There are probably many takes on this.

I think it is quite all right to rely on SaaS and cloud to some extent where it makes sense [for you]. Like in a case where the purchased service would be more cost effective or superior to what you could achieve yourself using reasonable commercial efforts. Like email and groupware.

Besides, many racks in a data center are really a fixed cost while (at least theoretically) your cloud cost is a variable that can increase or decrease depending on usage.

As for the age-old question of who looks at your data… again what should be commercially reasonable to protect it? All the big cloud providers have a ton of certifications (SOC2, various ISO, CSA, etc.) with a ton of controls attesting to privacy, security, processing integrity, availability, etc. it seems to be good enough for large multinationals. Nonetheless, none of this helps if the purchasing organization doesn't internally adhere to good security practices themselves.

Also, commercial organizations should really assume that if someone really wants to peek at some proprietary data it won't matter whether it located is in the cloud or on premises. :)

It’s a whole another - big - problem that EU doesn’t have a convincing alternative to Google Suite or O365. Or alternatives to the most popular services in general. That cannot be solved on this mailing list, unfortunately.



Kaj

Sent from my iPhone
From: Timo Hilbrink via members-discuss <members-discuss@ripe.net>
Sent: Monday, November 4, 2024 4:26 PM
To: members-discuss@ripe.net <members-discuss@ripe.net>
Subject: [members-discuss] Serious concerns about the RIPE NCC Cloud Technology Status
 
Hi all,

As we have seen in the past several Information Services updates from
Felipe, the RIPE NCC has been moving a lot of services to the cloud,
this now also includes things like RIPE NCC email, calendars, chat and
video conferencing. The follwoing page gives a helpful overview of these
services and the relevant cloud platforms:

https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fpublications%2Fdocumentation%2Fcloud-technology-status%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679865096%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=AggOh2r0lInad%2FT6uMrUJPNUp%2BWzsT%2FRdYD9m5diRjc%3D&reserved=0

The page states that "all services pass an internal process of strict
legal, information security, technology and privacy reviews". That all
sounds very reassuring, doesn't it?

However..

Even though the "Data Residency" column states "EU" for all these
services, these cloud providers are a U.S. legal entity (or a foreign
entity with an office in the U.S.), so the data stored on these
platforms completely falls under U.S. legislation, such as the CLOUD act
and numerous related acts and laws. It is completely irrelevant where
this data is stored geographically.

This also means that the data stored on these platforms can be subject
to U.S. law enforcement warrants and subpoenas.

As a concerned and privacy aware citizen, i find it very worrying that
basically all my interactions with the RIPE NCC in some way end up in
the hands of U.S. based cloud providers.
But i can imagine that these concerns are much more serious for RIPE
members in countries that have a less favourable relation with the U.S.
(there are quite a number of those countries within the RIPE service region)

What do other members think about this, and has the RIPE NCC taken these
consequences into account when they decided to move all this data and
services to U.S. based hyperscalers?


Thanks for your thoughts,


Timo Hilbrink
Freedom Internet
-----
To unsubscribe from this mailing list or change your subscription options, please visit: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmailman.ripe.net%2Fmailman3%2Flists%2Fmembers-discuss.ripe.net%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679886742%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=DFo%2BGQloZ8lW00gxZBjPuMt4Juhk7%2BcSvhnizh7GLH8%3D&reserved=0
As we have migrated to Mailman 3, you will need to create an account with the email matching your subscription before you can change your settings.
More details at: https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.net%2Fmembership%2Fmail%2Fmailman-3-migration%2F&data=05%7C02%7C%7Cc643a87399ef4229d62908dcfcdc9c8a%7Cd0b71c570f9b4acc923b81d0b26b55b3%7C0%7C0%7C638663271679902701%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C4000%7C%7C%7C&sdata=4NG3bSB3tsMa5RWJABluY9hAWYVEdsEcJdN6M1iDaNE%3D&reserved=0