Legal expertise is what counts

With its web-based survey in the autumn of this year, SWITCH wanted to find out what people involved in IT at universities thought about the rapid developments in the cloud sector. Around 100 participants from 32 Swiss universities took part. The survey is not representative, but it does provide some revealing, indicative details.

High requirements for cloud services

38% of universities have adopted regulations regarding data storage. Secret or confidential data must be stored in the institution itself, or at least in Switzerland. Equivalent regulations are being prepared at 42% of universities. For the remaining 20%, the corresponding requirements were either non-existent or not known.

One complicating factor is that data protection regulations in Switzerland can differ from canton to canton. For large, globally active commercial providers, individual and university-specific solutions are no longer possible in the cloud sector. This is where the framework agreements negotiated by SWITCH, which are valid throughout Switzerland, are of great benefit to universities.

The question about the five biggest problem areas in cloud usage gave the following picture:

1. Swiss jurisdiction is not guaranteed
2. Access to data by foreign authorities (CLOUD Act)
3. Access control and identity management does not meet our requirements
4. The data location does not meet our requirements
5. No data sovereignty, i.e. no control over what happens with the data after the end of the contract.

Huge need for professional advice

Above all, the survey participants want more advice on legal issues:

• Swiss and cantonal data protection regulations
• United States CLOUD Act
• EU General Data Protection Regulation (GDPR)
• Cloud consulting from a neutral party
• Security

These results underscore the findings that SWITCH has been receiving for years in feedback from the community. For this reason, the foundation has decided to launch the SWITCH Legal Consulting service from 2019.

As a neutral party, SWITCH is ideally positioned to make recommendations. Its experts are also familiar with the technical and legal aspects of cloud services and have a strong international network: SWITCH employees are involved in various working groups on the topic, such as at the recent large-scale event Educause 2018 in Denver or the Cloud Forum at Cornell University in Ithaca.