10 reasons for open source software instead of American cloud service providers

Blog Picture.png

Outlined below, we would like to point out some of the advantages of using open source software (instead of the numerous cloud services from the USA). Especially from a data protection perspective, the use of open source software is advisable compared to other solutions from third countries.

Can personal data be stored in the USA without any problems?

Currently, the transfer of personal data to third countries - such as the USA - is not (or no longer) covered by an international agreement, as the Privacy Shield" was declared insufficient. Even in the case of a subsequent new framework agreement, there are numerous concerns with regard to data protection law; these are based in particular on the fact that, for example, American security authorities could request access to the data stored there at any time (and no information is provided about the access). The FBI, for example, sends out so-called "National Security Letters" or "NSLs" which request data from providers and at the same time order them to keep quiet about this fact under threat of punishment. An equivalent level of data protection in Europe as prescribed by the GDPR is therefore very difficult to achieve, especially when particularly sensitive data such as health data is stored or processed.

From a data protection perspective, the most important thing for a company is arguably to maintain its own data sovereignty. This refers to complete control over the company's own data and the data of its customers. By handing data over to a cloud service solution, this sovereignty is to a large extent relinquished.

What is the advantage of open source?

When using open source software, moreover, the code and the way the software works can always be reviewed. Certain functions and routines can be adapted more easily than is the case with normal software. Also, no "backdoors" can be hidden in the software, because the code is open source as described in the input and can therefore be viewed by anyone.

Open source software can be operated or hosted by companies internally on their own servers, while SaaS solutions (e.g. from the USA) are also hosted on servers not controlled by your own company. When the software is operated on the company's own servers, a higher degree of sovereignty is therefore achieved, because it is the company alone that decides where, how and when the data is processed or stored, and not another service provider.

Another advantage is likely to be the elimination of liability risks, because data processing agreements usually have to be concluded with an external service provider, which also provide for joint liability. Any company is very reluctant to be liable for hardly foreseeable risks in the data processing of the selected service provider. Another advantage is likely to be the elimination of liability risks, because data processing agreements usually have to be concluded with an external service provider, which also provide for joint liability. Any company is very reluctant to be liable for hardly foreseeable risks in the data processing of the selected service provider.

Why are cloud service providers problematic?

A very big disadvantage of using large cloud service providers is the transfer of the data to other service providers, as the large providers are usually unable to handle the wide range of tasks on their own. Thus, the data is also passed on to numerous subcontractors in different countries. Tracking these data transfers is hardly controllable and difficult to follow up.

A concrete example is the list of subcontractors for Google's popular G-Suite with more than 60 different subcontractors (as of July 29, 2022, URL: https://workspace.google.com/intl/en/terms/subprocessors.html).

In the event of future "data breaches," there is not only the risk of significant fines, but also the very real risk of a loss of reputation when using insecure service providers.

So what are the advantages of using open source software instead of the big cloud services?

  1. data sovereignty is maintained
  2. no (unnoticed) access by foreign security authorities
  3. no backdoors
  4. open source software can be customized
  5. less liability risks
  6. fewer contracts with service providers
  7. higher security standards possible
  8. self hosting
  9. protection against image loss
  10. verification of open source software by independent experts

But it does not have to be like this

Now full data control is one click away