e3 @ Inside-IT Event

"Cloud & Authorities"

Fifa Museum, Seestrasse 27, 8002 Zurich

October 25, 2023 | 16:30-18:00

 

The federal government, the cloud and data protection

The combination of "cloud & authorities" is a hot topic in Switzerland. A good example of this was the event organized by the online specialist magazine "Inside-IT" on Wednesday in Zurich: 120 guests followed the discussion between a representative of the federal government, a data protection officer, a cloud provider and a security specialist.

The Confederation

Under the responsibility of Erica Dubach SpieglerDeputy Head of Digital Transformation and ICT Steering at the Federal Chancellery, is responsible for coordinating the five hyperscalers that the Confederation awarded the contract to provide cloud services in 2021. She and her colleagues are working on requirements engineering to find out which applications and data can be outsourced in the future.

Data protection 

Dominika Blonskithe data protection officer of the Canton of Zurich, took on the task of explaining the legal basis for using the cloud to the guests. Two conditions must be met: 1. citizens must not be placed in a worse position as a result of outsourcing. 2. the service must not be provided by anyone other than the client itself. The cloud provider thus becomes part of the outsourcing organization's team.

The cloud

The National Technology Officer of Microsoft Switzerland, Marc Holitscherhas often dealt with the organizational, legal and technical requirements of the cloud. The decision to outsource must be made depending on the confidentiality of the data and processes. Data protectionists and experts have confirmed to him that up to 90 percent of data can be outsourced to the public cloud. The missing 10 percent is currently being discussed 90 percent of the time, Holitscher observed.

The security

The e3 CEO Thomas Fürling concluded by explaining how data protection can be implemented in a hybrid multi-cloud infrastructure - which will be a reality in all organizations in the near future. Encrypting particularly sensitive data is the only practicable option, he said. However, this additional security effort does not come for free, says Fürling. Additional costs of 10 to 30 percent are to be expected. However, simply postponing these security investments to the future would only work on-premises at best - but no longer in the cloud. Fürling therefore advised careful evaluation and planning of cloud projects.