This post is also available in: Deutsch (German)
The Neue Zürcher Zeitung (NZZ) has addressed the Cloud Act; Conclusion: American cloud providers are not an option for companies that want to keep secrets. That’s not new, but it’s important because it’s the first time our leading business paper has informed our managers and business owners about the risks involved when using American cloud providers without additional security measures.. The recipe, however, is ineffective and diplomacy will not do anything about it. Only end to end encryption with a self controlled key management will help (in most cases, at least).
This means that entrepreneurs and board members are required to decide what the security strategy and how to deal with risks should look like in the future.
The “bury your head in the sand” principle will fail here; on the other hand, many organizations are already so closely interwoven with American providers that the unraveling of the Gordian knot will probably only work with the Alexander method. The fundamental question therefore arises: Can all connections be cut and what does this mean for the organization? This is a more than realistic simulation game which is meant quite seriously. We are dealing here with an elaborate conformance vs. performance analysis (cf. Guide to Information Governance, p. 38) and coping with it, which should not be easy.
Translated with www.DeepL.com/Translator