Thoughts and analysis on secure, sovereign technology.
This is where we write about the topics we work with every day: IT security, cryptography, AI engineering, and data protection. Each post takes on a specific question, sets out the technical background, and shows what it means for a business in practice. You will find analysis of developments we consider important, alongside explanations of technology that often sounds more complicated than it needs to be.
The BSI's C5:2026 sets a new standard for cloud security. Companies must act now, as container management, quantum-safe encryption, and machine-readable formats become mandatory.
Sovereign AI means using artificial intelligence without losing control over data, models, and decisions. Companies that want both must actively shape location, vendor independence, and traceability.
A quantum computer can break today's encryption like RSA or ECC. Companies must act now because attackers are already harvesting data for later decryption.
Passkeys replace passwords with a cryptographic key pair. The private key never leaves your device, and the sign-in is bound to the real domain. This makes phishing technically impossible.
A data processing agreement (DPA) is mandatory when a service provider processes personal data on your behalf. We explain when the obligation applies, what the contract must include, and how to secure third-country transfers.
Retrieval-Augmented Generation (RAG) anchors an AI model's answer in your own, verified sources. It reduces hallucinations and makes statements traceable.