16 points by kakoni a day ago | 19 comments
I think American cloud providers offer state‐of‐the‐art infrastructure but it's fair to question whether the current U.S. political environment—and the unpredictability it sometimes brings—could affect data sovereignty and regulatory stability.
How does HN crowd feel?
sieabahlpark a day ago | root | parent |
[dead]
aborsy 11 hours ago | prev | next |
European Alternatives:
https://european-alternatives.eu/
But EU also collects data, and might have weaker security protections. It’s also trying hard to break end to end encryption, access phone messages and iCloud encrypted data, requires back doors, …
Self hosting might be the only option.
p2detar a day ago | prev | next |
The Schwarz Group (the owner of Lidl) have produced STACKIT, which afaik is supposed to be the European AWS. Not sure what the long-term strategy is there, but I think the idea was exactly to offer European solutions as opposed to Microsoft Azure and AWS.
comprev a day ago | prev | next |
I'm sure some local laws in EU countries will restrict what data can reside outside their country.
I think Germany is quite strict?
quintes a day ago | prev | next |
My other point holds but also depending on your locality you may have your own legislation or policy, again informed by a number of factors which would be pre-existing. Those your country locality may evaluate in time or as review requires
quintes a day ago | prev | next |
Isn’t there already cloud act, patriot act and other pre existing legislation or policy that should have already have given you concern, if in fact the concern is valid.
Edit: leg
ungreased0675 18 hours ago | prev | next |
What specifically are you worried about?
LinuxBender a day ago | prev | next |
For my hobby crap I create accounts with everyone and then allocate the most resources in the places that treat me the best, perform the best, are least vulnerable to cancel and censorship culture. Each provider waxes and wanes in their behavior from social and political pressures. This is just one of the many reasons automation is important.
If US or EU fluctuate from political pressure then I can simply move things where it makes sense at the moment. My bias will always been to try to keep things in the US so my financial data is not floating around where I can not easily visit butts in chairs and when outside the US I now use a "dirty bank" for those transactions.
jeffbee a day ago | prev | next |
Choosing a cloud based on its jurisdiction was always foolish anyways. You should choose the one you believe has the most robust technical protections for your data privacy and security.
taylodl a day ago | root | parent | next |
Our corporate lawyers say otherwise. The laws applying to data at rest is determined by the jurisdiction where the data is physically stored. That's why we couldn't use GCP for years. Google would never guarantee your data would only be stored in the continental US (mandated by our legal department). Now they can do that, so we use GCP. At an organization I was at previously they had the same legal requirement and so they went all-in on AWS. Google is unlikely to get any of their business anytime in the foreseeable future.
jeffbee a day ago | root | parent |
That sounds to me like the epitome of foolishness. Making a law about where your data rests requires a severe misconception of the risks of that data being revealed to your adversaries.
threeturn a day ago | root | parent | next |
Depends on who your adversaries are. I have no doubt that all top cloud providers (AWS, Azure, GCP and OCI) are doing a great job keeping my data secure. But they need to obey US authority, and considering what is happening right now is not very reassuring. At the bare minimum, if I need to pick a cloud region, I will pick one within the EU. But after the cloud act (see: https://www.justice.gov/criminal/cloud-act-resources) not even Europe is secure. So, no is not foolishness.
taylodl a day ago | root | parent | prev | next |
Whether it's foolish or not, it's not my decision. There are three groups in an organization that'll have a significant impact to your solution approach:
- Legal
- Cybersecurity
- Enterprise Architecture
You can influence these groups, but ultimately, they set the mandates.
toomuchtodo a day ago | root | parent | prev | next |
Everyone’s threat model is unique. Foolishness is ignoring that.
yladiz a day ago | root | parent | prev |
I'm having so much trouble making sense of this comment. Besides that we're not talking about a law, it's common practice for European companies to require their SaaS products and themselves to only have EU data residency, so it's not that foolish, especially if that data is very sensitive. What are you talking about with severe misconceptions and adversaries?
reverendsteveii a day ago | root | parent | prev |
Several jurisdictions are trying to mandate backdoors, so the robustness of technical protections is becoming more and more intertwined with jurisdiction. Doubly so because of cooperation agreements like 5 Eyes where if it's legal for anyone to take your data (or illegal but enforcement is resource prohibitive) then you have to assume that everyone has it.
mystraline a day ago | prev |
I would think the appropriate answer here is Betteridge's Law of Headlines. "No".
But I think you probably knew that.
surrTurr a day ago | next |
There's plenty of good alternatives to choose from:
- https://www.hetzner.com/ (bare metal & cheap)
- https://www.open-telekom-cloud.com/ (bigger cloud)
- more european alternatives: https://european-alternatives.eu/category/cloud-computing-pl...