Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

12:25 PM
Oliver Schonschek
Oliver Schonschek
Oliver Schonschek

German Companies Want Even More Local Clouds

The European data infrastructure GAIA-X can help connect thedisparate needs of German firms and create market access for providers from the EU and beyond.

A cloud data center in the EU is not enough for many German companies. They prefer German locations, preferably within their own particular region. At the same time, they need cloud services from US providers. The European data infrastructure GAIA-X can help connect these disparate needs of German firms and create market access for providers from the EU and other regions.

Cloud computing is growing faster than ever in Germany. In 2018, three out of four companies (73%) used computing power from the cloud whereas in the previous year it was only two thirds (2017: 66%). This is the finding of a representative survey by Bitkom Research.

If a German company uses, or plans to use, cloud applications, it seems that data protection is the top criterion when it comes to choosing a cloud service provider. Some 90% of the companies surveyed state that compliance with the General Data Protection Regulation (GDPR) is essential for cloud solutions. For eight out of ten (79%) a transparent security architecture is essential. The question of location is also an issue for cloud users and planners. For two thirds, the headquarters of the cloud provider must be located in the legal area of the EU.

German data centers are the preference for Germans, but...
If you take a deeper look into the survey, you will find out that a German data center is a must-have for 72% of German companies, even more than for the requirement that the data center has to be within the EU (66%). Only 8% of the German companies say that it is not important to them that they use a cloud data center located in Germany.

The German market knows several regional or even local cloud providers, which are successful in their very own region, like Baden Cloud. LEITWERK AG and E-Werk Mittelbaden AG & Co. KG joined forces here to offer a network of two data centers for the region.

Nevertheless, the German users want cloud services offered by US providers like Microsoft, AWS and Google. The question is how to accommodate the desire for strong security and privacy (see Data Protection in the Cloud Is Still a Big Issue in the EU) while balancing the need for the data center to be nearby, and accommodating the need for international cloud services. One answer lies in a new European project, GAIA-X.

Europe needs an intelligent mix of digital infrastructure providers
The announcement of GAIA-X (see Europe Starts to Build Its Own Secure Cloud) has attracted some attention and discussion, with opinions on it being quite varied, depending on the interpretation of the project's objective, says EuroCloud Deutschland_eco e.V., the German Association of the Cloud Computing Economy.

The idea of a European secure data infrastructure like this is to offer companies and authorities independence from large non-European cloud providers. It should increase the availability of data, especially for midsized companies. But this should also benefit other parties involved, in order to better exploit the potential of AI (see European Approach to Artificial Intelligence: Ethics Is Key), for example.

Oliver Süme, chair of the board at Eco, the Internet industry association, recently said: “Europe needs an intelligent mix of digital infrastructure providers and a strengthening of the business location for providers of such services. We therefore believe that user companies -- whether SMEs, global players, or even the public administration itself -- need support in the form of the availability of trustworthy infrastructures -- from edge computing to cloud computing to hyperscalers -- in order to be able to make confident economic decisions in this age of digital transformation.” (See this article from dotmagazine.)

The big US cloud providers AWS and Google are already engaged in GAIA-X. "GAIA-X can also have nodes in Brazil or China, or wherever it is needed, if it is relevant for customers," says Andreas Weiss, head of Digital Business Models at Eco. "Customers, then, can make that choice. They can mandate that the data must remain in Europe or in Spain or within a specific region," so Weiss. "It is this level of choice and self-determination that makes GAIA-X unique."

The project serves as the cradle of an open digital ecosystem in which data can be made available, merged and shared securely and with confidence," states the German Federal Ministry for Economic Affairs and Energy. "With the help of this ecosystem, companies and business models from Europe should be able to scale competitively worldwide."

Bringing local and international cloud infrastructures together
GAIA-X networks central and decentralized infrastructures into a homogeneous system. It should have a modular structure and is based on open source.

Cloud providers outside the EU can also participate in GAIA-X, insofar as they share the values and goals of GAIA-X, namely data sovereignty and data availability. GAIA-X could become, for international providers, an entry point into the German market in which many companies prefer a data center in Germany or even in their region. The local provider can also become the door opener to new international cloud services within GAIA-X.

"GAIA-X does not start to develop a new technology, but it is supposed to use existing technologies and standards (e.g. the International Data Space) to set up a neutral data infrastructure for Germany and Europe and to be able to use and change offers from various cloud providers without any problems," says VOICE, the Federal Association of IT Users in Germany.

VOICE strongly recommends now the following measures:\r\n

    1. To put the needs of user companies at the center of GAIA-X beyond avoiding vendor lock-in.


    1. To quickly establish clear decision-making and management structures for GAIA-X that allow rapid standard and standard development.


    1. To develop a technical roadmap as quickly as possible, which enables providers to participate and to offer cloud and edge services on this basis.


  1. Develop and bring to market examples of relevant, easy-to-use services that can be used by a large number of user companies based on GAIA-X standards.

— Oliver Schonschek, News Analyst, Security Now\r\n\r\n

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
PUBLISHED: 2021-01-15
Docker Desktop Community before on macOS mishandles certificate checking, leading to local privilege escalation.
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the REST UserResource endpoint performs a security check to make sure that only administrators can list user details. However for the `/users/` endpoint there are no security checks enforced so it is possible to retrieve ar...