"Amazon will soon be offering a purely European cloud. The company wants to use this to score points with authorities and heavily regulated industries. But there are doubts as to how "sovereign" such offers actually are.
The cloud division of the American company Amazon is building an independent cloud for Europe. Amazon Web Services (AWS) announced this on Wednesday. This cloud offering is only operated with data centers located in the European Union (EU) and is physically and logically separated from the existing AWS regions. Control and customer service should only be carried out by staff based in the EU. The offer starts in Germany. “In this way, we are meeting the increased requirements of highly regulated industries and sensitive government authorities,” says Max Peterson, who is responsible for the sovereign cloud at AWS, in an interview with the F.A.Z. This does not affect the performance of the cloud.
Peterson emphasizes that AWS of course doesn't access its customers' data anyway. But even if only the EU servers were used, the forwarding of so-called personal metadata, i.e. information about what data is stored, has not yet been ruled out. This is no longer the case with the sovereign cloud. In July, the EU legitimized the storage of personal data in the USA with a new adequacy decision after years of legal uncertainty. Companies with particularly confidential customer data are still cautious. Especially since it is unclear whether the EU Commission's decision will stand before the European Court of Justice.
Strict rules also apply to the German administration. To put it simply, the state wants to use the public cloud, but with a kind of customs border for data. The Federal Office for Information Security (BSI) plays the customs officer. In the future, the BSI will determine which data, programs and updates are allowed in this cloud. The authority looks favorably on AWS's announcement. “The construction of a European AWS cloud will make it significantly easier for many authorities and companies with high data security and data protection requirements to use AWS services,” BSI President Claudia Plattner was quoted as saying by Amazon. However, AWS is probably not yet in the certification process by the BSI.
Almost all of them offer the “sovereign cloud”.
Business with the public sector is considered an important growth area for cloud providers alongside high-security industries. AWS is therefore far from the only provider offering a “sovereign” cloud. Google is working with Thales in France and with Telekom subsidiary T-Systems in Germany to offer “sovereign cloud services”. The American software company Oracle also offers a “sovereign cloud” in the EU. Since the beginning of the year, Microsoft has been rolling out a cloud solution specifically tailored to the needs of governments and the public sector. This should be available everywhere by the end of this year. This involves so-called data boundaries, which are intended to guarantee that data does not leave a defined geographical area, such as the EU.
In Germany, however, Microsoft is taking a different approach and is cooperating with the SAP subsidiary Delos, which is developing its own cloud for the public sector. In order to ensure the independence required by the BSI, Europe's largest software company founded its own subsidiary called Delos Cloud based in Berlin in mid-2022. SAP works closely with Microsoft. Delos boss George Welz told the F.A.Z. in July, the company is currently building three data centers in Germany based on the Microsoft Azure cloud, and another is planned as a security reserve, according to him. It is also planned that the Bertelsmann subsidiary Arvato Systems will invest in Delos and operate the data centers. The project is new territory for everyone involved, but thanks to the good cooperation between politics, companies and the BSI, it is still going according to plan. The cloud should be available to everyone at the beginning of 2025. The exact amount of the investment is still difficult to quantify, according to Welz, in any case a three-digit million amount. SAP boss Christian Klein has already spoken of billions that German industry is investing in building a sovereign cloud.
“label fraud”
There is no fixed definition for the “sovereign cloud”; the interpretation is left to the providers. "Sovereignty is the absence of strong dependencies on third parties. AWS's sovereign cloud is a misnomer here," criticizes Frank Karlitschek, founder and head of Nextcloud, which describes itself as open source and decentralized alternative to large cloud companies. Data protection advocates are also skeptical. The problem of the “sovereign European cloud” from Microsoft, Google and now Amazon is a lack of transparency, criticizes Thilo Weichert when asked by the F.A.Z. Weichert was the data protection officer for the state of Schleswig-Holstein for many years and is a board member of the German Association for Data Protection.
In principle, providers have the option of accessing clear data: "And so we have the problem that US authorities can legally access this data, for example via the Cloud Act or the Foreign Intelligence Surveillance Act."
These American laws require American companies to make data processed abroad available to the US security authorities upon request. These laws are “not carte blanche,” emphasizes Peterson from AWS. There are strict legal processes. In principle, AWS does not release any customer data on its own initiative and refers it to the company concerned. In no case has the company passed on customer data from abroad at the request of American law enforcement authorities.” [1]
1. Amazon kündigt europäische Cloud an: Cloudsparte AWS will stark regulierte Industrien und Behörden erreichen / Datenschutzbedenken bleiben. Frankfurter Allgemeine Zeitung (online)Frankfurter Allgemeine Zeitung GmbH. Oct 25, 2023. Von Maximilian Sachse und Bernd Freytag
Komentarų nėra:
Rašyti komentarą