There are probably many takes on this. I think it is quite all right to rely on SaaS and cloud to some extent where it makes sense [for you]. Like in a case where the purchased service would be more cost effective or superior to what you could achieve yourself using reasonable commercial efforts. Like email and groupware. Besides, many racks in a data center are really a fixed cost while (at least theoretically) your cloud cost is a variable that can increase or decrease depending on usage. As for the age-old question of who looks at your data… again what should be commercially reasonable to protect it? All the big cloud providers have a ton of certifications (SOC2, various ISO, CSA, etc.) with a ton of controls attesting to privacy, security, processing integrity, availability, etc. it seems to be good enough for large multinationals. Nonetheless, none of this helps if the purchasing organization doesn't internally adhere to good security practices themselves. Also, commercial organizations should really assume that if someone really wants to peek at some proprietary data it won't matter whether it located is in the cloud or on premises. :) It’s a whole another - big - problem that EU doesn’t have a convincing alternative to Google Suite or O365. Or alternatives to the most popular services in general. That cannot be solved on this mailing list, unfortunately. Kaj Sent from my iPhone ________________________________ From: Timo Hilbrink via members-discuss <members-discuss@ripe.net> Sent: Monday, November 4, 2024 4:26 PM To: members-discuss@ripe.net <members-discuss@ripe.net> Subject: [members-discuss] Serious concerns about the RIPE NCC Cloud Technology Status Hi all, As we have seen in the past several Information Services updates from Felipe, the RIPE NCC has been moving a lot of services to the cloud, this now also includes things like RIPE NCC email, calendars, chat and video conferencing. The follwoing page gives a helpful overview of these services and the relevant cloud platforms: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocumentation%2Fcloud-technology-status%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679865096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=AggOh2r0lInad%2FT6uMrUJPNUp%2BWzsT%2FRdYD9m5diRjc%3D&reserved=0<https://www.ripe.net/publications/documentation/cloud-technology-status/> The page states that "all services pass an internal process of strict legal, information security, technology and privacy reviews". That all sounds very reassuring, doesn't it? However.. Even though the "Data Residency" column states "EU" for all these services, these cloud providers are a U.S. legal entity (or a foreign entity with an office in the U.S.), so the data stored on these platforms completely falls under U.S. legislation, such as the CLOUD act and numerous related acts and laws. It is completely irrelevant where this data is stored geographically. This also means that the data stored on these platforms can be subject to U.S. law enforcement warrants and subpoenas. As a concerned and privacy aware citizen, i find it very worrying that basically all my interactions with the RIPE NCC in some way end up in the hands of U.S. based cloud providers. But i can imagine that these concerns are much more serious for RIPE members in countries that have a less favourable relation with the U.S. (there are quite a number of those countries within the RIPE service region) What do other members think about this, and has the RIPE NCC taken these consequences into account when they decided to move all this data and services to U.S. based hyperscalers? Thanks for your thoughts, Timo Hilbrink Freedom Internet ----- To unsubscribe from this mailing list or change your subscription options, please visit: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.ripe.net%2Fmailman3%2Flists%2Fmembers-discuss.ripe.net%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679886742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=DFo%2BGQloZ8lW00gxZBjPuMt4Juhk7%2BcSvhnizh7GLH8%3D&reserved=0<https://mailman.ripe.net/mailman3/lists/members-discuss.ripe.net/> As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings. More details at: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fmembership%2Fmail%2Fmailman-3-migration%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679902701%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=4NG3bSB3tsMa5RWJABluY9hAWYVEdsEcJdN6M1iDaNE%3D&reserved=0<https://www.ripe.net/membership/mail/mailman-3-migration/>