Achieving Digital Sovereignty Through Open Source: A Case Study of Enterprise Adoption of Open Source Infrastructure
Authors
Bilbo, Philip Morten Qwist ; Götzsche, Louise Gyland
Term
4. semester
Education
Publication year
2026
Pages
98
Abstract
Digital sovereignty has become a political priority in Europe, and many organizations are exploring open-source software to reduce dependence on American proprietary technology providers. This thesis examines the technical, security, and organizational challenges of pursuing digital sovereignty through open-source adoption, and how far open-source solutions can meet enterprise compliance requirements. The research uses a qualitative case study of Statens IT’s SIA-Open initiative, a Danish public-sector effort to build a Linux-based open-source workplace as an alternative to the current Microsoft environment. Data were collected through semi-structured interviews with relevant stakeholders and supplemented by internal technical documentation. As a proof of concept, Wazuh was deployed as an open-source EDR (Endpoint Detection and Response) and SIEM (Security Information and Event Management) across a hybrid environment of Ubuntu, Windows, and macOS. The platform was selected through a structured evaluation of four candidates using an extended five-criterion framework that included analysis of known software weaknesses via CWE profiles (Common Weakness Enumeration). The solution was evaluated against De Tekniske Minimumskrav for Statslige Myndigheder (the Danish government's technical minimum requirements). The evaluation showed that an open-source security stack can meet the baseline without relying on foreign cloud infrastructure. At the same time, public-sector adoption is constrained by the absence of a national Open Source Program Office, a cost-recovery funding model, dependencies on legacy systems, and the paradox that coexistence with proprietary systems sustains the very dependencies the initiative aims to reduce. The conclusion is that realizing SIA-Open at scale requires stable funding, dedicated governance structures, and coordinated political commitment.
Digital suverænitet er blevet en politisk prioritet i Europa, og mange organisationer undersøger, om open source-software kan mindske afhængigheden af amerikanske, proprietære teknologileverandører. Denne afhandling ser på de tekniske, sikkerhedsmæssige og organisatoriske udfordringer ved at forfølge digital suverænitet gennem open source, og i hvilken grad open source-løsninger kan opfylde større organisationers compliance-krav. Undersøgelsen bygger på et kvalitativt casestudie af Statens IT’s SIA-Open-initiativ, et offentligt projekt, der vil etablere en Linux-baseret open source-arbejdsplads som alternativ til det eksisterende Microsoft-miljø. Data blev indsamlet via semistrukturerede interviews med relevante interessenter og suppleret med interne tekniske dokumenter. Som proof of concept blev Wazuh implementeret som en open source EDR (Endpoint Detection and Response) og SIEM (Security Information and Event Management) på tværs af et hybridt miljø med Ubuntu, Windows og macOS. Platformen blev valgt gennem en struktureret evaluering af fire kandidater efter fem kriterier, herunder analyse af kendte software-svagheder via CWE-profiler (Common Weakness Enumeration). Løsningen blev vurderet op mod De Tekniske Minimumskrav for Statslige Myndigheder. Evalueringen viste, at en open source-sikkerhedsstak kan opfylde baseline-kravene uden afhængighed af udenlandsk cloud-infrastruktur. Samtidig er open source-adoption i det offentlige begrænset af fraværet af et nationalt Open Source Program Office, en omkostningsdækkende finansieringsmodel, afhængigheder til ældre systemer samt paradokset, at samdrift med proprietære systemer fastholder de afhængigheder, man ønsker at reducere. Konklusionen er, at realisering af SIA-Open i stor skala kræver stabil finansiering, dedikerede styringsstrukturer og koordineret politisk opbakning.
[This apstract has been rewritten with the help of AI based on the project's original abstract]