The recent burst of discussions around the treatment of data in the cloud and the importance of the physical location for users’ data has brought sudden light onto an issue that was neglected previously. While the EU and it’s member states are still trying to find the balance between national and pan-European legal requirements and work out a common strategy towards data treatment, the choice of keeping data “at home” has been gaining popularity among companies.
Physical security for cloud services is highlighted as Threat #3: Malicious Insiders: DCs tiers in the “Top Threats to Cloud Computing V1.0”, by the Cloud Security Alliance. Interestingly, this position has not changed much since then. At the same time, new data centres around the world are being built, competing to get their portion of the quickly developing cloud services market. Having in mind that there are specific industries, such as finance, insurance and healthcare, whose main concerns are related to the protection of their (customers’) sensitive data, it is not surprising why the latter are being picky about the legal framework which will bind and safeguard their precious data.
What if we try to think out of the box and find an alternative? This is what CloudSigma founders asked themselves already back in 2009 when the cloud services market in Europe was still in its initial development stage. They found such a strong alternative approach which is still valid and powerful today. Their approach was to structure CloudSigma legally to ensure customers were only ever subject to the law of the country where they put their data. Switzerland, with its strong protection of both corporate and personal data, was chosen to be the CloudSigma global headquarters.
Why Switzerland? Well it’s nothing to do with banking secrecy laws! Switzerland’s data protection law applies to the data of both natural persons and legal entities, such as corporations (“data subjects”). So while the EU has strong protections for personal data of citizens, it doesn’t apply those same rules to corporate data. Switzerland has the same strong protection against both corporate and personal data under criminal penalty; “the law applies equally to electronic and manual data processing. Personal data may only be processed lawfully”. This means that any data, belonging to a person or a company, is treated with the same protections which is how it should be as far as we are concerned. Finally, Switzerland has no concept of extra territorial jurisdiction so customers using our clouds outside of Switzerland will only be subject to the laws of the country where that cloud is, not to Swiss law because for every country we have a cloud we always use a local company to operate it.
How about the position of the EU? In July 2000, the European Commission (EC) (2000/518/EC, July 26, 2000, Official Journal L215/1 of 25.8.2000) decided that “the Swiss state completely prohibits the disclosure of sensitive data and therefore data transfers from Member States to Switzerland are, in principle, permitted…without limiting the effect of other laws of the European Union”. Furthermore, Swiss law provides adequate protection of personal data or personality profiles to third parties without lawful justification, meaning that no one can access the data without having the legal justification for doing so.
Having in mind the above, if you were looking to move workloads into the cloud, you would ask yourself: where would be a sensible place to place my customers’ data and with which provider? CloudSigma offers a strong alternative to the US provider dominated cloud services sector that’s subject to the Patriot Act and other legislation. We provide not only a well thought out and transparent legal structuring that makes compliance with data laws much easier for our customers, but also just as powerful a platform in terms of performance and feature-set.
- CloudSigma in partnership with IPC launches new Manila cloud location for the Philippines - July 7, 2016
- Cloud Security Principles: The Growing Importance of Physical Location in a Virtualized World - April 29, 2015
- CloudSigma teams up with Sheffield Hallam University - November 11, 2014
- CloudSigma powered ClojureCup 2014 - November 3, 2014
- CloudSigma Participating in Deutsche Börse’s Industry-First, Vendor-Neutral Cloud Marketplace - July 2, 2013