In Episode 20 of runZero Hour, we sat down with ProjectDiscovery co-founders Rishi Sharma and Sandeep Singh for a wide-ranging conversation on how open source is driving the next wave of security tooling and what it means for practitioners in the field. Our CEO HD Moore also dropped by to share some exciting updates on runZero’s recent collaboration on the Nuclei project.
Here’s a recap of what we covered:
How Nuclei became the standard for vulnerability detection #
What started as a tool to automate repetitive bug bounty tasks is now a best-in-class vulnerability scanner with over 10,000 detection templates and over 100,000 users. ProjectDiscovery’s open source model and approach to community collaboration have helped scale Nuclei into a critical tool for security professionals and researchers alike.
Beyond Nuclei, ProjectDiscovery has released 20+ tools (including Subfinder, DNSX, and HTTPX) that chain together for reconnaissance, service discovery, web crawling, and vulnerability scanning. Each tool can work independently or plug into broader workflows using command-line pipes, creating a powerful, modular toolkit for modern offensive and defensive security teams. These tools aren’t just open source, they are provided under one of the most permissive licenses available (the MIT License), simplifying integrations and collaboration with commercial tools and services.
runZero’s engineering collaboration with ProjectDiscovery #
HD Moore shared how runZero is contributing back by working with the ProjectDiscovery team to support in-process concurrency and eliminate race conditions. These updates make it possible to run thousands of Nuclei engines with different configurations in the same process, enabling new approaches to embedding and integration.
From headless, browser-based testing and auto-generated templates to more robust authenticated scanning and better fuzzing support, ProjectDiscovery is doubling down on usability and coverage. They’re also experimenting with AI-driven template generation, with a focus on maintaining quality and control. Check out their public roadmap for upcoming features.
Nuclei supports automatic targeting using the “autoscan” (-as) flag. This feature uses technology detection templates to then select specific follow-on checks for individual systems and services.
runZero takes a different approach; we handle the service discovery, fingerprinting, and targeting logic within the runZero scanner, and then run thousands of individual Nuclei engines that are each tuned for a single service for precise vulnerability scanning.
Both models work great and whether you want to run a single Nuclei engine or thousands of concurrent engines, the code base now supports both!
Shared commitment to open source and community standards #
Everyone agreed: if you’re using open source in your product, you should give back. That’s why runZero is contributing patches, detection templates, test coverage, and new features into the ProjectDiscovery ecosystem. We’re excited to be part of the open source community and are working on two big updates; porting SSHamble to Nuclei and integrating our excrypto package to simplify TLS communication across the ecosystem.
The team wrapped up with a fun (and very real) story: Stephen Fewer (of Rapid7) reported eight new vulnerabilities in printers made by Brother. One of these issues included the ability for an attacker to obtain detailed device information, including the printer serial number, through an unauthenticated web page. This is important because Rapid7 also discovered that the default password is derived from this serial number and the process can be reversed. Even worse, Brother isn’t able to address this in a firmware update, and the fix will only be available in devices built using a new manufacturing process. The funny part is that runZero has been detecting and reporting Brother printer serial numbers for years, using the eSCL protocol, and we didn’t consider it a vulnerability until the recent vulnerability disclosure. As a result, we’re now tracking the eSCL serial number leak as a follow-on issue with JPCERT/CC, building off Rapid7’s recent investigation.
About runZero runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
One of the great benefits of using open source software is the flexibility that it offers to developers and organizations to use various open source technologies, complementary components, many options to integrate with other software, and above all, independence from vendors. It offers freedom from being locked into a specific proprietary vendor’s technology, support, and contract.
That said, the typical enterprise organization is using many pieces of open source software within their stack, each with varying support needs. For some organizations, that means managing different support vendors for each piece of open source software and, ultimately, managing the costs and challenges of working with those vendors.
In this blog, we look at the modern realities of using open source in the enterprise, why open source vendor consolidation is important, and how shifting to a vendor-neutral technical support strategy can reduce the complexity of infrastructure maintenance.
At its core, OSS refers to software whose source code is openly available for modification, enhancement, and redistribution.
This transparency enables rapid innovation, security validation, and collaborative development. Many OSS projects operate under copyleft licenses, which require modifications to be distributed under the same terms — an important consideration for companies navigating commercial vs. community open source models.
Major corporations such as Google, Microsoft, Apple, Meta, and IBM are using OSS, as well as as contributing to certain key projects. These investments often align with initiatives like ecosystem expansion, developer engagement, and shared infrastructure strategies.
Cloudera, Confluent, Databricks, and MongoDB are prime examples of companies that have successfully commercialized OSS using two distinct business models: Software as a Service (SaaS) and Open Core Software. Both of these approaches can be combined or augmented with professional services and technical support.
Software as a Service
The software-as-a-service (SaaS) business model involves open source software that is hosted, maintained, and easily available for consumption. Users of open source software under this model do not have to worry about installations, deployments, and infrastructure issues.
Open Core Software
The second category refers to what is called open core software, where vendors add proprietary features or tools to open source software (often geared toward enterprise use cases) and sell it via subscription, often with premium support included.
Why do organizations opt to pay for commercial versions of open source technologies they could deploy for free? We asked about this in the most recent State of Open Source Report, and the top response was “professional support and maintenance” (44%) followed by “additional features” (25%).
With both of these models, there are two common pitfalls that organizations should be aware of: juggling too many vendors (and support contracts) and vendor lock-in. Avoiding vendor-lock in was the second most cited reason for choosing OSS in the State of Open Source Report, so organizations seem to already be aware of that risk. Vendor sprawl, though, can present just as many challenges.
As we have seen with all types of technology over the years, there are periods of expansion and there are periods of consolidation. Open source software is well into an expansion phase and every day there are more open source projects — just look at the CNCF cloud-native and the AI & Data Foundation landscapes for a small sample.
A byproduct of this is that organizations are using more open source software and, consequently, contracting with more commercial open source vendors. The most recent State of Open Source Report found that about a third (32%) of large enterprises (>5K employees) work with more than 10 vendors to support their open source, and a little over a quarter (27%) work with 20+ vendors. That’s a lot of different vendors to manage and can lead to finger-pointing when something goes wrong, delaying resolution.
As part of moving toward a more mature open source strategy, CIOs, CISOs, and IT executives would be wise to pursue vendor consolidation initiatives — something that benefited the largest software companies 10 or 20 years ago (e.g., consolidation into all Microsoft, or Oracle, or IBM software products).
The benefits of vendor consolidation include:
Reduced Costs: Fewer vendors, streamlined processes, and optimized resource allocation can lead to significant cost savings.
Improved Efficiency: Consolidation simplifies workflows, reduces complexity, and allows teams to focus on core tasks rather than managing disparate tools and processes.
Enhanced Security: A more centralized approach to security management can improve vulnerability detection, response, and overall security posture.
Better Collaboration: Consolidation can break down silos between teams and departments, facilitating better communication and collaboration.
Simplified Operations: A unified platform or streamlined processes can make it easier to manage and maintain open source software.
Now the question becomes, how can organizations consolidate open source vendors and get the best technical support for the OSS inside their mission-critical applications? (Hint: it’s also how they can avoid vendor lock-in.)
Making the Shift to a Vendor-Neutral OSS Support Provider
A key reason to go with commercial versions of open source software is access to technical support — to have someone to contact when something goes wrong or is not working properly. But what if you could get SLA-backed support that was not attached to a commercial vendor?
That’s where independent, vendor-neutral technical support for open source software comes in, as a viable alternative to commercial support that is tied to proprietary platforms. As an example, today’s container and container orchestration technologies (mainly Kubernetes) are being deployed in production environments all over the world with or without commercial support.
An increasing number of organizations are discovering that it’s possible to skip commercial and open core solutions from companies like Cloudera and Confluent altogether and use only versions from the open source community, paired with support from third parties like OpenLogic.
Vendor-neutral technical support requires technical expertise, not just for troubleshooting issues, but also to provide expert advice on architecture, configuration, and scalability of production environments. Assistance on how to use open source software at scale and how to integrate different technology stacks becomes very important. The bottom line is, if organizations need technical support for their open source, they no longer have to lock-in with multiple vendors and deploy commercial solutions; they can consolidate support for their entire OSS stack with one vendor-neutral provider.
Vendor consolidation for open source support also brings another great benefit — the ability to investigate issues across multiple open source technologies. A business can troubleshoot across the software stack without the complexity of talking to multiple vendors that will only support their corresponding piece of functionality and point fingers at each other.
As mentioned in the previous section, another trend we’re seeing related to vendor consolidation is more and more organizations migrating off of commercial and open core solutions and deploying 100% open source alternatives. The money they save by not paying for commercial licenses can then be reallocated to other infrastructure investments. For these companies, getting unbiased guidance while receiving the same level of support they are used to is crucial to not disrupting business operations.
About Perforce The best run DevOps teams in the world choose Perforce. Perforce products are purpose-built to develop, build and maintain high-stakes applications. Companies can finally manage complexity, achieve speed without compromise, improve security and compliance, and run their DevOps toolchains with full integrity. With a global footprint spanning more than 80 countries and including over 75% of the Fortune 100, Perforce is trusted by the world’s leading brands to deliver solutions to even the toughest challenges. Accelerate technology delivery, with no shortcuts.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
IT teams must handle a large number of tasks on a daily basis. Many of these tasks, while essential, are repetitive: resetting passwords, rebooting servers, monitoring logs for errors, applying patches… When performed manually, they can overwhelm technical staff and compromise operational efficiency. IT automation has emerged as the answer to this challenge. It involves using scripts and specialized tools to automatically execute these and other tasks that previously required human intervention. According to Gartner, by 2026, 30% of companies are expected to automate more than half of their network activities—a figure that reflects growing confidence in this technology as a driver of competitiveness.
Key Concepts in IT Automation
There are different levels of IT automation that can be adapted to the needs and goals of each organization. Processes can be fully automated end-to-end or focus on specific tasks.
IT Task Automation
This is the most basic level of automation. It focuses on simple, repetitive tasks that are part of the IT department’s daily routine.
Process Automation
This covers a broader set of tasks that occur sequentially to complete a process. There are several approaches to process automation, including:
IT Process Automation (ITPA): Focuses on automating complex processes within the IT domain.
Robotic Process Automation (RPA): Uses software robots or bots capable of emulating human behavior and interacting with applications and interfaces without the need for code-level or API integrations.
Business Process Automation (BPA): Goes beyond simple data entry, automating complex processes that are essential for business operations and often involve multiple departments or systems.
Workflow Orchestration
This involves coordinating multiple tasks to create automated workflows. Unlike the automation of isolated tasks, orchestration manages complex end-to-end operations, ensuring that each step is executed in the correct order and that all task dependencies are properly controlled.
Benefits of IT Task Automation
Automation is not just a technology trend but a powerful tool to improve service quality and operational resilience. Here are some of its direct benefits in IT management:
Reduces Human Error
According to the Uptime Institute’s 12th Global Data Center Survey, human error accounts for 80% of data center service outages. Automation systems minimize the risks associated with manual management, as they are not affected by fatigue, mood, or other personal factors. Tasks are executed consistently, avoiding vulnerabilities that could compromise system integrity.
Improves Operational Efficiency
Automation enhances efficiency and productivity by reducing the need for manual intervention in administrative tasks such as assigning access permissions to new employees, monitoring network device performance, or generating reports. Automating these processes can save significant time and free up IT teams to focus on value-adding projects. Studies show that IT departments leveraging automation spend 20% more time on strategic initiatives.
Optimizes Resources
In environments without automation or system integration, the same data (such as an employee’s name, position, and department) must be entered manually across multiple systems. This increases the risk of duplicates and inconsistencies. Duplicate data leads to inefficient resource management by consuming unnecessary storage, increasing processing loads, and slowing down support operations. Automation solutions reuse information across connected systems (for example, using Active Directory to centralize records). In addition, IT monitoring enables real-time supervision of server storage capacity, prioritization of critical data, and balanced workload distribution, maximizing the performance of available resources.
Improves Service Quality
IT task automation allows incidents to be resolved more quickly and with fewer errors. This translates into a better user experience and higher service quality.
Ensures Consistency and Regulatory Compliance
Automation ensures large-scale consistency, something impossible to achieve through manual task execution. It helps establish clear, consistent processes that can easily adapt to new requirements and regulatory changes. For example, in multicloud environments, standardized policies can be applied to control workload assignments, ensuring compliance with security and operational efficiency guidelines. Moreover, everything that is automated generates a traceable record, simplifying audit processes. There is no longer a need to manually gather documentation and compliance evidence. Automation tools save IT teams significant time, reducing the effort required for audit preparation by up to 50%. Finally, automation also contributes to achieving Environmental, Social, and Governance (ESG) objectives by optimizing resource consumption, such as energy use, and enabling more efficient infrastructure management.
IT Task Automation: Where to Start?
Not all IT tasks can or should be automated. Some operations still require human intervention, especially those involving critical judgment, creativity, or complex decision-making. However, many routine, repetitive, and error-prone tasks are ideal candidates for automation. These activities typically follow clearly defined rules or depend on specific events to trigger their execution—such as generating reports, moving files, validating access, and so on. A common example is password resets. According to Gartner, between 20% and 50% of IT support requests are related to this issue. Automating the password reset process helps reduce the workload and improves the user experience. Below are some examples of task automation by IT management area:
Infrastructure Management
Automation of tasks related to servers, storage, and data centers.
Automatic provisioning of physical or virtual servers.
Monitoring storage capacity to detect critical thresholds and trigger predefined actions such as deleting temporary files or automatically scaling resources.
Inventorying IT assets and verifying software license usage.
Identifying faulty or underperforming hardware before it impacts business operations.
Scheduling automatic backups to reduce the risk of data loss.
Automatically migrating data or applications to cloud environments.
Scheduled shutdown and startup of virtual machines to optimize energy consumption.
Network and Systems Administration
Tasks focused on maintaining the availability and performance of the network environment and operating systems.
Implementing standardized configurations across all network devices.
Monitoring the performance of applications and servers, generating reports on availability, latency, and response times.
Automatically deploying software updates or security patches to address vulnerabilities.
Dynamically assigning IP addresses using DHCP and DNS automation.
Restarting failed servers to restore service without manual intervention.
Using automation to resolve user incidents and requests more efficiently.
Automatically resetting passwords through self-service workflows.
Automatically creating support tickets and classifying them by issue type (hardware, software, network) to assign them to the appropriate IT staff.
Configuring chatbots or virtual assistants to handle user inquiries 24/7.
Creating or deleting user accounts in systems.
Automatically assigning access permissions based on roles.
Cybersecurity Management
Automating tasks related to threat detection, response, and prevention.
Verifying that firewalls and antivirus software remain active.
Automatically sending alerts when network activity exceeds established thresholds.
Analyzing logs to detect suspicious behavior.
Automatically blocking IP addresses after multiple failed login attempts.
Monitoring compliance with regulations and service level agreements (SLAs). For example, automation can detect an unencrypted database and immediately correct the issue.
Collecting and storing log data for cybersecurity audits.
Tools, Practical Applications, and Use Cases
Effective automation tools help reduce errors, improve security, and provide fast, efficient support. Each IT management area uses specialized solutions tailored to its needs.
IT Monitoring
IT technicians—and especially managed service providers (MSPs) use RMM (Remote Monitoring and Management) tools to monitor the performance of systems and devices connected to the network. They enable centralized management of processes from a single dashboard, allowing the creation of automated workflows. Compared to manual script execution (which is slow and error-prone), RMM tools offer libraries of preconfigured scripts that administrators can use to perform a wide variety of tasks, such as restarting services, deleting temporary files, or uninstalling unauthorized software. These functions save IT teams significant time, improve operational efficiency, and help maintain competitiveness in management strategies.
Support, Ticket Management, and Customer Service
In technical support, ITSM system stand out—platforms designed to manage the entire lifecycle of IT services following frameworks such as ITIL. These comprehensive solutions cover a wide range of tasks, from tracking and managing the lifecycle of hardware and software assets to incident management, automatic ticket assignment, and more. ITSM systems improve response times and service quality by creating consistent processes aligned with business objectives. As a complement, RPA tools (for example, chatbots that handle frequently asked user inquiries) can be used to increase support capacity without requiring additional human resources.
Infrastructure Management
As organizations move away from physical server racks, most IT workloads are now executed through software. While this greatly enhances infrastructure scalability, it also requires more robust development practices. In this context, Infrastructure as Code (IaC) tools allow teams to automate tasks such as server, network, and multicloud environment configuration through reusable scripts, reducing deployment errors.
Cybersecurity
Automation can also be used to identify, prevent, and respond to threats in IT environments efficiently and quickly. Among the most advanced solutions in this field are Security Orchestration, Automation, and Response (SOAR) tools, which correlate data and execute predefined actions to mitigate risks—such as blocking suspicious IP addresses. Endpoint Detection and Response (EDR) tools are also widely used. These monitor endpoint devices such as computers, servers, or mobile devices and detect threats that traditional antivirus solutions may miss.
Integrated Automation Features in Pandora FMS
Pandora FMS is a comprehensive IT monitoring and management solution that includes various automation features to optimize operations and reduce manual workload. The most important features include:
Automatic Detection and Discovery
Pandora FMS automatically scans networks to discover new devices and create dynamic topology maps. Its Network Discovery tool identifies newly connected devices and generates visual maps that display the connections between components.
Automated discovery significantly enhances observability, which is essential for quick issue resolution.
Remote Command Execution and Custom Scripts
Pandora RMM allows remote and bulk execution of commands and scripts across multiple deployed agents. For example, inactive services can be restarted immediately, disk cleanups can be performed on hundreds of machines, or specific configurations can be applied network-wide. It also offers the ability to run custom scripts (in Bash, PowerShell, Python, etc.) directly on monitored systems through its plugin system.
Automated Patch Management
Through its RMM component, Pandora FMS allows IT teams to manage updates and patches across multiple systems, whether regular releases (RRR) or long-term support (LTS) patches for critical fixes. This ensures that devices remain protected against vulnerabilities and compliant with security policies.
Alert System
The alert system is a key feature for proactive IT monitoring, enabling automated responses to system events. When a monitoring module detects a value exceeding a threshold or an abnormal behavior, Pandora FMS triggers an alert.
Command: Defines what action will be executed when the alert is triggered (e.g., sending an email or running a script).
Action: Customizes the command arguments (e.g., message content or script parameters).
Template: Specifies the conditions under which the action will be triggered (e.g., activation threshold and time interval).
Additionally, Pandora FMS includes a filtering system that prioritizes and escalates alerts based on severity, ensuring IT teams receive only relevant information and reducing alert fatigue.
The Helpdesk allows IT teams to create automated workflows for ticket assignment, define escalation rules, and set time intervals (SLAs). In addition, IT teams can filter results using more than 30 different filters and generate detailed reports on key metrics such as average resolution time and operator performance, contributing to continuous service improvement and customer satisfaction.
Integrations for Automation
Integration is crucial in today’s IT ecosystems. Instead of running multiple isolated automation tools and processes in silos, IT teams can use a single platform to orchestrate workflows. A key component is the use of REST API adapters, which allow seamless connection to third-party services and integration with virtually any technology—without the need for custom scripts. This is essential in hybrid and multicloud IT environments where interoperability issues often arise among different providers. According to a Mulesoft survey, organizations that use APIs to connect endpoints are 69% less likely to report integration issues. Pandora FMS is part of this solution, offering smooth integrations via its API with leading cloud service providers (AWS, Azure, Google Cloud), legacy systems, and even collaborative tools like Slack or Telegram.
Automation Metrics and KPI Evaluation
Automation is not about simply putting processes on autopilot. For an IT automation strategy to be truly effective, regular evaluations are needed to assess its impact and identify what is working and what isn’t. The proper way to do this is by using key performance indicators (KPIs). The most important KPIs include:
Error Reduction: Measure the number of support requests before and after implementing automation. A decrease in tickets is a clear sign of success.
Cost Reduction: Calculated by quantifying savings in labor and other operational resources.
Productivity: Pay close attention to incident resolution times. These should drop significantly after automation is implemented.
Regulatory Compliance Monitoring: Automating IT tasks such as patch management or sensitive data encryption reduces the risk of legal non-compliance, meaning fewer fines and penalties.
Pandora FMS facilitates KPI tracking by generating customized (dashboards) and detailed reports that display system behavior and support data-driven decision-making.
Implementation and Best Practices in IT Management
Automation begins with a detailed analysis of the organization’s current state. This involves assessing costs, benefits, and the impact of the upcoming changes.
Defining Objectives
Once the assessment is complete, it’s time to set the direction. The first step is to define clear, concrete objectives. What problems is automation expected to solve? It may involve reducing incident response times, minimizing human errors, or strengthening infrastructure security. According to a McKinsey survey companies that successfully achieve their automation goals share certain common factors, such as making automation a strategic priority in business process planning—while keeping people involved in the transformation.
Selecting the Right Tools
Choosing the right tools is critical. It’s not just about functionality but also scalability, ease of use, and compatibility with existing systems (often achieved through API-based integrations). Just as important as connectivity is security: any automation platform must include features such as data encryption, SSL/TLS connections, secure file transfers (FTPS/SFTP), role-based authentication, and audit logs to ensure traceability.
Phased Implementation
Once the solution is selected, it’s time to establish a responsible team and an implementation timeline. If multiple processes are to be automated, a phased approach is recommended, starting with the less complex ones.
Configuration and Testing
When the plan is ready, IT teams configure the tool and define the workflows. Most IT automation tools are event-driven, meaning processes are triggered when specific conditions occur, such as a service failure or a new support ticket submission. After configuration, thorough testing is conducted to ensure everything operates correctly.
Ongoing Reviews
There’s no automation without continuous monitoring. Once the solution is implemented, its performance must be monitored (using the KPIs mentioned earlier). This helps identify new improvement opportunities, ensuring that automation remains effective and continues to adapt to the evolving needs of the business.
Conclusion
Automation is not just a trend—it’s a key element for staying at the forefront of digital transformation.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About PandoraFMS Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes. Of course, one of the things that Pandora FMS can control is the hard disks of your computers.
In recent years, digital sovereignty has shifted from a niche concern to a core strategic priority — especially in Germany, where trust, data protection, and independence have long been valued. The latest — based on a Q2 2025 survey of more than 800 IT and cybersecurity leaders across Germany, France, Belgium, and the Netherlands — underscores this shift. Seventy-eight percent of European executives surveyed say their company’s leadership is more concerned about digital sovereignty today than a year ago. That awareness is particularly strong in Germany (81 percent) and France (83 percent). At the same time, 70 percent believe European companies are too dependent on foreign technologies and should reduce this reliance — prompting seven in ten organizations to consider switching to European cybersecurity providers.
This shows a growing awareness of the legal and geopolitical dimensions of digital infrastructure — and rising expectations for providers and operators.
What happens in a crisis or conflict?
It’s no longer enough to focus only on technical performance or the feature sets of cloud providers. Decision-makers are increasingly asking: Where is our data physically located? What laws apply? Who could theoretically or practically access it — and what happens in a crisis or conflict?
For many companies, these are no longer abstract questions. They’re central to risk management and long-term digital strategy.
These questions resonate strongly in Germany, where the runs deep. Strict data protection laws were in place well before the . This makes Germany well-positioned to lead the current debate on digital sovereignty in Europe. Regulations like the GDPR and the Directive provide a clear and binding framework — pushing decision-making toward greater responsibility, transparency, and long-term resilience.
The impact of extraterritorial laws
Another critical issue is the impact of extraterritorial laws like the U.S. CLOUD Act. This law allows U.S. authorities to access data from U.S.-based companies — even if that data is stored on servers outside the U.S., including in Germany. For many companies, that’s a contradiction: How can you control your own security architecture if foreign governments can your sensitive data?
This reality shows that technical security isn’t enough — what’s needed is control over the contractual, technical, and legal frameworks.
In this context, it’s no surprise that many organizations are revisiting on-premises models or hybrid architectures. But the desire for control mustn’t stall innovation. There are alternatives to full in-house management. At Keepit, we’ve purpose-built for the needs of European companies. We run our own independent infrastructure across several global regions — including the EU, in Germany and Denmark — and enforce strict separation between zones. Data stored in Germany stays in Germany. Access from other regions — even within our own systems — is technically impossible.
Our independence from hyperscalers like AWS, Microsoft Azure, and Google Cloud is also key. This strategic choice protects our users from global dependencies and indirect access paths. By owning and operating , we guarantee not only where data is stored but also who controls access — with full transparency. Our users know where their data is, what jurisdiction it falls under — and who isn’t allowed to see it.
No need to compromise
For Keepit, isn’t a theoretical ideal. It’s a cornerstone of modern cybersecurity. The latest HarfangLab report makes it clear: Companies in Germany and across Europe are no longer willing to compromise when it comes to control over their data. The path to a sovereign and secure digital future may not be simple — but with the right partners and carefully chosen infrastructure, that future can be shaped.
At Keepit, we’re here to support that journey — with transparent, compliant, and self-operated solutions. Because digital sovereignty isn’t just about data protection — it’s the foundation of resilience and the ability to act in an increasingly complex digital world.
About Keepit At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.
About Version 2 Limited Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
