Cloudy promises are no longer enough – the large cloud providers are working on additional control options for customers.
(Photo: dpa)
Dusseldorf The cloud presents companies and public authorities with a dilemma: they don’t want to do without the technology, but they fear losing control over their data. This applies in particular if the provider is based outside the EU and is therefore subject to a different jurisdiction.
The US companies Microsoft, Google and Oracle are therefore working on cloud services with special protection. The promise is “digital sovereignty” – without filling the term with specific content. Amazon Web Services (AWS) was the last major provider to announce plans for additional control options on Monday.
Control over digital assets is more important now than ever, wrote Matt Garman, who leads sales and marketing at AWS, in a blog post. In many places, both the legislators and the regulatory authorities are constantly developing their requirements for IT security and data protection. The group therefore promises data sovereignty with the “Digital Sovereignty Pledge”.
Experts see the market leader under pressure. “AWS had to respond to the announcements from Microsoft and Google,” said René Büst, an analyst at market research and consulting firm Gartner.
Top jobs of the day
Find the best jobs now and
be notified by email.
AWS also leaves many details vague. Top manager Garman promised, for example, that the group would continue to work on “flexibly and innovatively adapting our offer to the ever-changing needs and requirements of customers and regulators”.
Concerns when using cloud services
According to a study by the Capgemini consultancy, those responsible in many international corporations have concerns about the use of cloud services. Around two thirds are concerned about a lack of control over their data and fear of being dependent on foreign providers.
Concerns are likely to be great, especially in Europe. With judgments in 2015 and 2020, the European Court of Justice declared the previously valid legal basis for data transfers to be invalid. He argued that the level of data protection in the US does not meet EU standards and that secret services in particular have disproportionate access rights.
>> Read here: Cloud providers all around Amazon files antitrust complaint against Microsoft
According to data protection experts, the fact that AWS, Google and Microsoft store customer data in European data centers is not enough to protect against unlawful access. They warn that American authorities can require them to hand over information stored outside the United States on the basis of the Cloud Act.
The following shows a current example that affects Microsoft. The data protection conference (DSK) of the independent federal and state data protection authorities recently declared that the Microsoft 365 program package cannot be used in accordance with the law – at least not without additional technical measures. This should pose problems for many companies, authorities and schools.
New controls for AWS products
The EU and USA are currently trying to find a new solution. US President Joe Biden has issued a regulation to ensure a higher level of data protection. However, some cloud service providers do not want to rely on this – and therefore promise “digital sovereignty” themselves.
AWS has long held back in this discussion. Now the company promises to equip its own cloud with additional control mechanisms, for example to protect against unauthorized access and to encrypt data. In addition, there should be a control of the identity and billing data of customers.
However, the cloud service provider is lagging behind the announcements made by Microsoft and Google. The competitors are working on offers in which they only supply the cloud technology – European IT service providers take care of the operation of the data centers independently.
“AWS makes the mistake of exclusively digital sovereignty to be equated with data security and data protection,” Gartner analyst René Büst told Handelsblatt. In the case of digital sovereignty, in addition to control over the data, it is also important who develops the technology and who operates the data center. “Operatively, AWS is still the master of the house.”
The market leader may even make improvements: He promised to “expand and develop the range of sovereign and resilient options”. The announcement should be seen as an offer to talk, stressed Michael Hanisch, who acts as “Head of Technology” in Germany, to the Handelsblatt.
For user companies, the requirements imposed by laws and government authorities are too complex: “That’s why it’s important that we position ourselves and work on solutions together with customers.”
More: Treasury for data: How SAP wants to build a cloud for the federal government