OVHcloud and Outscale respond to US pressure on cloud security in Europe

Posted on Jul 12, 2022, 8:57 AMUpdated Jul 12, 2022 at 9:46am

This is just a postponement of a meeting at the European Cybersecurity Agency, but it still crossed the throat of about thirty French cloud and software managers. “At the end of June, Enisa was due to operate in accordance with its European certification scheme for cloud security in Europe, and will finally submit its recommendation to the European Commission only in September,” laments David Chassan, director of strategy for Outscale, the online data hosting company of Microsoft. Dassault Systèmes.

Fearing that this setback was a clear sign of effective lobbying by their American rivals, the leaders of Outscale and Roubaixian OVHcloud opted for revenge. In a letter sent Monday evening to Enisa and co-signed by a large part of the French companies in the sector – a copy of which was obtained by Les Echos – they called on European officials not to concede anything “to the pressure of those who tend to advance their own economic interests at the expense of law enforcement.” European Union and the protection of European organizations and citizens.

Layer of “SecNumCloud”

Last April, Politico revealed, Enisa’s draft recommendations were going in the direction of French companies. By creating three levels of certification, the European Agency for the strongest level required that the hosting platform and the company running it be immunized against any form of legislation outside of Europe. To many, this high tier was a copy of the “SecNumCloud” label in force in France that had already been acquired by OVHcloud and another site, Oodrive, for some of its Outscale services.

But this necessity will exclude American companies, which nonetheless largely dominate the market. And they don’t see their services as any less secure than their European competitors. Admittedly, US justice can search remote servers of Amazon, Microsoft, Google, or Oracle, but the highly supervised procedure is very exceptional, they said. Through various career groups, they actually let Enisa know all the bad things they thought were coming last spring.

Globalization vs. Privacy Shield

In mid-June, for example, the consortium of Europe’s major technology companies, DigitalEurope, asserted in a press release that “the European Cybersecurity Certification Scheme for Cloud Services and its focus on data localization, European headquarters and European oversight will not only affect the quality and security of the European cloud market.” But it also creates difficulties for European companies operating on a global scale.”

In response, the French companies state in their letter to Enisa that imposing immunity from US laws on the cloud they claim is the most secure amounts to simply ensuring that these clouds comply with European regulations on the protection of personal data as they have been in place since the revocation of the “Privacy Shield” in July 2020. This The argument is also supported by Cigref and Voice, the French and German associations representing large companies and the client departments of tech companies.

While it makes it possible to respond to the concerns of companies about the confidentiality of their data, the demand for security labels will also make it possible to harmonize European markets by pulling them upward: thus, the investments made by specialists in European Cloud Insurance at the most stringent level can pay off in all across Europe.

How do you deal with growing doubts?

Inflation, rising interest rates, Ukraine and now political uncertainty, the shocks multiply. For evolving in an increasingly complex environment, Les Echos’ editorial expertise is invaluable. Every day, our surveys, analyzes, columns and editorials accompany our subscribers, helping them understand the changes that are changing our world and preparing them to make better decisions.

I discovered the offers

Leave a Reply

Your email address will not be published.