The U.S. government and above all PRISM has done the U.S. cloud computing providers a bad turn. First discussions now kindle if the public cloud market is moribund. Not by a long shot. On the contrary, European and German cloud computing providers play this scandal into the hands and will ensure that the European cloud computing market will grow stronger in the future than predicted. Because the trust in the United States and its vendors, the U.S. government massively destroyed itself and thus have them on its conscience, whereby companies, today, have to look for alternatives.
We’ve all known it
There have always been suspicions and concerns of companies to store their data in a public cloud of a U.S. provider. Here, the Patriot Act was the focus of discussion in the Q&A sessions or panels after presentations or moderations that I have kept. With PRISM the discussion now reached its peak and confirm, unfortunately, those who have always used eavesdropping by the United States and other countries as an argument.
David Lithicum has already thanked the NSA for the murder of the cloud. I argue with a step back and say that the NSA “would be” responsible for the death of U.S. cloud providers. If it comes to, that remains to be seen. Human decisions are not always rational nature.
Notwithstanding the above, the public cloud is not completely death. Even before the announcement of the PRISM scandal, companies had the task to classify their data according to business critical and public. This now needs to be further strengthen, because completely abandon the public cloud would be wrong.
Bye Bye USA! Welcome Europe und Germany
As I wrote above, I see less death of the cloud itself, but much more to come the death of U.S. providers. Hence I include those who have their locations and data centers here in Europe or Germany. Because the trust is so heavily destroyed that all declarations and appeasement end in smoke in no time.
The fact is that U.S. providers and their subsidiary companies are subordinate to the Patriot Act and therefore also the “Foreign Intelligence Surveillance Act (FISA)”, which requires them to provide information about requested information. The provider currently trying to actively strengthen themselves by claiming more responsibility from the U.S. government, to keep at least the rest of trust what is left behind. This is commendable but also necessary. Nevertheless, the discussion about the supposed interfaces, “copy-rooms” or backdoors at the vendors, with which third parties can freely tap the data, left a very bad aftertaste.
This should now encourage more European and German cloud providers. After all, not to be subject to the U.S. influence should played out as an even greater competitive advantage than ever. These include inter alia the location of the data center, the legal framework, the contract, but also the technical security (end-to-end encryption).
Depending on how the U.S. government will react in the next time, it will be exciting to see how U.S. provider will behave on the European market. So far, there are always 100% subsidiaries of the large U.S. companies that are here locally only as an offshoot and are fully subordinated to the mother in the United States.
Even though I do not advocate a pure “Euro-Cloud” neither a “German Cloud”. But, under these current circumstances, there can only be a European solution. Viviane Reding, EU Commissioner for Justice, is now needed to enforce an unconditional privacy regulation for Europe, which European companies strengthens against the U.S. companies from this point in the competition.
The courage of the providers is required
It appears, that there will be no second Amazon, Google, Microsoft or Salesforce from Europe or even Germany. The large ones, especially T-Systems and SAP strengthen their current cloud business and giving companies a real alternative to U.S. providers. Even bright spots of startups are sporadic seen on the horizon. What is missing are inter alia real and good infrastructure-as-a-service (IaaS) offerings of young companies who do not only have infrastructure resources in their portfolio, but rely on services similar to Amazon. The problem with IaaS are the high capital requirements that are necessary for it to ensure massive scalability and more.
Other startups who are offering for example platform-as-a-service (PaaS), in many cases, set in the background on the infrastructure of Amazon – U.S. provider. But here have providers such as T-Systems the duty not to focus exclusively on enterprises and also allow developers to build their ideas and solutions on a cloud infrastructure in Germany and Europe through the “Amazon Way”. There is still a lack of a real(!) German-European alternatives to Amazon Web Services, Google, Microsoft and Salesforce!
How should companies behave now?
Among all these aspects one have to advise companies, to look for a provider that is located in a country that guarantees the required legal conditions for the company itself regarding data protection and information security. And that can currently only be a provider from Europe or Germany. Incidentally, that was even before PRISM. Furthermore, companies themselves have the duty to classify their data and to evaluate mission-critical information at a much higher level of protection than less important and publicly available information.
How it actually looks at U.S. companies is hard to say. After all, 56 percent of the U.S. population find the eavesdropping of telephone calls as acceptable. Europeans, and especially the Germans, will see that from a different angle. In particular, we Germans will not accept a Stasi 2.0, which instead of rely on the spies from the ranks (neighbors, friends, parents, children, etc.), on machines and services.