Menu

Tuesday, 03 June 2025AHS 3|25 - Third Country Intercept Risk in the Cloud

Security versus data leakage risk - How secure is your data in the cloud?

The issue of security and data protection in the cloud is becoming increasingly complex for companies. One crucial aspect that is often underestimated is the risk of data being leaked by third countries– due to their national security laws. Organizations that rely on the services of large cloud providers (hyperscalers) are particularly affected.

Legal bases that you should know:

  • U.S. Executive Order 12333 (EO 12333): Mandate for US authorities such as the NSA and CIA to gather foreign intelligence. Decisions are made without judicial review.
  • U.S. FISA Sec. 702 Allows targeted monitoring of “non-US persons” and binds cloud providers to cooperate via “compelled assistance” – often secretly and without notifying customers.

Conclusion: safety positioning is crucial

Companies in Switzerland and Europe must develop a comprehensive security strategy in order to minimize the risks posed by third-country interference. This includes

  1. Selection of cloud providers that offer the highest encryption standards and ideally are not subject to “compelled assistance” under EO 12333, FISA obligations or similar obligations under administrative law.
  2. Exploring potential risk-mitigating technologies, such as Client-Side Agents (CSA) and Hardware Security Module (HSM).
  3. Strengthening the internal security system at a logical, technical, physical and personnel level in order to be prepared for possible incidents.

The risk of data leaks in the cloud is not just a data protection problem – it is a security risk management challenge with global implications.

Disclaimer: The legal bases mentioned (EO 12333 & FISA Sec. 702) are anchored in administrative or national security law and are therefore above civil law, on the basis of which most outsourcing contracts with hyperscalers are concluded by Swiss companies. The author and his employer do not offer legal advice, but security risk management advice.

Speakers

Dr. Doron Zimmermann (Cantab.), CISM

As a Senior Manager Enterprise Cyber & Information Security at Pragmatica AG, I leverage my extensive experience in both government and private sector security functions to coach and empower CSOs and CISOs with respect to enterprise-, cyber-, and information security. I have over 15 years of experience in the cyber, information, and corporate security industries, with a national security background at cabinet level and a proven track record of working with executive teams and boards. My core competencies include comprehensive corporate security management, strategic security design, crisis- and emergency management, security threat intelligence, risk analysis and assessment, role-based security awareness coaching and training, and the application of proprietary counter-intelligence know-how to commercial organizations. I help security functions at all levels in various industries and sectors to connect all lines of defense and support the alignment of policies, strategies, and operational measures and controls. My mission is to bring sustainable, targeted, and robust security to my clients, while fostering a culture of security awareness and resilience.

Location Map

Event Properties

Event Date 03. Jun 2025 16:40
Event End Date 03. Jun 2025 17:40
Capacity Unlimited
Individual Price Free of Charge
Sprache / Language English
CPE Hours 1
Location Hybrid Event - Detecon (Schweiz), Zurich AG
We are no longer accept registrations for this event

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok Decline