At the risk of inviting jokes along the lines of “ve haf vays of making you kloud”, I wanted to comment on the recent news that Deutsche Telekom is pushing German regulators to introduce a certification for German or European cloud operators in order to protect customers against the keen eyes of the US Government.
The news was met by a reasonable amount of shock on the Twitters and comments were made about walled gardens and the like – the truth is very different however. In my travels around the world talking to folks about the cloud, I’m amazed how often the subject of jurisdiction and data location comes up. Mid-sized and large organizations are often times happy to look at the prospect of moving to the cloud, but decidedly unhappy with the idea that their data will be located someplace that the US Government can get its hands on it – maybe not such an issue for the SMB side of the market, but undeniably one for the larger end of town.
Reinhard Clemens, the division’s chief executive officer is reported as saying that;
The Americans say that no matter what happens I’ll release the data to the government if I’m forced to do so, from anywhere in the world, certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them
I’ve been saying it for years. US based cloud vendors, regardless of whether or not they have footprint outside of the US need to face up to the real concerns and risks that non US companies have when dealing with US located, or owned, infrastructure. Certification like that promoted by DT may be seen as a trade barrier, but it’s a barrier borne out of necessity.

(Cross-posted @ The Diversity Blog – SaaS, Cloud & Business Strategy)
It’s rapidly becoming a bigger issue than security. And the public relations problems associated with data custody and multi-jurisdictional issues haven’t even bloomed yet.
Next up: search warrant and seizure issues.
This isn’t just about differing civil and criminal law, either. Non-US firms are justifiably concerned about US intelligence agencies abusing their power to aid US economic interests, given the historical track record. Even if you can trust Amazon, can you trust the CIA and NSA not to use their power to steal your data and sell it to a direct US competitor? The answer, unfortunately, appears to be no (and this holds true for Big Brother regimes around the world).