At the risk of inviting jokes along the lines of “ve haf vays of making you kloud”, I wanted to comment on the recent news that Deutsche Telekom is pushing German regulators to introduce a certification for German or European cloud operators in order to protect customers against the keen eyes of the US Government.
The news was met by a reasonable amount of shock on the Twitters and comments were made about walled gardens and the like – the truth is very different however. In my travels around the world talking to folks about the cloud, I’m amazed how often the subject of jurisdiction and data location comes up. Mid-sized and large organizations are often times happy to look at the prospect of moving to the cloud, but decidedly unhappy with the idea that their data will be located someplace that the US Government can get its hands on it – maybe not such an issue for the SMB side of the market, but undeniably one for the larger end of town.
Reinhard Clemens, the division’s chief executive officer is reported as saying that;
The Americans say that no matter what happens I’ll release the data to the government if I’m forced to do so, from anywhere in the world, certain German companies don’t want others to access their systems. That’s why we’re well-positioned if we can say we’re a European provider in a European legal sphere and no American can get to them
I’ve been saying it for years. US based cloud vendors, regardless of whether or not they have footprint outside of the US need to face up to the real concerns and risks that non US companies have when dealing with US located, or owned, infrastructure. Certification like that promoted by DT may be seen as a trade barrier, but it’s a barrier borne out of necessity.

Yup! That is one of the main reasons I’m not using services like Mint.com. Even though the internet might be “without borders” at some point there’s a physical server with physical disks somewhere that contains your information. And it’s under the jurisdiction of where-ever it is physically located. If that’s not in the same country as you then you are SOL when it comes to protecting your information. Where “You” refers to individuals, companies, organizations, etc. Any country that is not encouraging the development of local cloud infrastructure is saying “we’re handing the keys over to someone else; and our developers should stop wasting their time too!”