Data Sovereignty in the Cloud
What does data sovereignty actually mean and what do you as an IT manager need to be aware of?
Data sovereignty: an underestimated challenge
In most cases, the cloud is the central tool for digital transformation. However, there is often no strategy in place to ensure sovereignty over valuable and sensitive data in the cloud. Key questions include: How and where is the data stored? Is there interoperability between providers, and can all data and applications be migrated easily and cost-effectively from one provider to another? We can help you answer these questions.
Start your cloud journey with us - sovereign, secure, and future-proof
Rely on open source technologies for transparency, independence and innovation.
Made in Germany
With plusserver, your data is located in Germany and never leaves the country without your intervention.
Our solutions allow the integration of additional cloud platforms, giving you freedom of choice.
24/7 support in Germany
Even when support is required, access to your data and systems remains entirely within the local jurisdiction.
Our internal processes are traceable and certified (ISO 9001, ISAE 3402, IDW PH 9.860.1).
Rely on cloud solutions with BSI-tested compliance criteria (BSI C5).
Data protection, data sovereignty, digital sovereignty - which is which?
The foundation of digital sovereignty
Data protection is one of the most well-known data processing criteria and refers to the permissible processing and storage of personal data. It is a legal protection against the misuse of information. One point of reference for the selection of providers is therefore the compliance of their offers with the General Data Protection Regulation (GDPR). Data security differs from data protection and refers to the technical protection of data against theft or manipulation. This can include appropriate security measures in the data center. For example, certifications such as ISO 27001 provide information about the measures taken by the provider.
Control over your own data
Data sovereignty is another facet of digital sovereignty. It ensures complete control over the collection, storage, use and processing of one’s own data. In this context, when evaluating a cloud provider, it is also important to consider whether the provider’s terms and conditions, such as notice periods, deletion periods or transfer costs, affect the freedom to decide where the data should go. Companies should carefully consider whether they can switch providers quickly if necessary, or whether they will be tied to a provider for a long time (vendor lock-in). The interoperability of the systems used also plays a role, which can facilitate or prevent a change.
The big picture
The concept of digital sovereignty is rounded out by the facets of jurisdictional, operational, and technological sovereignty. Jurisdictional sovereignty means that a company’s data is not inadvertently moved outside its jurisdiction and cannot be accessed from other jurisdictions. This is where the location of a cloud provider is of particular importance, while the location of the data is of less significance. The local legislation of the provider could in certain cases allow third parties to access the data (US CLOUD Act), even if the data is located in Europe. Technological and operational sovereignty describe the transparent control of all processes and the ability to trace the data processing and software components used. Certifications such as ISAE 3402 provide guidance.
Maintain data sovereignty while modernizing IT
pluscloud open is the first open source cloud in Germany that meets business requirements at enterprise level. The mature cloud stack is based on the SCS (Sovereign Cloud Stack), which in turn is a technical foundation for Gaia-X – the European cloud ecosystem for digital sovereignty. pluscloud open is BSI C5 Type II audited.
With pluscloud VMware, you have your data firmly under control thanks to our own data centers in Germany and BSI C5 testing (Type II). It is also one of only two cloud platforms in Germany that meets the criteria of a VMware Sovereign Cloud.
Cloud-native & sovereign
The plusserver Kubernetes engine is based on pluscloud open. Like the latter, our managed Kubernetes product is fully open source and interoperable with other systems. It allows you to automate your application development and deployment and to reduce your time-to-market. Our Private Registry is the perfect complement.
Data sovereignty facts and figures
… from the IDC white paper “Data Sovereignty in the Cloud”, January 2023
33% consider guaranteed data sovereignty
… as the most important criterion when choosing a cloud provider.
More than 25% fear
… being stuck with a provider due to a lack of data sovereignty.
Important or very important
… is how 75% of respondents rate the issue of data sovereignty.
Learn more about our certified data centers in Germany. Your data never leaves German jurisdiction, so you retain legal sovereignty.
Some of our satisfied customers
Rely on data sovereignty
"Made in Germany"
Trust in the highest security in our certified data centers in Germany. As a founding member of Gaia-X, a VMware Sovereign Cloud Provider and a provider with BSI C5 testing, we offer you future-proof computing platforms that focus on your sovereignty and innovation.