According to the BSI, the location of the server is less important. Instead, the Federal Office emphasized to Handelsblatt Online: „Information security is basically independent of location. Security measures must be implemented to ensure the confidentiality, integrity and availability of the data and services for the benefit of the users“. Even if access to the cloud takes place via foreign Internet servers, this ensures that confidential information remains confidential even if the connection is unsecured, says BSI spokesman Tim Griese. According to the Bitkom survey, many entrepreneurs, 74 percent to be precise, only trust cloud solutions whose servers are located in EU law or in Germany – not least for data protection reasons.
Nevertheless: „Technically, that’s correct,“ says Fraunhofer computer scientist Mario Hoffmann. „But you have to be aware that companies and private individuals in Germany enjoy better data protection than elsewhere. If companies attach importance to a legal framework that allows them to act against violations, the choice can only be Germany as the location.“
Advantages and disadvantages of cloud computing
If a company does not maintain its customer database in its own data center, but uses an online service such as Salesforce.com, it saves investment in infrastructure. In addition, billing is usually staggered, for example, according to the number of users or memory consumption. Business customers hope to achieve cost savings as a result.
- Those who rent storage space on the network can react flexibly to demand and increase or decrease demand quickly and easily. If, for example, a start-up grows rapidly, it simply increases capacity. This also results in low fixed costs.
- There is no need to install it on your own computers.
- This means that a new system can be introduced extremely quickly. Also the updates do not cause any more problems, thus the administration expenditure sinks. However, the cloud services usually cannot be configured as individually.
To use the cloud services, employees only need an Internet connection – regardless of their location and the device they are using.
Data service providers advertise that they deal more intensively with IT security than individual users or companies. However, the cloud providers‘ data centers are also an attractive target for hackers due to the large amount of data. Secret services are also showing great interest. In addition, it is difficult to determine from the outside whether the provider is sufficiently protecting the data from its own employees. Outsourcing therefore means a loss of control.
Many companies are dependent on their service provider because they cannot easily switch to another provider. This is due, for example, to the fact that they have to adapt their systems to the interfaces at great expense. Also users often have difficulties when they want to change the provider with their data.
Another question: What happens if the operator of a service goes bankrupt? Only when there are standards that make it possible to switch from one service provider to another will dependency decrease.
After all, there is enough risk potential for company data there. Internet browsers, for example, which represent the web interfaces of many cloud applications, are the gateway to malware. According to an analysis by the Hasso Plattner Institute in Potsdam, the number of security vulnerabilities rose by a good 2000 to 6500 between 2011 and the end of 2014. Nearly 1870 – almost 29 percent – of these are the most popular browsers Internet Explorer by Microsoft (700), Chrome by Google (600) and Firefox by Mozilla (570). According to HPI Director Christoph Meinel, they are probably the most frequently used points of attack for hackers.
The Danish security company Secunia annually lists the emergence of software vulnerabilities and, like the Hasso Plattner Institute, registers an increasing number of incidents. „30 days after a vulnerability becomes known, patches, i.e. digital corrections, are only available in 84.3 percent of cases,“ says Kasper Lindgaard, Director of Research and Security at Secunia. „In this case, companies need a Plan B to ensure the security of their systems.“
Data Traffic: Fear of Cyber Espionage
A so-called hybrid cloud is such a possibility with Plan B. With Plan B, a company uses its own and leased servers in a network. Where which data is stored is determined in advance by the company. Production-relevant plans and contract documents, for example, remain within the company’s own software; less explosive files and encrypted backups are stored by the cloud service provider.