Cloud Security Principles

Cloud Security Principles: The Growing Importance of Physical Location in a Virtualized World

Due to the recent discussions about the physical data locations in the cloud, people are now openly discussing security issues. The EU and its member states are still trying to find a balance between national and pan-European legal requirements. And to work out a common strategy towards data treatment. The choice of keeping data “at home” has been gaining popularity among companies.

Physical security for cloud services is highlighted as Threat #3: Malicious Insiders: DCs tiers in the “Top Threats to Cloud Computing V1.0”, by the Cloud Security Alliance. Interestingly, this position has not changed much since then. At the same time, new data centers around the world are appearing and competing to get a portion of the quickly growing cloud market. Have in mind that there are specific industries (such as finance, insurance, and healthcare) whose main concerns are related to the protection of their (customers’) sensitive data. So, it’s not surprising why can be picky about the legal framework which will bind and safeguard their data.


What if we try to think out of the box and find an alternative? This is what CloudSigma founders asked themselves already back in 2009 when the cloud services market in Europe was still in its initial development stage. They found such a strong alternative approach which is still valid and powerful today. Their approach was to structure CloudSigma legally to ensure customers were only ever subject to the law of the country where they put their data. Switzerland, with its strong protection of both corporate and personal data, was chosen to be the CloudSigma global headquarters.

Why Switzerland? Well it’s nothing to do with banking secrecy laws! Switzerland’s data protection law applies to the data of both natural persons and legal entities, such as corporations (“data subjects”). So while the EU has strong protections for personal data of citizens, it has different rules for corporate data. Switzerland has the same strong protection against both corporate and personal data under criminal penalty; “the law applies equally to electronic and manual data processing. Personal data may only be processed lawfully”.


This means that all data – corporate or personal has the same protections. Which is how it should be as far as we are concerned. Finally, Switzerland has no concept of extraterritorial jurisdiction. So customers using us outside of Switzerland will only be subject to the laws of the particular country. Because for every country we have a cloud, we always use a local company to operate it.

How about the position of the EU? In July 2000, the European Commission (EC) (2000/518/EC, July 26, 2000, Official Journal L215/1 of 25.8.2000) decided that “the Swiss state completely prohibits the disclosure of sensitive data and therefore data transfers from Member States to Switzerland are, in principle, permitted…without limiting the effect of other laws of the European Union”. Furthermore, Swiss law provides adequate protection of personal data or personality profiles to third parties without lawful justification, meaning that no one can access the data without having the legal justification for doing so.


So, if you were looking to move workloads into the cloud, you first would ask yourself a few things. Where would be a sensible place to place my customers’ data and with which provider? CloudSigma offers a strong alternative to the US provider dominated cloud services sector that’s subject to the Patriot Act and other legislation. We provide not only a well thought out and transparent legal structuring that makes compliance with data laws much easier for our customers but also just as powerful a platform in terms of performance and feature-set.


About Yoanna Savova

Yoanna is a Strategic Partnership Developer at CloudSigma leading company's efforts in the direction of Cloud-as-a-Service and expanding CloudSigma's horizons. Yoanna is passionate about new technologies, dancing and sports.