Is the Cloud the Most Secure Data Protection Solution?

The short answer is: “In principle, yes. But it depends.” The following considerations apply: In terms of data centre operation, the odds are in favour of deep-pocket firms with an army of experienced data protection specialists and multiple physical security layers versus an on-premise IT infrastructure-ops team in a company with non-IT core competences. But in terms of server uptime and intrusion detection and prevention, the cloud will be king—and downtime due to dusty vents is history.

In terms of platform operation, the cloud service providers—especially the hyperscalers AWS, Azure, and GCP (Google Cloud Platform)—provide manyuseful features like AI-based automated DDOS prevention (incl. automatedtraffic rerouting) and notification. When the platform is configured and operated in-house, however, it is up to the enterprise’s specialists to design a secure and reliable network and VM architecture, thus transferring an element of execution risk to the enterprise.

Software-as-a-service entails additional execution risks. The use case “talent management” (e.g. SAP SuccessFactors or Workday) clearly demonstrates that the scope of service consumption can creep beyond compliance: Imagine an SaaS subscription including “talent sourcing” functions that an enterprise’s HR department begins to use although they are not addressed by the corporate GDPR regime. The processing of applicant data is consequently unlawful and entails the risk of legal fines. In this case, the cloud provider has limited control over data protection, and the enterprise is responsible for implementing technical or organisational countermeasures.

Dr. Tobias Höllwarth
President EuroCloud Europe
Member of the FIC Advisory Board
Associate at Sourcing International