Posted on 27.2.2023

How global events revealed business risks in cloud services

Antti Vilpponen UpCloud CEO

Today’s organisations are so used to the efficiency and flexibility of cloud services that only a few would be eager to return their data to self-maintained servers. However, the changed global situation has brought new political and geographical risks to the management teams’ agendas. These risks directly impact the globally distributed data centre networks powering cloud services.

How should leadership react if a data centre containing important data is located in a geography where law and order suddenly changes? The pandemic and Russia’s aggressive war have slowed globalisation, presumably leading to a strong downward trend in the country’s risk appetite for globally operating companies.

An essential framework for risk assessment and decision-making is the EU general data protection regulation GDPR, which came into effect in 2018. Personal data that every organisation possesses is, after all, primarily stored in cloud services.

In some countries, the rights of public authorities contradict the GDPR requirements even under normal circumstances.

After some initial grumbling, the changes required by the GDPR have been duly fulfilled. Typically, the distribution of data centres across the globe is not considered a problem. Even non-EEA (European Economic Area) companies must comply with GDPR when offering services in the EU and processing the personal data of EU residents.

A potential problem and an increased risk related to the rights that local laws permit for the authorities and whether the local data protection legislation corresponds to the EU standard. In times of turmoil, this legislation, its application, or the physical security environment can suddenly change, and business risks may need to be higher in priority.

In some countries, the rights of public authorities contradict the GDPR requirements even under normal circumstances. For example, some local legislations allow security and intelligence authorities to access the data stored in data centres, regardless of the laws that the service provider follows.

Wisdom of minimising risks

European companies must unequivocally ensure that the GDPR requirements are fulfilled even when the data is processed outside the EEA. Should any risks materialise, the entire business is at stake, not only the data.

In unstable times, wise management minimises risks – even those that seemed very distant just a few years ago. As self-maintained servers are rarely a realistic option, cloud partner selection becomes an even more critical decision. The location of the partner and data centres, as well as the legislation they follow, should be of great interest to decision-makers.

Antti Vilpponen
CEO, UpCloud

Antti Vilpponen

Cloud hosting in Asia: How to choose the best cloud provider

Asia is among the most dynamically developing regions in the world, which means access to Asian markets is crucial for global companies. With the recent Covid-19 outbreak, we are witnessing the massive shift to digitalisation. Even many international companies that had previously relied on physical presence in the region withdrew and moved their local offices […]

Product Updates

Vision and culture

UpCloud’s development roadmap: What to look forward to in 2021

The year has turned, and UpCloud welcomes you to 2021, ready again to show you what the best cloud infrastructure can offer for your business. The last year has proven the capabilities of our brand, products and most importantly, the strength of our teams. We’ve been happy to see many new users coming and staying […]


Vision and culture

Cloud migration cookbook – Why you should consider migrating to UpCloud

If you are looking for a new cloud provider, we want to make the case for migrating to UpCloud. Here's what you need to know about migration.

Long reads

Back to top