Blog & Articles

Article

Digital Sovereignty: Why Architecture Matters and How to Make Your Company Resilient

In an era where digital systems form the backbone of our economy and society, control over one’s digital future is increasingly becoming the focus of strategic decisions. For many technology decision-makers in German-speaking regions, this is not just a political or regulatory challenge, but a fundamental task with far-reaching implications for software architecture work.

Article

Data Inventories in the EU Data Act: The Democratization of IoT Devices

Starting in September 2025, the EU Data Act (Regulation (EU) 2023/2854) will require companies that collect or process data from connected devices to maintain comprehensive data inventories.

Article

Digital Sovereignty as Self-Understanding
Article

EU Data Act: The Beginning of the End for Cloud Monoculture?

What has the EU ever done for us? …well, aside from free movement, no roaming charges, consumer protection, the single market, Erasmus, and more. But also: excessive bureaucracy, slow decisions, overregulation down to the much-mocked bottle cap – a favorite symbol for anyone blaming Europe for every innovation shortfall.

Article

Think Locally: On-Premise LLMs as Drivers of Competitive Advantage

Consider this scenario: Your organisation has integrated AI tools into critical business processes, your legal team has carefully reviewed data processing agreements, and your IT department has configured systems to comply with GDPR requirements. Then, a foreign court issues an order that overrides all these protections, requiring your AI provider to indefinitely retain data that should be deleted—including potentially sensitive corporate information shared by your employees.

Blog Post

Software Analytics going crAIzy!

From analyzing problems in software systems to working solutions with AI

Article

Digitale Souveränität – Ein Definitionsversuch

Der Begriff Digitale Souveränität trägt die Wolkenwende. Beim Versuch einer Definition ist es unvermeidlich, verschiedene Perspektiven einzunehmen. Weniger, was das Digitale angeht – hier stehen ganz klar Informationstechnologie und Software im Fokus. Souveränität allerdings ist als Begriff eine andere Größenordnung.

Article

Digitale Souveränität: Warum die Architektur zählt und wie Sie Ihr Unternehmen resilient machen

In einer Zeit, in der digitale Systeme das Rückgrat unserer Wirtschaft und Gesellschaft bilden, rückt die Kontrolle über die eigene digitale Zukunft zunehmend in den Fokus strategischer Entscheidungen. Für viele Technologieentscheider:innen im deutschsprachigen Raum ist dies nicht nur eine politische oder regulatorische Herausforderung, sondern eine grundlegende Aufgabe, die weitreichende Implikationen für die Software-Architekturarbeit hat.

Article

The Sovereignty Trap: Between Tiananmen and Trump
Blog Post

Schweizer Messer für Salesforce: LLM mit In-Memory-Datenbank

Large Language Models (LLMs) sind notorisch schlecht darin, Transformationen auf großen Datenmengen auszuführen, insbesondere Aggregationen, bei denen gerechnet werden muss - also alles, wo man in SQL zu GROUP BY oder ORDER BY greifen würde, zum Beispiel. Was machen wir aber, wenn wir umfangreiche Daten aus einem System beschaffen und im LLM verarbeiten wollen, aber nur eine API mit begrenzter Funktionalität zur Verfügung haben? In diesem Blogpost stelle ich eine mögliche Lösung vor, die ich erprobt habe.

Blog Post

Mobile Portale mit HATEOAS und Self-Contained Systems

Bei INNOQ setzen wir seit Jahren erfolgreich auf Self-Contained Systems und vertikalisierte Ansätze. Teams können unabhängig entwickeln, Services lassen sich separat deployen und skalieren - eigentlich ein perfektes Setup. Doch ein Problem blieb hartnäckig bestehen: Wie baut man Portale, die Daten aus verschiedenen SCS elegant zusammenführen?

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Practical Considerations & Recommendations
Article

From Data Graveyards to Knowledge Landscapes

Europe is sitting on a wealth of public data—but much of its potential remains untapped. The challenges are well known: fragmented portals, incompatible interfaces, and growing reliance on non-European platforms that slow innovation. While new industrial data spaces are emerging—enabling secure and sovereign exchange of sensitive information—public and industrial data ecosystems remain largely siloed. This article explores how Artificial Intelligence (AI) and the Model Context Protocol (MCP) can help bridge that gap and accelerate Europe’s shift from Open Data to Open Knowledge—supporting digital sovereignty and delivering greater value to society.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Decision Dimensions for Authorization Patterns

Choosing the right patterns is critical, as it directly impacts the system’s security posture, performance, scalability, and maintainability.

Article

Pragmatische Architekturdokumentation für Entwicklungsteams
Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Authorization Patterns

Authorization patterns explain how distributed systems organize their access control — where and how decisions happen, where policies live — and influence, in turn, how identities and related attributes travel between components.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Identity Propagation Patterns

Without trustworthy identity propagation, even strong initial authentication can be undermined — weakening trust boundaries and ultimately impairing the system’s ability to make reliable authorization decisions.

Blog Post

AI — Behind the Buzzword Garbage
Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Authentication Patterns

Without knowing who the subject is, without verifying its identity, there is only a limited way to perform meaningful access decisions.

Blog Post

Business Model Canvas: Geschäftsmodelle sichtbar machen

Der Business Model Canvas hilft, zentrale Fragen frühzeitig zu klären: Wer sind unsere Kund:innen? Welches Problem lösen wir? Und wie erzeugen wir damit echten Mehrwert? Gerade an der Schnittstelle zwischen IT und Business schafft das Modell ein gemeinsames Verständnis – und hilft, technische Entscheidungen mit der Geschäftsperspektive zu verbinden.

Blog Post

Updating OWASP’s Microservice Security Cheat Sheet: Core Concepts
Blog Post

What’s Wrong with the Current OWASP Microservice Security Cheat Sheet?

Modern microservice architectures require evolving security practices. Yet popular resources like the OWASP Microservice Security Cheat Sheet are starting to show their age and need a fresh look.

Blog Post

First Agile, Then Agentic

Agentic AI is supposed to accelerate software development. But new technologies can only reach their full potential when organizations adapt their structure, processes, and culture. Most organizations today are not yet able to truly benefit from faster software development. The prerequisite for this are the capabilities shaped by the agile and DevOps movements.

Article

Asset Administration Shell und Model Context Protocol

Freund oder Feind?

Blog Post

Context Engineering

Have you ever wondered how chatbots, copilots, or virtual assistants seem to know just the right things to say — or sometimes, spectacularly fail? The difference often comes down to one crucial skill: context engineering.