1. Microsoft, hyper-dependency and the budget spiral
In IT departments, technology decisions face a reality few contest: Microsoft’s overwhelming dominance in IT infrastructure. From Active Directory (centralized identity system) to Exchange (once-essential enterprise email), Windows Server, and Azure, Microsoft has shaped enterprise IT for the past 20 years. But at what cost?
Today, a Microsoft 365 E5 subscription (the most comprehensive enterprise package) costs over 57 $ per user, per month in France. It includes Office, Teams, Power BI, as well as advanced security and compliance tools.
But that’s just the tip of the iceberg: IT departments still must purchase client access licenses (CALs) for every user or device connecting to a server, plus licenses for server operating systems, email, and support. At scale, this can amount to thousands of euros per month for a medium-sized organization.
Adding to that is the complexity of Microsoft environments, which often rely on tightly integrated and closed technologies. For instance, Active Directory is ubiquitous in companies, but hard to decouple or modernize.
As for mailing system, it continues to impose heavy administrative burdens, even though some sovereign IT strategies (notably in France or Germany) are now favoring a return to locally hosted alternatives, in response to sovereignty concerns.
The cost isn’t only financial. This complexity makes systems more exposed, more rigid, and requires ever more specialized IT teams. Moreover, cyber risks are intensifying.
In 2024, the estimated average cost of a cyberattack reached USD 4.88 million. Cybersecurity budgets in IT departments have grown by more than 50% since 2020 (rising from 8.6% to 13.2% of total IT budgets). Global cyberattack costs are projected to reach USD 10.5 trillion per year by 2025.
This is an unsustainable model—caught between technological dependence, security pressure, and budgetary drift .
2. Open source: interoperability, standards, resilience
In response to this pressure, open source is once again seen as a resilience strategy. Not for ideological reasons, but for economic, security, and sovereignty motives.
- Open-source software has no acquisition license cost.
- It offers full transparency—which enables audits, local adaptations, and control over the lifecycle.
- It builds on open standards, facilitating interoperability between systems.
According to GitNux, adopting open-source could save global organizations up to USD 60 billion per year.
Rather than paying recurring subscriptions for bloated software suites, it becomes possible to refocus budgets on integration, security, and alignment with business processes. In short: reinvesting meaning into IT spend.
3. NOAH: sovereign, modular, secure architecture
NOAH is a concrete open-source response to these observations. This project provides a reference architecture for organizations wishing to:
- Reduce dependence on dominant vendors;
- Gain control over their technical infrastructure;
- Return to fundamentals: robustness, security, interoperability.
Hosted on GitHub, NOAH offers a modular, extensible, and well-documented framework adaptable to different business contexts, organizational sizes, and digital maturity levels.
Real-world use cases:
- ✅ Gradual replacement of a Microsoft infrastructure
NOAH allows substituting key components (authentication, collaboration, messaging, monitoring) with sovereign open-source alternatives like Keycloak (identity management), Nextcloud (collaboration), or Zabbix/Prometheus (monitoring). The transition can be gradual and without service disruption, preserving existing systems where needed. - 🏛️ Deployment in public administration or local authorities
NOAH provides a solid foundation for building an infrastructure that meets sovereignty requirements (self-hosting, encryption, traceability) while respecting budget constraints. It’s especially suitable for municipalities or public institutions aiming to free themselves from major vendors while staying interoperable with existing systems. - 🔐 Secure platform for sensitive or regulated environments
Thanks to its integrated DevSecOps approach, NOAH enables secure CI/CD pipelines, anomaly detection, full access logging, and network segmentation. It’s a relevant cornerstone for organizations subject to NIS2, GDPR, or strict cybersecurity regulations. - 🌐 IT standardization for distributed ecosystems
In multi-site, inter-organizational, or federated contexts (like hospital groups, associative networks, or NGOs), NOAH offers a coherent and replicable framework. It allows rapid deployment of consistent architecture aligned with open standards (LDAP, SAML, OAuth2, OpenAPI…).
What NOAH offers
- A modular architecture built from robust open‑source components (IAM, monitoring, VPN, SSO…).
- Clear, structured documentation for deployment, operation, and auditing.
- Built‑in DevSecOps principles, enabling security by design.
- A philosophy of transparency and sovereignty, facilitating local adaptation and shared use among stakeholders
Available freely on GitHub, NOAH empowers any IT department, engineer, or public organization to reconstruct a coherent, sustainable, and independent digital infrastructure.
“The freedom to use, modify, and share code is a prerequisite for any digital democracy.” — Eben Moglen
References
- Projet NOAH – GitHub
https://github.com/Engelnicolas/NOAH - Microsoft Licensing vs Open Source – Atonement Licensing
https://atonementlicensing.com/microsoft-licensing-vs-open-source/ - Security Budget Benchmark Report – IANS Research, 2024
https://www.iansresearch.com/resources/press-releases/detail/new-research-reveals-security-budgets-only-increased-2-points-in-2024–while-12–of-cisos-faced-reductions - Cybercrime Cost Projections – Cybersecurity Ventures
https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/ - Open Source Cost Benefits – eXo Platform
https://www.exoplatform.com/blog/could-open-source-be-the-right-solution-to-cut-it-costs/ - Cybersecurity Statistics – Cobalt.io
https://www.cobalt.io/blog/cybersecurity-statistics-2024