We've been operating on AWS in Frankfurt for a couple of years, thinking we were compliant with GDPR. Recently, our legal team raised an important concern about the CLOUD Act, which allows US authorities to access data stored by US companies, regardless of where that data is located. This raises worries because even though our data is in Frankfurt, it's still under US jurisdiction. I'm interested in learning what other EU companies are doing about this matter. Are you switching to European providers like Hetzner or OVHcloud? Has the migration process been difficult? Are you staying with AWS and enhancing encryption methods? Is your legal team taking this seriously or do they view it as theoretical? Additionally, what's been your experience with cost differences? We've heard estimates of 40-70% savings with EU providers, but that seems excessive. Would love to hear your thoughts!
5 Answers
We faced this challenge with several clients last year. It varies depending on what you’re doing on AWS. Companies dealing with sensitive healthcare or financial data need to really consider migration. We ended up splitting workloads: regulated data goes to a local provider while everything else stays on AWS. Not the cheapest solution, but practical for many organizations.
That’s a solid strategy. I’ve seen companies save big on regulated data tiers even without massive migration costs.
Switching to a European cloud provider has been our move. We chose to implement encryption and manage our own keys while on AWS, but honestly, the risk remains since they can suspend our service without warning. I’ve even heard that the International Criminal Court had to switch from Microsoft 365 for similar reasons. It’s a separate issue from just data access worries.
Interesting to note the ICC's switch. Do you know what they transitioned to?
You're spot on; while encryption helps with data confidentiality, companies can still face service suspension under the CLOUD Act. The best option seems to be moving sensitive workloads to providers not under US jurisdiction.
Your fear is valid! Many folks are moving away from US providers because of the CLOUD Act risks. A local server can provide peace of mind. My team switched to OVHcloud and while their services aren’t as extensive as AWS, we saved costs and optimized our system in the process.
OVH's savings sound great. Did you encounter any major hurdles during the transition?
Glad to hear it worked out! These local servers often feel more reliable for internal services.
Most companies I know just ignore this issue. It’s like they think it’s not a problem until it actually becomes one. That’s where the real risk lies—AWS can be compelled to keep request information secret under the CLOUD Act, which makes it a tricky situation, especially for sensitive data.
Exactly! It feels like a ticking time bomb. The risks to sensitive data mean we need to make firm decisions rather than waiting until it’s too late.
Honestly, if you want to protect your data, moving to a European provider is the best way to go. The CLOUD Act provides an indirect access point for US authorities, and trusting a US cloud service can be a risky choice for EU organizations.
For sure, it feels like those companies that ignore these risks are playing with fire. Better safe than sorry, right?
Exactly! It’s all about weighing the risks and making informed decisions for protecting sensitive data.
This split in architecture seems smart. We’re thinking about the same approach. How did you manage user access across different platforms?