Europe’s startup ecosystem is an exciting place to be right now. Full of fresh innovation, cutting-edge tech and a whole lot of data. In this digitally-driven landscape, data is fuelling European startups – but – a lot of it is stored by US-based companies, and this might have security implications.
European tech is at an exciting point. 2021 was a bumper year for Europe’s startups, and, despite different hurdles and obstacles popping up during this year, it has been just as exciting with big investment boosts, eye-raising acquisitions and daring developments.
A lot of innovation and startup success is reliant upon data and it’s an integral part of modern society – but, there’s a big chance we are taking for granted where our data is stored, and by whom. It’s a topic that needs to be discussed and is having an impact on the world’s cloud-service providers.
European startups and non-European vendors
Amazon, Microsoft and Google – the trifecta of cloud service providers. All are US-based and all subject to US law. For some European startups and organizations, this hitherto-ignored reality is now a growing cause for concern.
Under the CLOUD Act, the US government can access cloud data held by US companies anywhere in the world. That accounts for the majority of global cloud data, given that AWS, Microsoft Azure and Google Cloud Platform hold 62% of cloud revenue worldwide.
For European startups, alarm bells should be ringing.
This access to data under the CLOUD Act, effectively undermines and undercuts data protection efforts as outlined in GDPR, Europe’s legislation. It means that now, an increasing number of companies and startups are looking to move their data to providers subject to European legislation only – given that it provides a lot more security for sensitive data.
But it’s not yet common knowledge
The reality is that the EU market share of European cloud providers (CSPs) sits at a low — and decreasing — 13%. This means that 87% of the data stored in Europe could be subject to extraterritorial laws – and accessible by different actors.
Achieving data sovereignty
So – now we know that our cloud service provider influences data sovereignty – do European startups care?
The answer is yes. Although US-based providers are incredibly popular and can provide that craved agility and global availability, it’s been voiced regularly and shown that European startups are conscious of and wary about obligations in regard to privacy, data protection, ownership, and control take centre stage.
The action plan
One of the most obvious options is to fully migrate to an EU-based cloud service provider. It might seem like a massive undertaking, but it’s becoming increasingly accessible thanks to containerisation and the standardized cloud solutions that come with it. Plus, migration projects often lead to the reevaluation of existing infrastructure, optimization, and fat trimming, which may result in a significantly lower monthly bill.
European cloud service offering is on par with American
A myth that often holds startups back from fully migrating is that the European market just isn’t as good as the US one. But, that’s just not the case in 2022.
Numerous European CSPs have stepped up significantly in recent years and offer US-level cloud services. For instance, Scaleway’s Hive provides hyper-scaler equivalent service for S3 object storage, 100% deployed in Europe.
Startups no longer have to choose between performance and privacy.
Another option, if there’s still some hesitancy about full-migration, is to use the multi cloud and host data across different CSPs. Despite adding a layer of complexity, the multi cloud answers acute industry risk-management issues such as security, data regionalisation, cost, lock-in, and geopolitics. About 90% of enterprises already use a multi-cloud strategy in some shape or form, and it’s likely to become the choice of the future. You can learn more about Scaleway’s multi cloud solution here.
Gilbert Cabillic, CEO of ScaleDynamics: “Today or in the future, startups need to be able to use sovereign cloud resources, in order to protect their data and technologies, and to answer their clients’ needs, country by country and sector by sector.”
Resiliency is at stake
While protecting data and ensuring data sovereignty for data-sake is important – it’s not the only consideration to have in mind. We began this article by pointing out that 2022 has brought some major hurdles to jump over for startups, and one of them is the dier geopolitical context. And it could be prudent to bear this in mind when thinking about data, sovereignty and security.
Cloud service outages, such as that of AWS’ 2021 outages, reflect just how disruptive and widespread cloud-related problems can be. Relying on just a handful of providers means problems like accidental outages will be all the more detrimental. Given that the big three are all US-based, it begs the question – what would happen if an outage were sustained due to geographical factors or, worse still, intentional?
We’ve already seen the impact politics can have on tech.
As with most things in life, there are political considerations to bear in mind.
Looking at recent times, it’s fair to say that we live in interesting political times, and there can be no overstating the influence that geopolitical factors can have on tech and data privacy. Looking to Trump’s ‘America first’, and other protectionist economic policies can provide some examples of how politics can influence and undercut business resiliency – just think back to when Huawei’s Android license was revoked overnight.
The Ukraine conflict has also underlined the risk of “splinternets”; no sooner had Russia invaded its neighbour last February than it limited its citizens’ access to Facebook and Twitter. How? With its 2019 Sovereign Internet Law. As such, ongoing geopolitical turmoil is a risk all European companies should take into account.
Nathan Richard, Founder & President of Memento Cloud: “Startup management is all about making choices and sovereignty is the ability to choose freely, without external influences. Without data sovereignty, startups are limited in their agility and the way they can produce value. For startups, data sovereignty is a long-term investment, very much like intellectual property, or building a capable team.”
“The startup ecosystem is like quicksand. Change is permanent, and startups must adapt quickly. In the long run, lacking data sovereignty is like playing with a half-empty hand of cards. What happens, for example, if being locked in with a specific provider prevents you from complying with important regulation?”
Time to get serious?
Data security and cloud service provision all comes down to risk management.
Cloud services are integral to tech and Europe’s startup ecosystem. The reality is, relying on non-EU-based services could leave a startup’s data vulnerable to wider changes and privacy and individual rights and freedoms could be obstructed.
Today, European cloud providers can meet the vast majority of cloud needs at the same, if not higher, level as their US counterparts, while offering other sovereignty-related advantages.
Check out Scaleway’s cloud offering and see how it can work for your startup. It might be the best decision you make for your data sovereignty, and the future growth and stability of European tech might just depend on it.