The spectre of DSGVO swept over Germany in May 2018. The new General Data Protection Regulation has left many uncertainties and questions until today - also in the area of cloud storage solutions and cloud hosting. As an intangible entity, servers hosted in the cloud initially appeared to many to be insecure and too risky. But it is possible that dealing with the new General Data Protection Regulation has even helped companies to address the issue of data storage/data security and close technological gaps in their IT infrastructure. For the majority of German companies, at any rate, the fear knot has been broken.
Cloud computing in demand as never before
Because Bitcom and KPMG have just published the Cloud Report 2019 published, which shows, in Germany, cloud computing is growing faster than ever beforeLast year, three out of four companies (73 percent) were already using the cloud - in 2017, this figure was only two thirds (66 percent). Only eight percent of the companies surveyed stated that they were not at all concerned with the topic of cloud computing.
Those who do not yet use public cloud solutions are primarily concerned about the security of their data. Almost three quarters of non-users (73 percent) fear unauthorized access to sensitive company data. According to the respondents, the public cloud is less susceptible to security incidents than the company's own IT. A quarter (26 percent) of public cloud users state that there have been security incidents in the cloud solutions they use in the last 12 months. For a further 27 percent, such incidents were suspected. By comparison, more than a third (37 percent) of companies reported security incidents in their in-house IT, and another third (32 percent) had such suspicions.
Criteria for DSGVO-compliant cloud data stores
But back to the initial question: Is data stored in the cloud compliant with the GDPR? In short, yes. However, the following three criteria should be met:
1. server location
In order to comply with the GDPR, the server location is crucial. The storage and processing of personal data is only possible without problems within the EU in accordance with the DSGVO requirements. If your cloud provider's data center is in a third country outside the EU, it would have to raise the data protection level to that of the EU. This can lead to considerable additional work for your company. It is better to pay attention to the server location in Germany or within the EU when choosing a cloud provider.
Equally important and yet often underestimated is the topic of encryption. When choosing a cloud provider, you should ensure that sensitive data (personal data, but also confidential documents, ideas and patents) can be protected with the highest encryption standard available. The highest standard currently represents end-to-end encryption. "End-to-end" means that the data is encrypted from the sender to the recipient across all transmission stages. Encryption and decryption only take place at the start and end points using a secret key. In the event of data loss, this at least ensures that third parties cannot do anything with the data. This means that the data cannot be viewed by anyone at any time. However, this also means that it is not possible to search the data and the data cannot be viewed via a browser. In addition, the virus protection measures taken at gateways are ineffective because they cannot capture the encrypted mails.
Careful consideration should therefore be given to which of the data is classified as confidential (less sensitive) or strictly confidential (highly sensitive), for which encryption is therefore appropriate.
3. data sovereignty / access rights
Data sovereignty should remain within the company at all times, without external control. This way, you always retain control over your data. Also pay attention to further monitoring options of activities, admin rights and setting options for internal security policies.
The selected cloud provider should enable user and rights management at different security levels. This ensures that only people authorized by you have access to your data and are granted differentiated rights. For example, selected people can have read-only rights, while other people are allowed to edit and delete data. The more comprehensive the cloud provider's setting options for data profiles are, the more precisely access rights can be mapped at all levels of your company hierarchy, and closed data rooms can be set up for individual user groups or teams.
ScaleUp cloud storage meets all the above criteria and thus offers a DSGVO-compliant alternative to AWS, Azure and Google Cloud. In our self-hosted OpenStack Cloud, we offer all conceivable cloud storage forms (block storage, object storage and Nextcloud data storage), which can be extended by an all-round carefree service offering of management service options. All ScaleUp Open Cloud data centers are also located in Germany and are maintained under the highest security standards by experienced system administrators around the clock. Strictly confidential data is encrypted "end-to-end" via Nextcloud.
[vc_empty_space height=“52px“][mk_button dimension=“flat“ corner_style=“rounded“ size=“x-large“ url=“https://www.scaleuptech.com/de/produkte/nextcloud-cloud-speicher#anfrage“ align=“center“ bg_color=“#cad411″ btn_hover_bg=“#292f6c“ btn_hover_txt_color=“#ffffff“]Jetzt Nextcloud 14 Tage testen![/mk_button][vc_empty_space height=“52px“]