Open-source is becoming increasingly important in security-critical IT environments – especially where traceability, control, and independence are essential. This becomes a risk especially in security-critical areas: because those who do not know the source code can neither reliably inspect nor respond independently. Updates, licenses, and interfaces are externally controlled – and with them, the digital future viability.
Digital Sovereignty Through Open Source – A Growing Trend
More and more organizations are deliberately using open source as a strategic factor – not least in light of increasing supply dependencies, regulatory requirements, and growing dependence on non-European technology corporations. Open-source technologies offer transparent architectures and strengthen digital capability to act. For companies and public administrations, open source is becoming a central building block for independent, auditable, and future-ready IT infrastructures.
But what does this change mean concretely for existing IT architectures? What challenges arise during the transition – and how can they be strategically managed?
Technical Challenges When Switching to Open Source
An open-source migration rarely affects just individual applications – in most cases, it involves replacing entire technology stacks: operating systems, file services, groupware, identity management, container platforms. A successful transition therefore requires a realistic assessment of the current architecture, structured planning, and a technical target model with clear risk evaluation. Central questions in advance:
- What dependencies exist on proprietary formats or APIs?
- How will the roles and permission system be redesigned?
- Which functions must be replaced 1:1, and which can be optimized?
- How is know-how built up internally, and how is long-term support ensured?
Technically, almost all IT functions can be implemented today using open-source components. The real challenge lies in strategic governance – from the migration path to regulatory-compliant operation.
Five Phases to a Sustainable IT Migration
CONVOTIS supports organizations from the public sector and regulated industries in switching to open-source-based IT structures – with a structured approach, technical expertise, and focus on regulatory requirements. The migration approach includes five phases:
- Readiness Assessment: System analysis, license review, and identification of existing dependencies
- Compatibility Check: Interfaces, file formats, interoperability with specialized procedures
- Piloting: Sandbox tests with Linux, LibreOffice, Nextcloud, OpenProject, Keycloak, OpenLDAP
- Operating Model: Setup of internal support processes, monitoring, and maintenance structures
- Enablement: Trainings, technical documentation, development of governance and service processes
In doing so, we take into account regulatory requirements such as NIS2, GDPR, or the Swiss EMBAG – all CONVOTIS solutions meet these requirements through documented security processes, ISO 27001-compliant operation, and transparent auditability.
Infrastructure Example: Open Source in Practice
A typical migration scenario at CONVOTIS is based on a modular, interoperable architecture that can be centrally controlled, securely operated, and flexibly expanded. The components used are technologically established, regulatorily validatable, and fully integrable – from the workstation to the backend system.
Typical components of a migration architecture:
Linux-based clients with central management
Use of enterprise-proven Linux distributions for workstations with secure integration into existing networks – including remote management, policies, and package management.
Office compatibility with LibreOffice or Collabora Online
Processing of common office formats based on open-source tools – either locally or web-based in the organization’s own data center. Ideal for standardized processes in administration, specialized departments, or project work.
File and collaboration services
Secure file storage, collaborative document editing, and calendar and task management – as an integrated file-sharing and collaboration service that can be embedded into existing IT environments. The solution supports connections to LDAP, Active Directory, and existing permission systems and meets the highest requirements for data protection, control, and auditability.
Identity and rights management with Keycloak or OpenLDAP
Central authentication and authorization solutions for single sign-on, role-based access control, and multi-tenancy. Integration into specialized applications and web applications via standard protocols such as SAML and OIDC.
Container-based backend operation with Kubernetes & GitLab CI
Deployment and operation of containerized business applications or middleware components in highly available Kubernetes environments – with automated CI/CD pipelines, service monitoring, and API integration.
Monitoring & compliance with open-source tools
Implementation of transparent operational processes with monitoring (Prometheus), logging (e.g., ELK), and standardized backup strategies (e.g., Velero) – aligned with ISO 27001, NIS2, and national data protection requirements.
All components are brought together in a customized operating model – on-premises, in the private cloud, or as a managed service by CONVOTIS.
Challenges in Open Source Migration
Every open-source migration brings technical, organizational, and procedural challenges. CONVOTIS addresses these specifically:
| Challenge | Solution |
| Proprietary dependencies | Architectural shift to modular, auditable open-source components |
| File format compatibility | Converters, adapters, migration routines for seamless transitions |
| Operational reliability | Monitoring (Prometheus), logging (Grafana, ELK), backup (Velero) |
| Regulation (NIS2, EMBAG, GDPR) | Implementation through certified processes, internal controls, documented security mechanisms |
| Know-how & operational competence | Trainings, operation manuals, development of internal support teams |
| TCO & lifecycle transparency | Holistic cost analysis including maintenance, update cycles, extensions |
Next Steps Toward a Sovereign IT Infrastructure
Open source creates the foundation for transparent architectures, auditable operating models, and an independent IT strategy. With a clear roadmap, technical experience, and regulatory understanding, CONVOTIS makes your IT sovereign, scalable, and resilient. Our experts support you with analysis, architecture, and operations – from the first system evaluation to the controlled rollout.
Do you want to make your IT independent, auditable, and compliant? We’ll work with you to develop a robust migration scenario – tailored to your systems, your organization, your goals.