Is your data truly safe just because it's stored in the EU?

Kubernetes logo

Is your data truly safe just because it's stored in the EU?

Let's unpack that and discuss what really matters for your data security.

We recently visited the expo for 'The Future of Health tech' and 'Solutions for Public Sector' and spoke to more than 30 companies about their current data storage provider. The vast majority mentioned that storing data in Sweden was a strict requirement from their customers, and that they are proud to be storing all their data on Swedish soil.

After the ransomware attack on TietoEvry that happened a few weeks ago, they publicized a statement that 'We do not have flaws in our cybersecurity'. Bold thing to say so short after one of Sweden's biggest cybersecurity scandals.

So I have to take the opportunity to question: Does storing your data in the EU actually have any positive security implications?

Let's talk about the 'illusion' of data sovereignty.

The fact is that storing your data in the EU doesn't imply any increased security if you cannot guarantee or prove that data has not left your infrastructure's perimeter without your consent. It is up to each provider to implement a certain level of security features and processes to protect your data and prove it cannot be extracted, regardless of where it's stored. And as a customer, you are up to the mercy of your provider to stay safe.

If we look at the European Cloud Provider market today, there are no providers that provide the same level of security features as the hyperscalers (AWS, Azure, Google Cloud) do. It might seem tempting to assume that it is due to engineering capabilities of those companies. My point of view is that they are part of the few that truly care about the security of their customers, as their company lives and dies by it.

The unfortunate part is that the three hyperscalers are from a country with history of extracting data from cloud providers without the requirement to inform their customers. This is why Swedish public sector and its subcontractors generally refrains from storing their data outside Swedish borders. The trust level isn't there yet, and with the TietoEvry incident that happened a few weeks ago, I see a future where companies want to keep their data much closer and safer than before.

Here's how we plan to solve that!

At molnett we are inspired by Google's approach of building their infrastructure with security in mind. Our goal is to be the primary cloud provider that combine a strong security focus with a much lower operational burden than the typical cloud provider. By offering a much more narrow portfolio of products, we can take larger ownership of managing your infrastructure, build it with security in mind and letting you focus on your core business.

What is your point of view of how data is stored and processed in the EU? Do you think we're heading in a direction where data is shared more freely across borders, or will we tread more carefully and protect our most valuable asset? My guess is on the latter!