In this article you will read about,

• how public cloud providers provide optimal protection for data and infrastructure,
• how companies can play it safe with European cloud solutions,
• and how GAIA-X ensures consistent, trustworthy data and technology standards across the EU.

Mr. Kullmann, according to Bitkom's Cloud Monitor 2021, data protection and data security are still causes of concern for many companies when using the public cloud. How do you respond to the skeptics?

I understand the reservations. We perceive putting data in someone else's hands as a loss of control. It feels safer when everything is in your own infrastructure. But it's not. With a public cloud provider, data protection and security are integral parts of the product. Professional cloud providers usually have completely different ways of providing all-round protection than even the IT departments of large companies.

It starts with physical security measures to prevent unauthorized access and to provide the best possible protection against natural disasters such as fire, floods, and earthquakes. To this end, data center locations are selected by cloud providers according to particularly strict criteria. For example, they should be located at a certain distance from rivers, busy roads, or airport approach paths. Then there is protection against data loss. To this end, the data centers at our two sites in Magdeburg/Biere and Amsterdam are set up as twin-core data centers. Data and applications are mirrored in the respective digital twin – in the unlikely event that one data center fails, the other takes over seamlessly. With two European sites separated by a distance of around 500 kilometers, we also meet the particularly high requirements on geo-redundancy for critical infrastructures set by the German Federal Office for Information Security.

Security systems such as a firewall and encryption technologies protect against cyber attacks. In addition, over 1,000 security experts monitor our network, discover attack patterns, and fend off attacks.

This means that, when selecting a suitable cloud provider, there is much more to consider than the physical security aspects. To ensure that sensitive data is reliably stored and processed in compliance with the GDPR, companies should rely on cloud capacities from European providers with data centers within the European Union. This ensures GDPR compliance and protects against access by non-EU authorities.

That is a decision that each customer has to make individually, depending on their needs. After all, there are scenarios that can also be well covered by the US hyperscalers. Against the background of the current ambiguous legal situation that you mentioned following the Schrems II ruling and due to the Cloud Act, however, the following applies: With regard to data storage, there is de facto no legal risk with European cloud providers. Here, both GDPR compliance and data sovereignty can definitely be fully guaranteed when storing and processing the information.

Maintaining full control over their data is – as already mentioned – very important for most European companies. Accordingly, they should also keep this aspect in mind when choosing a cloud provider: Which provider guarantees me data sovereignty? This is a point that the European GAIA-X initiative would like to make transparent, among other things. GAIA-X is known to be fundamentally committed to a secure as well as trustworthy data infrastructure and digital sovereignty in Europe. Our CTO Maximilian Ahrens, who is also chairman of the board at GAIA-X, emphasized this once again at the recent opening of our data center in Amsterdam. And in particular also underlined the demands for the desired open technology standards in this context. In our view, the Open Telekom Cloud with its data centers in Germany and the Netherlands is already excellently prepared and positioned in this respect and is, therefore, also GAIA-X-ready.

Personal details:

Within the Telekom Group, Sven Kullmann is Vice President with responsibility for sales at the Open Telekom Cloud. He has held various management positions over the last 20 years for international companies in the IT industry such as Fujitsu, EDS, and Memorex.