Cloud computing

The challenges 

• Compliance and data protection: Current laws are often not adapted to cloud technologies. International regulations such as the US Cloud Act or the Chinese Cyber Law harbour risks for data access by foreign authorities. 

• Security and resilience: The concentration of data makes cloud providers attractive targets for attacks. In addition, the data is predominantly unencrypted during processing - this risk to the confidentiality and integrity of the data must be assessed and managed.  

• Shadow IT and governance: Many organisations do not know exactly where and how their data is processed. Employees often use cloud services such as Google Drive, Dropbox or Slack to circumvent internal IT regulations. This results in shadow IT that does not comply with company guidelines and may be insecure. 

• Provider dependency (lock-in): Changing cloud providers is often technically and economically difficult. Multi-cloud solutions and container technologies alleviate this problem, but are not yet widespread. 

• Migration and transformation: The introduction of cloud services requires new operating processes and organisational adjustments. 

Recommendations for politics, business and society 

• Create a legal framework: Switzerland lacks a legal framework for the cloud: legislators and regulators should inform themselves about the fundamentals, opportunities and risks of cloud computing in order to enable intelligent legislation and regulation. 

• Support research: The promotion of secure technologies such as homomorphic encryption, confidential computing or trusted execution environments is essential for Switzerland's data sovereignty. 

• Understanding the impact of cloud computing: Organisations should take advantage of the opportunities offered by cloud computing and carefully weigh up the risks. Moving to the cloud requires a clear strategy and should be treated as an organisational change project to effectively minimise risks.