Certain data should never go to the cloud, especially when it contains sensitive business data, must meet compliance requirements or must be protected under Swiss data protection laws.
Data that should never go to the cloud
Regulated industries
Banks (FINMA):
- Trading algorithms
- Customer financial data
- Risk analyses
- Compliance data
Why not cloud:
- FINMA requirements: data must stay in Switzerland
- Cloud solutions often don’t meet compliance requirements
- Risk of compliance violations
Law firms (GDPR, professional secrecy):
- Client contracts
- Legal documents
- Client communication
- Business secrets
Why not cloud:
- Professional secrecy requires absolute confidentiality
- GDPR compliance required
- Cloud solutions cannot adequately protect client data
Healthcare (HIPAA):
- Patient data
- Medical reports
- Diagnostic data
- Treatment plans
Why not cloud:
- HIPAA compliance required
- Cloud solutions often don’t meet compliance requirements
- Risk of compliance violations
Sensitive business data
Proprietary data:
- Proprietary models and algorithms
- Business secrets
- Competitive advantages
- Proprietary IP
Why not cloud:
- Risk of data sharing with third parties
- Protection of competitive advantages required
- Proprietary IP must remain protected
Strategic data:
- M&A data
- Strategic plans
- Financial forecasts
- Business strategies
Why not cloud:
- Sensitive business data
- Risk of data sharing
- Protection of business secrets required
Swiss data sovereignty
Data that must stay in Switzerland:
- Data under Swiss data protection laws
- FINMA-regulated data
- Data with Swiss data sovereignty requirements
Why not cloud:
- Data must stay in Switzerland
- Cloud solutions often store data outside Switzerland
- Compliance issues with Swiss laws
Risks of cloud AI
Unencrypted data processing
Technical reality:
- AI models can only process unencrypted data
- Data must be decrypted during processing
- Encryption “at the edge” doesn’t protect during processing
Risks:
- Sensitive data is unprotected during processing
- Access by cloud providers possible
- Access by foreign authorities possible (e.g. US Cloud Act)
Data sharing with third parties
Problems:
- Data is shared with cloud providers
- Cloud providers can share data with third parties
- No complete control over data
Risks:
- Violations of data protection laws
- Compliance problems
- Reputation damage
On-Premise as solution
Full control
Advantages:
- Data stays in Switzerland
- No data sharing with third parties
- Full control over data
- Compliance with Swiss laws
Air-gapped systems
For highest security levels:
- Complete isolation from external networks
- No internet access
- Internal networks only
- Required for critical data
Only possible with On-Premise:
- Cloud solutions cannot be air-gapped
- On-Premise enables complete isolation
Next steps
Would you like to know more about data protection risks?
- Contact us – Get advice on data protection
Sources and further information:
- Is On-Premise AI worthwhile for SMEs? – Compliance and data protection