The risks of commercial cloud services

While in the USA most customers prefer commercial cloud systems, in the DACH region only about 50% of customers choose a public cloud network for their data storage. Cloud systems are subject to the same risks as private storage solutions, failure, malfunction, external attacks.

The risks of commercial cloud providers you should keep in mind

  • Low data security :   
    This mainly relates to the secure transmission of data over a network, secure access permissions to the data, or protection against accidental deletion or modification of data.
  • Low data protection:   
    Compliance with legal requirements for handling data, in particular the EU data protection directives, must be ensured. The location of the servers on which the data is stored plays an important role here. Under the EU directives, companies are also required to delete certain data at regular intervals. It is not possible to check whether data is really deleted, for example, after termination of the contract. In particular, data that may be on numerous security tapes is subject to great uncertainty.
  • Unintentional distribution and duplication of data:
    It is usually not apparent where the data is processed. Processing or storage may also be distributed, especially if a cloud provider obtains parts of its resources externally or from its global network.
  • Low transparency:
    In general, users cannot verify the physical storage of data. For example, it is difficult to verify that data has been properly stored or deleted. 
  • Limited control:
    Control of data processing is solely at the discretion of the provider. Users must be given an explicit opportunity to control, or they must rely on the data and documents provided. 
  • Cloud provider dependency:   
    The user is dependent on the provider reliably providing the agreed services and processing the data properly. He is also dependent on price changes, the design of terms and conditions, changes to terms of use, etc.
  • Risk of unintentional publication or unintentional access by third parties:   
    It cannot be ruled out that a provider creates usage profiles. Content data can also be viewed and evaluated. Unauthorized disclosure to third parties is also possible. According to reports from well-known whistleblowers, data is viewed by third parties on a broad scale and there is collusion between government agencies and cloud services.  
  • Risk of lock-in to one provider:
    Cloud services cannot be easily replaced with an equivalent solution. If a lot of data is stored or specific services or apps are used, the customer becomes highly committed to the provider.

Advantages of small, private cloud providers:

  • Contractually, flexible arrangements can be made 
  • 100% transparency can be ensured 
  • It can be agreed in which form data will be handed over to the customer in the event of termination of the service
  • It is possible to get a precise picture of backups, the technology used and the security measures

Our conclusion: the uncertainty about data security, privacy, limited control and the risks of dependence on one provider makes it clear that careful consideration and possibly looking at smaller, private cloud providers could be beneficial for some users.