The STACKIT cloud at the heart of Schwarz Group’s transformation

STACKIT was launched in 2018 as the cloud and colocation provider of German retail giant Schwarz Group to drive digital transformation. Since 2022, the cloud services offering has been available to external clients. As a European provider with data centers in Germany and Austria, the company positions its offering as an easy-to-use, secure, sovereign, and stable cloud platform, especially for small and midsize clients and the public sector. At the same time, it continues to invest heavily in security and AI.

PAC had the pleasure of being given an update on STACKIT’s strategy and positioning.

The parent company Schwarz Group

With 575,000 employees and over 13,700 stores and warehouses in 33 countries, the family-owned Schwarz Group is one of the world’s leading retail companies. It operates grocery stores and e-commerce businesses under the Lidl and Kaufland brands and is also active in food production (Schwarz Produktion) and environmental services (PreZero).

Schwarz Digits - the ecosystem around cloud, cybersecurity, e-commerce, and AI

To emphasize the importance of technology for the group and to ensure maximum digital sovereignty, Schwarz Group has bundled its digital and IT solutions in a separate, fifth unit: Schwarz Digits has 7,500 employees across the brands Schwarz Digital, Kaufland e-commerce, Lidl e-commerce, Schwarz Media, digital agency mmmake, as well as the acquired Israeli IT security specialist XM Cyber, Schwarz IT, and STACKIT. 

Huge investments in AI

Schwarz Group is also investing heavily in artificial intelligence. The company is the driving force behind the "Innovation Park Artificial Intelligence, Ipai” in Heilbronn, Germany. In 2023, Schwarz announced a cooperation with German AI company Aleph Alpha. According to media reports, the non-profit Dieter Schwarz Stiftung (Dieter Schwarz Foundation) has invested billions of Euros in the research park and hundreds of millions into the partnership with Aleph Alpha.

Sovereignty and reliability are important goals in the AI space. The company has banned the internal use of ChatGPT, for example, due to a lack of transparency in how data is processed. The requirement for the use of any AI is that it can run on the company's cloud infrastructure.  

Schwarz IT

With more than 4,000 employees in the local Schwarz IT unit and another 1,500 staff in 31 Lidl countries and 8 Kaufland countries, Schwarz IT is responsible for the IT infrastructure and all software solutions used in the group’s divisions.

It has broad expertise including traditional IT consulting, software development, IT infrastructure, services and support, IT security, BI, AI, and data. It also offers STACKIT, the cloud offering for internal and external clients:

STACKIT

STACKIT uses the data centers of Schwarz IT to offer colocation and cloud services for the Schwarz Group businesses and external clients. Like its parent company, the STACKIT team is headquartered in the Swabian town of Neckarsulm.

Sovereignty is key

The company’s main reason for developing its own cloud solutions was to be independent of individual technology and services vendors. That is why the open-source software OpenStack serves as a technical basis, promising technological independence. The group is also an active member of various open-source and sovereignty initiatives, such as Gaia-X and the ALASCA association (an alliance for sovereign cloud infrastructures).

The cloud portfolio ranges from network, virtual machines, and storage through managed databases to software development and management frameworks such as Cloud Foundry and Kubernetes. Multi-location options support distributed data replication, backup, and business continuity scenarios, and the cloud and colocation offerings can be used in hybrid architectures.

In the future, the portfolio will be expanded towards more comprehensive SaaS solutions in areas like streaming and AI. Prices are considered to be in line with the market; data traffic is currently free of charge, though.

Critical infrastructures that require special protection

Given the significant role Schwarz Group plays in supplying the population with food, it has been classified as an operator of critical infrastructures (KRITIS) by BSI (Federal Office for Information Security), i.e., it has to demonstrate its compliance with state-of-the-art IT security to the BSI at regular intervals. In early 2024, STACKIT was certified under C5 (Cloud Computing Compliance Criteria Catalogue) by the BSI. In addition, its ISO 27001, ISAE 3000, and ISAE 3402 certifications attest to its meeting broad compliance and security requirements.

XM Cyber’s services are not only offered to external customers, but also protect the STACKIT infrastructures. That means STACKIT customers receive the same level of protection as the Schwarz Group companies. Plus, more offerings related to sovereignty, privacy, and security are on the roadmap.

The STACKIT partner ecosystem

A broad sales and services ecosystem is one of the success factors for a cloud platform. This is why the company has launched a program for sales, professional services, managed services, and ISV partners.

The range of partners is diverse. Professional Service Partners (PSP) like Rewion, Inovex, WTG Communication, and Ventx support companies with cloud transformation and advise on all aspects of transformation strategies. Managed Service Partners (MSP) such as Datagroup, Accenture, and Bechtle offer IT services based on cloud components. Independent Software Vendors (ISVs) develop and deliver software applications via the cloud.

PAC’s view on STACKIT

Compared to the dominant US cloud hyperscalers, STACKIT’s offering is more focused in terms of portfolio scope, geographic reach, etc. However, dealing with the hyperscale cloud platforms is technically, commercially, and legally complex and might lead to vendor lock-in.

Companies and public sector organizations alike are under pressure to further digitize their operations, i.e., they will have to deal with cloud infrastructures. They may prefer a solution that is easy to use, reliable, and operated by a local provider.

This is not only about the specific regulations imposed on the public sector. Germany’s famous “hidden champions” in the mid-market are likely to look for solutions that offer sovereignty in storing and processing their intellectual property.

Characteristics like German headquarters and local data centers obviously do not apply exclusively to STACKIT. There are various local vendors with a similar portfolio, and often with a much longer history in the market. Plus, there are various other approaches to sovereign cloud in Europe, including from the hyperscalers, for example based on local partnerships.

STACKIT’s positioning and offering might nevertheless be appealing to clients looking for compliant regional alternatives. The demand for data privacy and reliability is expected to keep growing, not least due to increasing AI penetration. Multi-million-Euro contracts recently awarded by public sector organizations prove the willingness of the public sector to invest in cloud technology. Also, unlike established local hosting providers, STACKIT does not need to worry about cannibalization effects on its journey into the broader cloud business.

Being family-owned, the company can act very independently and flexibly. The backing of a very large, demanding, and stable internal client promises reliability and security also for external clients, and Schwarz Group has shown that investments in cloud, security, and AI are strategic and long-lasting. At the same time, some of Schwarz Group’s brands are well-known, also internationally. The company is recognized for its excellent business and higher-education network in its home region, highly successful entrepreneurship, and its commitment to social causes. This might help attract external clients, but also scarce talent, not only from the company’s “Swabian neighborhood”.

Huge market potential

The market is big enough to hold potential for many vendors. A solid choice of providers and offerings is good for buyers and can help avoid dependencies or vendor lock-in. According to PAC’s market figures for the local cloud market, in 2024, more than €8 billion will be spent on public cloud-based IaaS and PaaS consumption in Germany alone. By 2028, PAC expects this expenditure to double to almost €16 billion, driven by factors such as the emergence of extremely resource-hungry AI solutions. Note that these figures refer to the “external” market; in-house revenues are not even included.