Infosec In Brief Switzerland’s Conference of Data Protection Officers, Privatim, last week issued a resolution calling on Swiss public bodies to avoid using hyperscale clouds and SaaS services due to security concerns.
“Most SaaS solutions do not yet offer true end-to-end encryption that would prevent the provider from accessing plaintext data,” the resolution states. Privatim therefore thinks SaaS or hyperscale clouds – especially those subject to the US CLOUD Act – are not appropriate places for Swiss government agencies to place “particularly sensitive personal data or data subject to a legal obligation of confidentiality.”