Cloud adoption in Europe: Addressing data privacy concerns

Robert Douglass
21 Jun 2016

The Patriot Act and NSA programs like Prism raise scary questions about how safe your enterprise data is in the cloud, and experts say that these fears hurt cloud adoption. Europeans are particularly sensitive to data privacy given that they have EU and national level data privacy laws that prevent companies from sending customer data out of territory.

The striking down of the Safe Harbour agreement by the European Court of Justice was a blow to many cloud providers, confirming the worst fears of critics who have, for a long time, pointed to the inextricable links between US-based companies and their offshore subsidiaries.

Nevertheless, cloud adoption continues to accelerate, and there are several key advantages of cloud services compared to classical on-premise or co-location models:

  • Expertise: Most businesses have large and diverse IT ecosystems with many different platforms and technologies. System Administrators may be dealing with systems that they know little about and can easily make dangerous mistakes in terms of configurations and settings. A properly supported Cloud platform on the other hand has an expert team available that knows its chosen technology inside out.
  • Resources: Internal IT departments are coming under increasing budget pressure, with headcount remaining flat or even falling. As a result there’s often not enough time to go around, meaning that IT staff don’t have the time to keep systems up to date, preferring to let them run - even if that presents security holes. In contrast, cloud platforms are well-maintained and providers even work with customers to plan their migrations to secure, supported software versions.
  • Fast hotfixing/patching: In the most extreme cases, such as zero-day vulnerabilities, a Cloud platform comes into its own, with a dedicated security team on hand to apply hotfixes to many hundreds of sites.
  • Scalability-elasticity: You’ve only got the hardware that you’ve got. That might sound obvious, but the fact is that when a spike occurs and you’re on-premise or in a co-location datacenter, that is very bad news - unless you’re running much more hardware than you actually need. Otherwise, your site will crash, with all of the financial, reputational and technical problems that that brings. Highly available cloud architectures mean that you can rely on the platform to scale when it needs to, keeping your site up, and keeping the customer happy.

Alongside these advantages, the revised Safe Harbor agreement from earlier this year may help assuage fears, and some American cloud offerings are also already taking action. To assure people that their data is safe from subpoena from the American judicial or spying systems, several Cloud platform providers are looking at models that address national and regional privacy concerns.

For example, Microsoft have done something quite smart with their Azure platform. They’ve formed a partnership with T-Systems, Deutsche Telekom’s business services arm, and licensed the Azure cloud technology to be run in their datacenters. Because the data centers and personnel are 100% German-owned and operated, and are located inside of Germany, there is an added layer of protection for Azure customers. The setup allows no direct judicial route via the Patriot Act or otherwise for data to be subpoenaed from these datacenters, since they are fully out of the legal jurisdiction of the American court system. Yet, the technology is fully Azure, and all of the features of the Azure Cloud Platform are present, allowing customers to procure these Azure services directly from Microsoft in the same contractual frameworks as they procure other Microsoft products.

For European enterprises who want their applications hosted in Europe, and 100% run by European companies, migrating to the cloud has not become any easier. As Microsoft Azure is one of the big three cloud computing platforms worldwide, it was natural for Platform.sh to partner with Microsoft to offer our PaaS technologies utilizing the new data-sovereign regions. Now you know that you have options to host your applications safely and securely whilst meeting EU compliance and legislation.