Legal expertise is what counts

In autumn this year, SWITCH conducted an online survey of Swiss universities on the topic of cloud applications. The results confirm the assumption that legal issues take priority over technical ones.

Text: Immo Noack, published on 29.11.2018

At the end of the 1990s, the first commercial cloud service was launched on the market by Salesforce. Cloud services from Google and Amazon followed in 2006, and Microsoft launched Azure in 2010. Since then, the potential applications have multiplied, and the number of providers is growing steadily. With SWITCHengines, SWITCH offers a community cloud service tailored to the university sector. Framework agreements with commercial cloud providers negotiated by SWITCH further expand the range on offer for universities.

With its web-based survey in the autumn of this year, SWITCH wanted to find out what people involved in IT at universities thought about the rapid developments in the cloud sector. Around 100 participants from 32 Swiss universities took part. The survey is not representative, but it does provide some revealing, indicative details.

High requirements for cloud services

38% of universities have adopted regulations regarding data storage. Secret or confidential data must be stored in the institution itself, or at least in Switzerland. Equivalent regulations are being prepared at 42% of universities. For the remaining 20%, the corresponding requirements were either non-existent or not known.

One complicating factor is that data protection regulations in Switzerland can differ from canton to canton. For large, globally active commercial providers, individual and university-specific solutions are no longer possible in the cloud sector. This is where the framework agreements negotiated by SWITCH, which are valid throughout Switzerland, are of great benefit to universities.

The question about the five biggest problem areas in cloud usage gave the following picture:

  1. Swiss jurisdiction is not guaranteed
  2. Access to data by foreign authorities (CLOUD Act)
  3. Access control and identity management does not meet our requirements
  4. The data location does not meet our requirements
  5. No data sovereignty, i.e. no control over what happens with the data after the end of the contract.

For this reason, the foundation has decided to launch the SWITCH Legal Consulting service from 2019.

Huge need for professional advice

Above all, the survey participants want more advice on legal issues:

  • Swiss and cantonal data protection regulations
  • United States CLOUD Act
  • EU General Data Protection Regulation (GDPR)
  • Cloud consulting from a neutral party
  • Security

These results underscore the findings that SWITCH has been receiving for years in feedback from the community. For this reason, the foundation has decided to launch the SWITCH Legal Consulting service from 2019.

As a neutral party, SWITCH is ideally positioned to make recommendations. Its experts are also familiar with the technical and legal aspects of cloud services and have a strong international network: SWITCH employees are involved in various working groups on the topic, such as at the recent large-scale event Educause 2018 in Denver or the Cloud Forum at Cornell University in Ithaca.


About the author
Immo   Noack

Immo Noack

Immo Noack has been working in the SWITCH Procurement Team since November 2012. Prior to that, he held posts at the Federal Institute of Technology in Zurich and on the Neptun project, among others. He originally graduated in Electrical Engineering.

Other articles