the last few years. Competitors seem to be offering OpenTalk hosting packages in public tenders, even though they don't contribute to the code or fix bugs. In the end, Peer c...
Read more

Overriding / Patching Linux System Serial Number

Image
I'm a big fan of test driven development  (TDD) for infrastructure components. I'm currently working on a hardware-related topic where we also use the system serial number as identifier. To create a proper integration test, we need to be able to start a system and set the serial number to a known value. This can easily be done with the help of virtual machines like in VMware or VirtualBox , but I couldn't find a way for changing the system serial number on hardware boxes, cloud VMs (e.g. on Alibaba Cloud) or other Linux system. Problem Analysis I was thinking: Linux is the operating system where I can potentially do everything . So how hard can this be? After some digging around I found out that there are those main sources for the serial number on Linux: /sys/firmware/dmi/tables/DMI contains a binary blob of Desktop Management Interface data provided by the kernel and the dmidecode utility is commonly used to decode...
Read more

Automated SOPS compliance checking with sops-check

Image
SOPS is the de-facto standard for securely storing secrets in Git repositories. It creates encrypted containers that protect the secret content. The containers are in YAML, JSON, ENV or INI format so that the regular Git operations and line-based diffs still work. Also, SOPS only encrypts the values of the secrets so that it is easy to see the purpose of a secret. SOPS files use external "trust anchors" for key material so that the ability to decrypt a SOPS file depends on the access to the appropriate decryption key or service. While SOPS files are considered secure by themselves, the security posture actually depends entirely on protecting these external trust anchors - and on controlling the trust anchors added to a SOPS file . SOPS files are often used with cloud-based key management systems (KMS), which has the great advantage of providing an online identity verification  prior to granting access to the encrypted data. A malicious actor — espe...
Read more