Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Security

// // //
12:25 PM
Oliver Schonschek
Oliver Schonschek
Oliver Schonschek

German Companies Want Even More Local Clouds

The European data infrastructure GAIA-X can help connect thedisparate needs of German firms and create market access for providers from the EU and beyond.

A cloud data center in the EU is not enough for many German companies. They prefer German locations, preferably within their own particular region. At the same time, they need cloud services from US providers. The European data infrastructure GAIA-X can help connect these disparate needs of German firms and create market access for providers from the EU and other regions.

Cloud computing is growing faster than ever in Germany. In 2018, three out of four companies (73%) used computing power from the cloud whereas in the previous year it was only two thirds (2017: 66%). This is the finding of a representative survey by Bitkom Research.

If a German company uses, or plans to use, cloud applications, it seems that data protection is the top criterion when it comes to choosing a cloud service provider. Some 90% of the companies surveyed state that compliance with the General Data Protection Regulation (GDPR) is essential for cloud solutions. For eight out of ten (79%) a transparent security architecture is essential. The question of location is also an issue for cloud users and planners. For two thirds, the headquarters of the cloud provider must be located in the legal area of the EU.

German data centers are the preference for Germans, but...
If you take a deeper look into the survey, you will find out that a German data center is a must-have for 72% of German companies, even more than for the requirement that the data center has to be within the EU (66%). Only 8% of the German companies say that it is not important to them that they use a cloud data center located in Germany.

The German market knows several regional or even local cloud providers, which are successful in their very own region, like Baden Cloud. LEITWERK AG and E-Werk Mittelbaden AG & Co. KG joined forces here to offer a network of two data centers for the region.

Nevertheless, the German users want cloud services offered by US providers like Microsoft, AWS and Google. The question is how to accommodate the desire for strong security and privacy (see Data Protection in the Cloud Is Still a Big Issue in the EU) while balancing the need for the data center to be nearby, and accommodating the need for international cloud services. One answer lies in a new European project, GAIA-X.

Europe needs an intelligent mix of digital infrastructure providers
The announcement of GAIA-X (see Europe Starts to Build Its Own Secure Cloud) has attracted some attention and discussion, with opinions on it being quite varied, depending on the interpretation of the project's objective, says EuroCloud Deutschland_eco e.V., the German Association of the Cloud Computing Economy.

The idea of a European secure data infrastructure like this is to offer companies and authorities independence from large non-European cloud providers. It should increase the availability of data, especially for midsized companies. But this should also benefit other parties involved, in order to better exploit the potential of AI (see European Approach to Artificial Intelligence: Ethics Is Key), for example.

Oliver Süme, chair of the board at Eco, the Internet industry association, recently said: “Europe needs an intelligent mix of digital infrastructure providers and a strengthening of the business location for providers of such services. We therefore believe that user companies -- whether SMEs, global players, or even the public administration itself -- need support in the form of the availability of trustworthy infrastructures -- from edge computing to cloud computing to hyperscalers -- in order to be able to make confident economic decisions in this age of digital transformation.” (See this article from dotmagazine.)

The big US cloud providers AWS and Google are already engaged in GAIA-X. "GAIA-X can also have nodes in Brazil or China, or wherever it is needed, if it is relevant for customers," says Andreas Weiss, head of Digital Business Models at Eco. "Customers, then, can make that choice. They can mandate that the data must remain in Europe or in Spain or within a specific region," so Weiss. "It is this level of choice and self-determination that makes GAIA-X unique."

The project serves as the cradle of an open digital ecosystem in which data can be made available, merged and shared securely and with confidence," states the German Federal Ministry for Economic Affairs and Energy. "With the help of this ecosystem, companies and business models from Europe should be able to scale competitively worldwide."

Bringing local and international cloud infrastructures together
GAIA-X networks central and decentralized infrastructures into a homogeneous system. It should have a modular structure and is based on open source.

Cloud providers outside the EU can also participate in GAIA-X, insofar as they share the values and goals of GAIA-X, namely data sovereignty and data availability. GAIA-X could become, for international providers, an entry point into the German market in which many companies prefer a data center in Germany or even in their region. The local provider can also become the door opener to new international cloud services within GAIA-X.

"GAIA-X does not start to develop a new technology, but it is supposed to use existing technologies and standards (e.g. the International Data Space) to set up a neutral data infrastructure for Germany and Europe and to be able to use and change offers from various cloud providers without any problems," says VOICE, the Federal Association of IT Users in Germany.

VOICE strongly recommends now the following measures:\r\n

    1. To put the needs of user companies at the center of GAIA-X beyond avoiding vendor lock-in.


    1. To quickly establish clear decision-making and management structures for GAIA-X that allow rapid standard and standard development.


    1. To develop a technical roadmap as quickly as possible, which enables providers to participate and to offer cloud and edge services on this basis.


  1. Develop and bring to market examples of relevant, easy-to-use services that can be used by a large number of user companies based on GAIA-X standards.

— Oliver Schonschek, News Analyst, Security Now\r\n\r\n

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2022-09-28
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
PUBLISHED: 2022-09-28
ETAP Lighting International NV ETAP Safety Manager is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in cont...
PUBLISHED: 2022-09-28
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function