Blog
Tags:
Microsoft decides whether you're allowed to e-mail - you won't let that happen, will you?
Fact or fiction: Microsoft determines whether you can mail
Microsoft has shown what happens when you depend on big tech: then you are 100% at the mercy of their rules. Without warning, the email of Karim Khan, chief prosecutor of the International Criminal Court, was blocked. Why? Because the US put him on a sanctions list because of his investigation into Israeli war crimes in Gaza. And Microsoft? Which “neatly” followed the U.S. line.
This is not a technical error or mistake. This is a fundamental risk. It goes to the heart of data sovereignty.
You may think this won't happen to you.
Think that especially but also know:
This is not an incident.
And it confirms exactly what I wrote earlier in this blog en this blog:
As long as your systems, communications and data run on U.S. platforms, you are not in charge. You think you are - until you are suddenly out of control.
And no, you don't have to rush out of Azure or AWS. You don't have to host everything yourself. But the days of putting everything in the cloud with one big party are over. Even at the last AWS conference, there was open talk of a trend change: from “cloud first” to "cloud where it makes sense. Hybrid, intentional, on your terms.
These are the questions you must answer:
-
How do you get a grip again?
-
How do you determine what is strategic and what can go away?
-
How do you reduce your dependency without throwing yourself into an IT jungle?
In this blog, I'll walk you through the steps you can take back your data sovereignty - without hassle but with results.
Taking back sovereignty starts with making choices
You have to make choices. In other words, don't go blindly for what is standard. Don't automatically follow “what everyone else is doing.” But look at your own situation: which data are critical? Which applications touch your core processes? Where are your risks if someone else hits the brakes?
Start there. Classify your data. Map out where you depend. And on whom. You'll see that it often revolves around a few crucial points:
-
Authentication - what happens when your login function stops?
-
Email - who can pull the plug? You, or a foreign government?
-
communications - who all is watching and what can they do?
-
Document storage - are you in OneDrive or Google Drive? Then you're in the U.S.
-
Data transport - do your customers actually know where their data travels?
You can manage the above factors. Use alternatives such as self-hosting or switching to services that do fall within your jurisdiction. You don't have to flatten things; you have to shift smartly.
Because data sovereignty is not an IT project. It's strategic risk management.
And if you want to stay in charge of your business, you have to be in charge of your data.
I briefly go into the what you can do NOW below.
If your domain fails, you're out. completely.
You can run all the good applications you want, put everything in the cloud or scale perfectly, if your domain stops working, you have a big problem. No mail. No website. No access to your systems. No accessibility, gone trust, stagnant business.
Many companies have their domains registered by their hosting provider or cloud provider. Easy and apparently the way it works. But in that simplicity lies a danger. Because the ownership of that domain then often lies not with you, but with them. You rent. They own.
And if that party happens to be an American tech giant, you are playing with fire. Because what happened to Karim Khan with his mailbox could happen to you with your domain. One check mark on a sanctions list and you are digitally untraceable. No more e-mail at @jouwdomein.nl, no website, no APIs, nothing.
Extra attention for cloud DNS servers
Even if you formally own your domain, you are at risk. Many companies use DNS servers from their cloud provider. And if that DNS goes down or is blocked, your domain is inaccessible. For everyone. Moving to other name servers is not always easy, especially if the old provider is obstructive. Call or email me when you need help.
Either way: check who owns your domains and where your DNS is hosted. Do it today.
For .nl domains, you do that at SIDN (sidn.nl). For other extensions, look it up through a whois service. Or let an AI figure it out for you. No more excuses, just do it.
Your domain name is your digital front door. Make sure you have the key ... and keep it.
Teams not working. Email out. Then what?
Communication is the blood circulation of your organization. Without email, chat or meeting tools, everything is at a standstill. No contact with customers. No consultation between teams. Home workers no longer have access. No support, no follow-up, no decision-making. Gone productivity.
Many companies think they will be fine. They trust that when something goes down, it must be a technical or temporary problem. Logical. And yet that's a risky assumption. Because increasingly, the button to turn off your communications no longer lies with you. Nor with your IT vendor. But with a government agency, thousands of miles away.
The Karim Khan case shows what that looks like: Microsoft shut down its mail because the U.S. government wanted it to. No notice. No investigation. No court intervention. No adversarial process. No appeals process. Just: out.
If you manage your e-mail, chat and online meetings through Microsoft - and who doesn't these days? - then you are in the exact same danger zone.
That makes you vulnerable.
The question is not if you depend on Big Tech, but to what extent.
Second question: is that still acceptable to you?
Communications should be in your hands. Not in that of a U.S. government, a cloud provider or an algorithm you don't know.
Hybrid doesn't mean back to the server cabinet
Those who say “away from Big Tech” often get this in return:
“So should we go back to our own data center?”
Understandable question. With this answer: no, you don't have to. The days of building your own racks in the broom closet are over ;)
But putting everything in the hands of American hyperscalers is also no longer an option.
There is a middle ground that is becoming increasingly attractive: a hybrid cloud strategy with European partners operating under European legislation.
Start with your digital crown jewels. What shuts down your business if it goes down?
Email, authentication, scheduling, documents, support systems. These should be under your control. And especially: under your jurisdiction.
Fortunately, there are more and more European providers that offer exactly that: reliable cloud infrastructure, under EU law, without the risks of U.S. sanctions lists or data transfer.
This allows you to move essential functions away from Big Tech, without rebuilding your entire landscape.
And without sacrificing performance, scalability or convenience.
Hybrid means making choices.
Don't do everything yourself. But determining who you trust with your core processes.
And that's exactly how you regain control of your own IT.
So how did we solve that?
Good question. Because we're not talking from the sidelines.
We have walked the path ourselves, from dependence to full control.
By now, almost everything we do runs on European soil, with suppliers governed by European legislation.
Not because we had to. But because it would be “a bit silly” not to. And we all know the consequences of not acting on time.
Was that easy? No.
But we did it smartly: No big bang, no panic soccer.
It was a process of more than four years. Step by step.
A conscious decision each time:
-
What is critical?
-
What do we want under our own direction?
-
What can (still) stay where it is?
That's how you handle this. Durable. Thoughtful. Phased.
Without turning your organization upside down.
But with results.
And yes, in 4 years we have learned a lot. About what works, what disappoints, what is easy to forget. We are happy to share those lessons with you.
Because believe us: there really is a lot involved.
That was true for us and for our clients whom we have already coached.
Wondering how your organization can tackle this smartly - without turning the whole landscape upside down?
📅 Then schedule a no-obligation appointment with me.
Together we will identify your risks and opportunities.
Concrete. Clear. And naturally tailored to your situation.
Or just send me a message - and we'll get acquainted soon.
Governance starts with insight..