ITD: Mr. Gerlinger, lately many companies are planning to migrate to the cloud, primarily due to the ongoing digitalization. In your view, what factors does one need to pay attention to for a successful migration?
Tobias Gerlinger: Enterprises should consider carefully which type of data they are migrating to which type of cloud. The popular US public clouds undoubtedly have their strengths, especially in terms of fast and easy scalability. However, they are inappropriate for sensitive and business-critical data, because they are subject to several risks there.
IT security, for example, often only plays a subordinate role for the large cloud players due to the lack of a precautionary principle. There is a very good reason they have repeatedly struggled with data scandals in the past. US clouds are also subject to US jurisdiction – and the US Cloud Act gives American authorities extensive access rights. This makes these clouds a black box: companies cannot trace who is accessing their data. In these circumstances, it is virtually impossible to protect trade secrets and comply with data protection regulations such as GDPR.
In addition, companies in the public clouds are threatened with the dreaded vendor lock-in. Vendors’ proprietary technologies make it difficult for companies to retrieve their data and transfer it to another system when needed. Sooner or later, enterprises will notice this dependency in the form of increased costs.
ITD: What measures can companies implement to ensure that they retain full control over their sensitive data?
Tobias Gerlinger: By choosing the private cloud instead of the public cloud model for sensitive and critical data will ensure full control over data for enterprises. Companies can either operate a private cloud themselves or have it operated by a trustworthy service provider of their choice.
A software that is open source and supports open standards is the safest choice. Hidden back doors, through which data leaks to third parties unnoticed, are ruled out with open source software. Open standards allow companies to opt for an alternative solution at any time because they can freely transfer their data to it. This combination is the best guarantee for unrestricted data sovereignty.
ITD: How secure is migration to the cloud in times of increasing cyber attacks and security issues?
Tobias Gerlinger: For the reasons mentioned above, migration of critical data to public clouds is not secure. Private clouds, in combination with open source software, not only ensures data sovereignty, but also offers a higher level of protection against cyber attacks.
With targeted measures, the level of security can be increased even further. These include zero-trust environments, file firewalls for fine-grained protection of files or ransomware protection by storing previous file versions so that they can be restored at any time. There is no such thing as 100% data security, but it is certainly possible for companies to minimize security risks.
Based on original interview (German) in IT-Zoom